In association with heise online

03 July 2008, 15:20

Denial of service vulnerabilities in Cisco products

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Multiple network products from Cisco can be disabled by crafted network packets as a result of programming errors. Cisco's IOS router operating system contains a bug in the data link switching (DLSw) module. The result is that the system may restart, or may fill the memory with dross, when processing crafted UDP packets, or IP protocol 91 packets. This only happens if DLSw is activated – it is not activated by default.

A cryptographic library in IOS, the XR version of IOS, the security appliances PIX and ASA, the Firewall Service Module (FWSM) and the Unified CallManager crash when parsing ASN.1 encoded certificate fields. According to the CVE entry, this vulnerability is in the Crypto-C and Cert-C RSA libraries and has been known about for two years.

In its advisories the vendor describes various workarounds, essentially aimed at limiting the availability of the affected services to trusted IP ranges. Cisco administrators should, however, where possible, install the updates.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit