DoS hole in Cisco's IOS
Network specialist Cisco has reported a number of vulnerabilities in the IOS operating system's Intrusion Prevention System (IPS). A flaw in the ATOMIC.TCP engine can cause a router to crash if regular expression rules written to exploit the flaw cause a denial of service. Some of the signatures in the IPS are also based on regular expressions, but attackers can get around this by fragmenting packets.
Cisco is providing updates for the devices affected. In addition, in its security advisory the company also proposes workarounds that administrators can take to ensure that routers continue to work properly until the patches have been installed.
- Multiple IOS IPS Vulnerabilities, Cisco's security advisory