Breaking News: NSA, FBI split on comms intercepts

ZDNet / Us-cert / Story

Cisco flaws may cripple networks

By Joris Evers, CNET News.com on January 26th, 2007 
Submit

Three security holes in the software that runs Cisco Systems' routers and switches could let miscreants disrupt computer networks, including the Internet.

The vulnerabilities lie in Cisco's Internetwork Operating System and could be exploited to crash or remotely run malicious code on devices that run the software, the San Jose, Calif., networking giant warned Wednesday in security advisories. IOS runs on Cisco's routers and switches, which make up a large portion of the Internet's infrastructure.

Cisco's warning prompted the US Computer Emergency Readiness Team, or US-CERT, to issue an alert. "A remote attacker may be able to execute arbitrary code on an affected device, cause an affected device to reload the operating system, or cause other types of denial of service," US-CERT said on its Web site.

Being able to execute arbitrary code means that an attacker could change the configuration of a router or switch, redirecting traffic or potentially sniffing the data that travels through a Cisco device. In a denial-of-service attack a vulnerable router or switch would be taken offline, disrupting any traffic it is tasked to channel.

"Because devices running IOS may transmit traffic for a number of other networks, the secondary impacts of a denial of service may be severe," US-CERT said.

The impact of each of the three vulnerabilities is different. The most serious of the problems, which relates to how IOS handles specific data packets, affects a broad range of Cisco devices. This includes routers and switches used by telecommunications companies that use Cisco's gear to shuttle data traffic across networks.

"These are serious issues and patches need to be applied as soon as possible," said Gunter Ollmann, director of security strategy for IBM Internet Security Systems. "From our monitoring of underground channels there are a lot of people interested in these and actively working on exploits."

Cisco has software updates available to address the vulnerabilities, the company said in each of its alerts. "Cisco is also not aware of any current exploitation of these vulnerabilities," the company added.

Will Sturgeon of Silicon.com in London contributed to this story.

Talkback

Add your opinion

In order to post a comment, you need to be registered. (Sign In or register below)

Post your comment

Terms of Service - As a ZDNet registrant, and by using this service, you indicate that you agree to our Terms and Conditions and have read and understand our Privacy Policy.

Tech Blueprint

IT Priorities Special Report: Security

Emerging Technologies, and the New IT Security Landscape

IDC White Paper on Consumerisation Security

Get expert advice for developing or improving your BYOD security strategy.
Read white paper >

Mobile Trends and Perceptions

Survey by Decisive Analytics exposes the good and bad realities of BYOD.
Read analyst report >

ZDNet Australia Live

Global mobile phone sales take a hit; Nokia yields to Apple, Samsung http://t.co/95pDxClp

29 minutes ago by Fedaupdat on Reservoir blogs: Fan fakes Tarantino diary

Global mobile phone sales take a hit; Nokia yields to Apple, Samsung - ZDNet (blog): Global mobile phone sales t... http://t.co/GtLqWFz1

ABC's Bitcoin miner tackled in minutes: The Australian Broadcasting Corporation (ABC) looked set to become a hav... http://t.co/qq5oPZ15

ABC's Bitcoin miner tackled in minutes: The Australian Broadcasting Corporation (ABC) looked set to become a hav... http://t.co/7v06Ygfl

ABC's Bitcoin miner tackled in minutes: The Australian Broadcasting Corporation (ABC) looked set to become a hav... http://t.co/z7ngF4XL

Admits? Don't fall for their marketing. Vista was beautiful. Microsoft has a history of trashing their older OSes.

1 hour ago by anonymuos on Microsoft admits Vista was 'cheesy'

Oracle v. Google loses another juror: By Rachel King, ZDNet US on May 21st, 2012 (7 hours ago) Rather than 12 An... http://t.co/nflnWgb9

RT @MSDynamicsCRM: Great article on ZDNet - Microsoft #Dynamics #CRM saves email-drowned Australian Power and Gas http://t.co/LKjZzQcR #msdyncrm #crm2011 ^pb

Gotta agree. For our Burnie, Tas. internet, we have a 1.5MB download speed adls connection through exetel using testra copper line. ADS...

1 hour ago by brozza on Broadband Speedtest

Vic councils tender for VMware partner http://t.co/diHsmLt6

Govt set for electorate office IT refresh: The Department of Parliamentary Services (DPS) is waiting for existin... http://t.co/FYaojbCN

RT @zdnetaustralia: In this week's Patch Monday we look at the themes of last week's AusCERT security conference. http://t.co/XMRm8n9k ^ST

Facebook tracking you after you logout, isn't that against the law? To stop this, go to the settings / options /... http://t.co/6Gzl4Eht

Vic councils tender for VMware partner - ZDNet Australia http://t.co/3XreTY9E

RT @zdnetaustralia: In this week's Patch Monday we look at the themes of last week's AusCERT security conference. http://t.co/XMRm8n9k ^ST

RT @zdnetaustralia: In this week's Patch Monday we look at the themes of last week's AusCERT security conference. http://t.co/XMRm8n9k ^ST

RT @zdnetaustralia: In this week's Patch Monday we look at the themes of last week's AusCERT security conference. http://t.co/XMRm8n9k ^ST

Vic councils tender for VMware partner: in brief A 58-strong consortium of Victorian regional coun... http://t.co/nEA6Gs8G #VMware #News

RT: New "Patch Monday" podcast: "War talk dominates #AusCERT 2012" http://t.co/utUIf5Mw

RT @zdnetaustralia: 58 Victorian councils looking for new VMware partner: http://t.co/HqOuEOK9 ^LH

