July 16, 2003 10:55 PM PDT
Cisco warns of serious router flaw
As previously reported, some details of the vulnerability leaked out to the Internet earlier in the day when network administrators noticed that many service providers had announced unscheduled maintenance of their networks.
Cisco didn't initially comment on the issue. Late Wednesday, the company posted
"Through internal testing, Cisco has discovered that devices running Cisco IOS software may be susceptible to a denial-of-service attack," said Jim Brady, a company spokesman. "To address this, Cisco has created an IOS software fix and workaround to minimize the risk of potential network attack." IOS is the operating system upon which most of Cisco-brand network hardware is based.
The vulnerability is caused by a flaw in the way a Cisco router handles certain Internet data. An attacker could use a special sequence of packets and cause the router to believe its input queue--storage for incoming data--was full, according to the Cisco advisory. The attack would crash the router and the device would have to be rebooted to clear the queues.
Brady said that the company wasn't aware of any online vandals taking advantage of the issue. "We are working very closely with our customers as well as industry, government, academia and Internet security organizations to effectively address this issue."
Earlier on Wednesday, ISPs were scrambling to schedule maintenance time for their networks. Messages posted to a network administrator's mailing list indicated that AT&T, Level 3, Cogent Communications and Sprint had all warned customers of upcoming maintenance.
Sprint confirmed that the company had announced to its customers it would be performing maintenance on its network and that the work was intended to fix the Cisco vulnerability.
"Sprint is aware of the issue regarding Cisco," said spokesman Charles Fleckenstein, reading from a statement. "Modifications are being performed on the Sprint Internet backbone, and customers should have no concerns regarding an interruption of service in regards to Sprint."
While Fleckenstein couldn't confirm the details of the flaw, he stressed that network outages elsewhere on the Internet could affect its customers' connections and their ability to reach Web sites, suggesting that the vulnerability could be widespread.
"While the appropriate measures are being taken to protect the Sprint Internet backbone, issues may arise with traffic that is handed off to other carriers, if those carriers have not taken the measures that Sprint has to protect their networks," Fleckenstein said.
Sprint expected to have its network hardware updated by Thursday morning. AT&T, Level 3 and Cogent Communications couldn't be reached for comment on Wednesday.