Monday | 22 March, 2010
CSO
Black Hat presentation yields another Cisco bug
Cisco has discovered and patched a critical vulnerability in its routers related to a controversial presentation given at the Black Hat USA conference.
Robert McMillan (IDG News Service) 03/11/2005 12:43:03

Cisco Systems has discovered a critical bug in the operating system used to power its routers, the company announced Wednesday. The flaw is the second serious problem that Cisco has found in its routers' Internetwork Operating System (IOS) that is related to a controversial security presentation given at the Black Hat USA security conference in July of this year.

The flaw, rated "critical" by the French Security Incident Response Team, has to do with the system timers that IOS uses to run certain operating system tasks. Under certain conditions, attackers may be able to take control of the router by tricking the system timers to run malicious code, Cisco said in a security advisory.

Cisco has published a patch for this vulnerability, which has not yet been exploited by hackers, the company said. The bug was discovered "as a result of continued research to the demonstration of the exploit of another vulnerability which occurred in July 2005 at the Black Hat USA Conference," the advisory states.

That problem was disclosed by security researcher Michael Lynn, who was forced to quit his job as a research analyst with Internet Security Systems Inc., and then sued for disclosing the problem. The lawsuit was quickly settled, when Lynn agreed to quit discussing the matter.

Shortly after Lynn's presentation, Cisco published an IOS patch that addressed the IPV6 attack he had described.

To take over a Cisco router, attackers would need to successfully take advantage of both the earlier IPV6 problem and the system timer bug disclosed today, said John Noh, a Cisco spokesman. "In order to exploit the issue we're talking about today, you needed an additional way to attack," he said.

Without proof that it can actually be exploited, Cisco's latest bug is not particularly worrisome, said Russ Cooper, editor of the NTBugtraq newslist and a scientist with security vendor Cybertrust Inc. "My take on it that it was just another vulnerability," he said.

But should someone figure out a way of taking over Cisco's widely used routers, that could clear the way for a particularly devastating attack on the Internet.

Lynn said that the potential consequences of such an IOS attack were so grave that he had felt compelled to give his Black Hat presentation. "IOS is the Windows XP of the Internet," he said during his presentation.

Cisco's security advisory is here: http://www.cisco.com/warp/public/707/cisco-sa-20051102-timers.shtml

Cisco's IOS patch is published here: http://www.cisco.com/warp/public/707/cisco-sa-20050729-ipv6.shtml

More about Internet Security Systems, Cisco Systems, Security Systems, Cisco, HIS Limited

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

More information about formatting options

Enter the fully qualified URL, eg. http://www.example.com/
Users posting comments agree to the CSO Online comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Add to Google
Additional Resources
Newsletter Subscription
Sign up for our CSO Online newsletters!
RSS Feeds
Syndicate content
 
Get a job Careerone
Whitepaper


Read Whitepaper

Making the move to Ethernet | A DECISION GUIDE

While enterprises today need higher bandwidth, there is increasing demand for solutions that can provide scalability, performance, simplicity and control at lower costs. Get the best of both worlds - read about Ethernet adoption today.

Sponsored Links