In association with heise online

24 September 2009, 09:24

Flood of patches from Cisco

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Cisco has published eleven security advisories concerning its IOS router operating system and the Unified Communications Manager. Seven of the advisories describe DoS (Denial of Service) problems in IOS which can be exploited to reboot a system or use up all system resources. In most cases an attacker simply needs to remotely send a specially crafted packet to a vulnerable device to be successful.

The flaws are contained in the functions for processing SIP, H.323, NTP, IKE and IP tunnels. In some cases it is also possible to bypass the HTTP(S) authentication proxy and the access control lists. A buffer overflow vulnerability in the Extension Mobility feature of Cisco's Unified Communications Manager Express allows unauthenticated attackers to remotely inject and execute code in a system.

The vendor has provided updates for all the problems. Cisco's advisory summary contains a list of all the IOS versions that are affected. As a workaround, Cisco recommends disabling the respective affected function.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit