Cisco remedies two holes in IOS
Equipment manufacturer Cisco has announced that devices running on the IOS operating system can be crashed or forced to reboot if they support VoIP but do not have the Session Initiated Protocol (SIP) configured. All that attackers need to do is send a packet to UDP port 5060, on which the SIP service runs. Cisco says it is still looking into the cause of the crash, but the company has already provided a software update to close TCP and UDP port 5060 until SIP is configured. Numerous versions of IOS are affected; for details, see the original security advisory.
In addition, an update has been made available for IOS to remedy a DoS vulnerability concerning switches. Specially prepared packets can cause a switch to reboot by exploiting a flaw in the processing of the VLAN Trunking Protocol (VTP). During rebooting, no packets are passed on. Such attacks can only take place from a local ethernet segment; attackers also have to know the VTP domain name, though that is hardly a challenge. Finally, the port under attack also has to be configured for trunking. Cisco says that 2900XL, 2950, 2955, 3500XL, 3550 and 3570 switches are affected. A software update has been provided to remedy the flaw.
- SIP Packet Reloads IOS Devices Not Configured for SIP, Cisco's security advisory
- Cisco VTP Vulnerability, Cisco's security advisory