Cisco fixes alleged DoS holes
On its regular semi-annual patch day, Cisco has released updates to close eight security holes in its IOS network operating system. One hole in the Session Initiation Protocol (SIP) also affects the Cisco Unified Communications Manager. According to Cisco, at worst, all of the vulnerabilities allow attackers to cripple the affected service through a denial-of-service (DoS).
However, the company traditionally tends to play down the threats posed by security holes. Security expert Felix "FX" Lindner from Recurity Labs, for example, noted that Cisco's vulnerability classifications have come to be considered a running joke by those who seriously investigate Cisco IOS exploitation issues: "Cisco DoS? LOL".
The Cisco hacker speaks from experience: in 2007, Cisco had classified a hole in the IP stack as a "denial-of-service" vulnerability – until Lindner presented a Ping packet at the 25C3 conference which proved that the hole did actually allow code to be injected and executed. Looking at the current advisory, the expert anticipates that, for example, the BGP hole could prove to be exploitable unless it is a null-pointer dereference issue. Unfortunately, however, Cisco doesn't provide such technical information on the nature of its vulnerabilities.