Black Hat presentation yields another Cisco bug
Cisco Systems Inc. has discovered a critical bug in the operating system used to power its routers, the company announced Wednesday. The flaw is the second serious problem that Cisco has found in its routers' Internetwork Operating System (IOS) that is related to a controversial security presentation given at the Black Hat USA security conference in July of this year.
The flaw, rated "critical" by the French Security Incident Response Team, has to do with the system timers that IOS uses to run certain operating system tasks. Under certain conditions, attackers may be able to take control of the router by tricking the system timers to run malicious code, Cisco said in a security advisory.
Cisco has published a patch for this vulnerability, which has not yet been exploited by hackers, the company said. The bug was discovered "as a result of continued research to the demonstration of the exploit of another vulnerability which occurred in July 2005 at the Black Hat USA Conference," the advisory states.
That problem was disclosed by security researcher Michael Lynn, who was forced to quit his job as a research analyst with Internet Security Systems Inc., and then sued for disclosing the problem. The lawsuit was quickly settled, when Lynn agreed to quit discussing the matter.
Shortly after Lynn's presentation, Cisco published an IOS patch that addressed the IPV6 attack he had described.
To take over a Cisco router, attackers would need to successfully take advantage of both the earlier IPV6 problem and the system timer bug disclosed today, said John Noh, a Cisco spokesman. "In order to exploit the issue we're talking about today, you needed an additional way to attack," he said.
Without proof that it can actually be exploited, Cisco's latest bug is not particularly worrisome, said Russ Cooper, editor of the NTBugtraq newslist and a scientist with security vendor Cybertrust Inc. "My take on it that it was just another vulnerability," he said.
But should someone figure out a way of taking over Cisco's widely used routers, that could clear the way for a particularly devastating attack on the Internet.
Lynn said that the potential consequences of such an IOS attack were so grave that he had felt compelled to give his Black Hat presentation. "IOS is the Windows XP of the Internet," he said during his presentation.
Cisco's security advisory is here: http://www.cisco.com/warp/public/707/cisco-sa-20051102-timers.shtml
Cisco's IOS patch is published here: http://www.cisco.com/warp/public/707/cisco-sa-20050729-ipv6.shtml
IDG News Service
Symantec Backup Exec 12 and Backup Exec System Recovery 8 deliver industry leading Windows data protection and system recovery. Download this whitepaper to find out the top reasons to upgrade and how to get continuous data protection and complete system recovery.
Data and system loss — from a hard drive failure, malicious attack, natural disaster, or simple human error — can happen anytime. Don’t leave your business vulnerable. Make sure you have a secure recovery strategy in place. Symantec's latest backup and system recovery technology can efficiently restore critical applications, individual emails and documents and even restore your entire system in minutes in the event of a loss.
Businesses face a growing challenge to ensure that the IT environment is properly protected. Backup Exec 12 integrates with other applications in the Symantec family of products, to complement your current data protection strategy, keep your data securely backed up and make it recoverable when you need it most.
VMware ESX Server in the Enterprise
By Edward L. Haletky
Published Dec 29, 2007 by Prentice Hall.
Enter now! | Official rules | Sample chapter
Green IT
By Toby Velte, Anthony Velte, Robert C. Elsenpeter
To be published Oct. 10, 2008 by McGraw Hill Professional
Enter now! | Official rules | About the book