RT @JamesVickery: Microsoft launches its own social service http://t.co/xthGjXI5

ZDNet App Wrap: 21 May 2012 http://t.co/rQ6ZoKAc

ABC's Bitcoin miner tackled in minutes http://t.co/Ue6A5qnp

by http://t.co/vmlQ0Ecb: Govt set for electorate office IT refresh: The Department of Parliamentary Services (DPS... http://t.co/25budC2T

RT @zdnetaustralia: In this week's Patch Monday we look at the themes of last week's AusCERT security conference. http://t.co/XMRm8n9k ^ST

National Botnet Network coming: Earthwave http://t.co/ChqUVcgs #ddos

ABC's Bitcoin miner tackled in minutes http://t.co/hF0MzDsE

Govt set for electorate office IT refresh: The Department of Parliamentary Services (DPS) is waiting for existin... http://t.co/AOzluavp

MPs won't get Wi-Fi in their electorate offices paid by Parliamentary Services until the current contracts run out. http://t.co/EcoNgTnR

ABC's Bitcoin miner tackled in minutes - ZDNet Australia: Sydney Morning HeraldABC's Bitcoin miner tackled in mi... http://t.co/tKnRlZdW

58 Victorian councils looking for new VMware partner: http://t.co/HqOuEOK9 ^LH

ABC's Bitcoin miner tackled in minutes - ZDNet Australia http://t.co/aGMcf6W0

ABC's Bitcoin miner tackled in minutes - ZDNet Australia http://t.co/7vC8E0b9

RT @Daily_Donkey: National Botnet Network coming: Earthwave - ZDNet Australia http://t.co/keLouVk8 #cyberwar

ABC's Bitcoin miner tackled in minutes - ZDNet Australia http://t.co/Zi6QUkuQ #australia #technews

ABC's Bitcoin miner tackled in minutes http://t.co/AsQxlLV0

RT @joshgnosis: The ABC caught the employee who was trying to mine Bitcoins last year in a matter of minutes. http://t.co/uEl4Y1YW

Well the message certainly is clear. Never do anything because something might happen. Seriously it seems to me "Earthwave" just want to...

3 hours ago by Hubert Cumberdale on National Botnet Network coming: Earthwave

you really think it's going to be such a grim future? looking at South Korea, Japan, even Czech Republic - I haven't seen either emit mo...

5 hours ago by romant on National Botnet Network coming: Earthwave

No... they'll just blame the NBN for that too ;-)

5 hours ago by Beta on National Botnet Network coming: Earthwave

It seems that some of the people who set up ACCAN (not staff members) took the view that it would somehow be against their view of 'consu...

6 hours ago by socrates on ACCAN gets govt tick amid industry criticism

Don't laugh, Mr Turnbull is dumb enough to try and use this against the NBN. I'm sure the noallitions magical FTTN will be impervious to ...

6 hours ago by Jingles on National Botnet Network coming: Earthwave

OMG, the sky will fall if we get NBN - it must be cancelled immediately! Sorry; was just channelling Malcolm Turnbull there for a moment...

6 hours ago by socrates on National Botnet Network coming: Earthwave

Thats just stupid.. what else is the NBN going to get blamed for? People die crossing the road, are you going to ban cars or police it b...

7 hours ago by fibretech on National Botnet Network coming: Earthwave

And again - missed this bit did you? "... Telstra is responsible for estates where development approval was granted before 1 January 201...

7 hours ago by Beta on Copper greenfield dominance irrelevant: Conroy

I think the idea of dropping aero glass bit of a mistake. At least have some colour. Thats something i liked (especially after working on...

7 hours ago by JCOZ on Microsoft admits Vista was 'cheesy'

Yes, most people hate the processes put in place to ensure purchasing is fair, transparent and above board. Having been a purchasing off...

8 hours ago by ozguy2000 on Woolies case poses procurement questions

God,..why spend another $6.7M on a system that's never going to be any good & never work in all probability!.. \ Government bureaucrats ...

9 hours ago by Keith Styles on Vic scraps HealthSMART system

The gorilla in the room is Information Privacy Principles. I'm not so sure that providing arbitrarily developed acceptable usage policie...

10 hours ago by Rowan Williams on How government does BYOD

NBNCo requires ALL greenfield areas must be connected to the NBN but they are only company in Australia allowed to install the fibre yet ...

22 hours ago by zag on Copper greenfield dominance irrelevant: Conroy

The funny thing is the NBNCo demands that ALL greenfield areas must be connected to the NBN, but due to conroy always demanding for no ot...

22 hours ago by zag on Copper greenfield dominance irrelevant: Conroy

Looks like The GPT Group are having similar woes, I'm off to see their CIO speak at AIPM this week, and the topic is .... You guessed a f...

1 day ago by SarahMc on NSW govt in SAP project blowout

I think, therefore I am. I am what? A machine. Damn!!

1 day ago by Patanjali on AusCERT 2012 pics: Vaders and Terminators

As a contractor, I have generally not been entitled to the smaller portable devices, like a phone, though I have had client laptops at ti...

1 day ago by Patanjali on How government does BYOD

Facebook Activity

Keep up with ZDNet Australia

LinkedinLinkedin Join our network

RSS FeedsRSS Feeds Subscribe now

NewslettersNewsletters Subscribe today

AlertAlertsSubscribe now

ZDNet Events Calendar

ZDNet Events Calendar

Plan Comparison

Prev Next
Loading...
Deals powered by WhistleOut

Sponsored resources