Cisco Confirms OS Security Holes
- By Stephen Swoyer
- June 5, 2007
Just when you thought it was safe to start planning your summer vacation, Cisco
Systems Inc. recently alerted customers to a spate of new vulnerabilities in
its Internetwork Operating System (IOS).
Late last month, Cisco confirmed the existence of multiple vulnerabilities
in IOS, along with separate flaws in IOS XR, its Cisco Firewall Service Module
and its Cisco Unified Call Manager products.
According to a Cisco announcement, an attacker can trigger
an IOS system crash by crafting malicious secure sockets layer (SSL) packets and passing
them along during the protocol exchange process. Attackers can craft malicious
ClientHello messages, Processing ChangeCipherSpec messages and Processing
Finished messages, Cisco said.
In every case, according to the announcement, the big danger is denial of service. At this point, none
of the SSL processing vulnerabilities have been linked to information disclosure
or system compromise, Cisco stressed.
Elsewhere, Cisco alerted customers to a vulnerability in a third-party cryptographic
library that's used by a number of Cisco products, including IOS, IOS XR and
Cisco's ASA/PIX, Firewall Service Module and Unified Call Manager. Cisco devices are susceptible to attack if they're
running a vulnerable IOS release and at least one of the following:
- The Internet
Security Association and Key Management Protocol;
- Secure Sockets Layer (in some releases
of IOS); and
- Secure Shell.
An attacker exploits the flaw by passing a malformed Abstract Syntax Notation
One (ASN.1) object to a vulnerable device. Successful exploitation could trigger
denial of service in the affected services, but not the whole device, Cisco said.
More seriously, Cisco warned, an attacker could conceivably exploit this vulnerability
without having either a valid certificate or valid application-layer credentials.
Cisco released software updates to patch both flaws.
Stephen Swoyer is a contributing editor for Enterprise Systems. He can be reached at [email protected].