News

Cisco Confirms OS Security Holes

• By Stephen Swoyer
• June 5, 2007

Late last month, Cisco confirmed the existence of multiple vulnerabilities in IOS, along with separate flaws in IOS XR, its Cisco Firewall Service Module and its Cisco Unified Call Manager products.

According to a Cisco announcement, an attacker can trigger an IOS system crash by crafting malicious secure sockets layer (SSL) packets and passing them along during the protocol exchange process. Attackers can craft malicious ClientHello messages, Processing ChangeCipherSpec messages and Processing Finished messages, Cisco said.

In every case, according to the announcement, the big danger is denial of service. At this point, none of the SSL processing vulnerabilities have been linked to information disclosure or system compromise, Cisco stressed.

Elsewhere, Cisco alerted customers to a vulnerability in a third-party cryptographic library that's used by a number of Cisco products, including IOS, IOS XR and Cisco's ASA/PIX, Firewall Service Module and Unified Call Manager. Cisco devices are susceptible to attack if they're running a vulnerable IOS release and at least one of the following:

• The Internet Security Association and Key Management Protocol;
• Secure Sockets Layer (in some releases of IOS); and
• Secure Shell.

An attacker exploits the flaw by passing a malformed Abstract Syntax Notation One (ASN.1) object to a vulnerable device. Successful exploitation could trigger denial of service in the affected services, but not the whole device, Cisco said.

More seriously, Cisco warned, an attacker could conceivably exploit this vulnerability without having either a valid certificate or valid application-layer credentials.

Cisco released software updates to patch both flaws.