ISS witholding IOS vulnerabilities
The computer security researcher who revealed a serious vulnerability in the operating system for Cisco Systems routers this year says he discovered 15 additional flaws in the software that have gone unreported until now, one of which is more serious than the bug he made public last summer.
Mike Lynn, a former security researcher with Internet Security Systems, or ISS, said three of the flaws can give an attacker remote control of Cisco's routing and gateway hardware, essentially allowing an intruder to run malicious code on the hardware. The most serious of the three would affect nearly every configuration of a Cisco router, he said. "That's the one that really scares me," Lynn said, noting that the bug he revealed in July only affected routers configured in certain ways or with certain features. The new one, he said, "is in a piece of code that is so critical to the system that just about every configuration will have it. It's more part of the core code and less of a feature set," Lynn said.
Like the earlier bug, the more serious of the new bugs is in Cisco's Internet Operating System, or IOS, said Lynn. Another dozen unpublished vulnerabilities can allow someone to conduct a denial-of-service attack against the router, crashing it over the internet, he said.
Lynn, who now works for Cisco competitor Juniper Networks, told Wired News that ISS has known about additional flaws in the Cisco software for months but hasn't told Cisco about them. This is serious, Lynn said, because attackers may already be developing exploits for the vulnerabilities. Cisco's source code was reportedly stolen in 2004 and, while doing research on the IOS software, Lynn found information on a Chinese-language website that indicated to him that Chinese attackers were aware of the security flaws in IOS and could be exploiting them.
RELATED TOPICS : CiscoGate Landing page , IOS makes it to SANS Top-20 , IOS exploit tools
CATEGORIES : 1ciscogate, 1threats, 1vulnerabilities, 1ios
Mike Lynn, a former security researcher with Internet Security Systems, or ISS, said three of the flaws can give an attacker remote control of Cisco's routing and gateway hardware, essentially allowing an intruder to run malicious code on the hardware. The most serious of the three would affect nearly every configuration of a Cisco router, he said. "That's the one that really scares me," Lynn said, noting that the bug he revealed in July only affected routers configured in certain ways or with certain features. The new one, he said, "is in a piece of code that is so critical to the system that just about every configuration will have it. It's more part of the core code and less of a feature set," Lynn said.
Like the earlier bug, the more serious of the new bugs is in Cisco's Internet Operating System, or IOS, said Lynn. Another dozen unpublished vulnerabilities can allow someone to conduct a denial-of-service attack against the router, crashing it over the internet, he said.
Lynn, who now works for Cisco competitor Juniper Networks, told Wired News that ISS has known about additional flaws in the Cisco software for months but hasn't told Cisco about them. This is serious, Lynn said, because attackers may already be developing exploits for the vulnerabilities. Cisco's source code was reportedly stolen in 2004 and, while doing research on the IOS software, Lynn found information on a Chinese-language website that indicated to him that Chinese attackers were aware of the security flaws in IOS and could be exploiting them.
RELATED TOPICS : CiscoGate Landing page , IOS makes it to SANS Top-20 , IOS exploit tools
CATEGORIES : 1ciscogate, 1threats, 1vulnerabilities, 1ios
posted by Dwaine at 12/06/2005
0 Comments:
Post a Comment
<< Home