August 19, 2004 9:52 AM PDT
Cisco flaw opens networks to attacks
- Related Stories
Juniper engineers depart for start-upAugust 18, 2004
Cisco shares fall on weak spending outlookAugust 11, 2004
Security's disorderly messAugust 11, 2004
Healthy sales lift Cisco's profitAugust 10, 2004
Cisco fixes critical protocol flawApril 21, 2004
Cisco plans network software overhaulApril 21, 2004
The problem is in the processing of packets sent to a Cisco router that has been configured for the Open Shortest Path First (OSPF) protocol, the company said in a security advisory released Wednesday. If the router receives a malformed packet, it will take a while to reset. Attackers could flood networks with packets that cause routers to constantly reboot. The flaw is limited to versions 12.0S, 12.2 and 12.3 of Cisco's Internetwork Operating System routing software.
Jon Oltsik, a network security analyst at the Enterprise Strategy Group, said the vulnerable versions and configuration are in common use and that the effects of a successful attack could be devastating to an enterprise.
Our reporters' take on what's
happening in broadband.
"If a hacker puts a certain request to the main router, then it could shut down the whole network," Oltsik said. But he believes that in practice, the vulnerability requires both inside knowledge and Cisco expertise, which should limit the number of attacks. The most likely threat will come from former staff with a grievance, he said.
"It's not like a Microsoft vulnerability that anyone with Internet access can exploit. You need specific knowledge to exploit this. An attack is most likely to come from a rogue employee who knows the configuration of the company's Cisco routers," Oltsik said.
Cisco said Thursday that it's unaware of any exploitations of the vulnerability.
Cisco has provided a patch for the security flaw and has also provided several workarounds for the problem, such as using OSPF authentication as a workaround. It is also recommending that customers update their routers with a free software patch, available by e-mailing its support center at email@example.com. The full Cisco advisory has been posted to its Web site.
Ingrid Marson of ZDNet UK reported from London. CNET News.com's Marguerite Reardon contributed to this report.