Bug exposes Cisco switches to attacks

By Joris Evers
Staff Writer, CNET News

Cisco Systems' CSS 11500 Series Content Services Switches configured with Secure Socket Layer, or SSL, termination services are vulnerable to a denial of service, or DoS, attack, Cisco said in an advisory Wednesday. The switch is designed for use in data centers and performs an analysis of protocol headers and directs data traffic based on policies. Integrated SSL modules can simplify the management of digital certificates.

However, a memory corruption that occurs when the switch processes a malformed digital client certificate could cause the switch to reload, Cisco said. The flaw only exists if a switch is configured to support SSL termination services, which it is not by default, the networking giant said. Cisco has a fix for the vulnerability, which is rated "moderate" by the French Security Incident Response Team, a research outfit.

See more CNET content tagged:
Cisco Systems Inc., termination, SSL, switch, denial of service

Latest tech news headlines

Microsoft warns of IE exploit code in the wild
Posted in InSecurity Complex by Elinor Mills

November 23, 2009 12:40 PM PST
Chrome OS security: 'Sandboxing' and auto updates
Posted in InSecurity Complex by Elinor Mills

November 23, 2009 12:29 PM PST
Nintendo Black Friday: DSi with $20 in DSiware
Posted in Crave by Don Reisinger

November 23, 2009 12:25 PM PST
See all headlines

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

Markets: Market news, charts, SEC filings, and more; Related quotes; Cisco Systems (1.79%) 0.42 23.88; Dow Jones Industrials (1.32%) 136.56 10,454.72; S&P 500 (1.40%) 15.25 1,106.63; NASDAQ (1.39%) 29.84 2,175.88; CNET TECH (1.65%) 26.09 1,603.33

Inside CNET News

Scroll Left Scroll Right

Digital Media
IBM taps into group language translation
IBM employees are testing n.Fluent, software that can instantly translate documents between English and 11 other languages.
Gallery
Top-rated reviews of the week (photos)
Apple
Schiller: No apologies for App Store approval process
Apple top-level exec Phil Schiller defends the company's role as application gatekeeper for the App Store, telling BusinessWeek that it ensures a good experience for customers.
Beyond Binary
Windows 8 in 2012?
It's not clear what Microsoft's desktop plans are, but the Windows Server team included slides at PDC suggesting a new major release coming around 2012.
Video
Google Chrome OS demonstration
Digital Noise: Music and Tech
Economics dooming free streaming sites?
Lady Gaga's "Poker Face" was streamed more than a million times on European streaming service Spotify. Her take? Less than $200, according to one report.
Video
Google Chrome OS unveiling
Geek Gestalt
Alternate-reality games flourish at the grassroots
While big ARGs like I Love Bees and The Beast get most of the ink, there has been a steady stream of games built for very small audiences, without corporate sponsorship.
The Space Shot
Atlantis astronaut's wife gives birth 220 miles below
Astronaut Randy Bresnik, in orbit on a space station supply mission, celebrated the birth of his daughter 220 miles below in Houston, saying "momma and baby are doing very well."
Gallery
Home energy displays show you the juice (photos)
Crave
Nintendo Black Friday: DSi with $20 in DSiware
Nintendo has made a Black Friday splash by announcing two DSi bundles that will launch on Friday with more than $20 in DSiWare content bundled with the hardware.
Green Tech
Time short to agree on smart-grid standards
The next phase of smart-grid standards is due to start next year but vendors pushing their own home networking options threatens to slow the process, says a NIST official.