By John Leyden
25th January 2007
Cisco released three security advisories on Wednesday designed to fix
multiple vulnerabilities in its core Internetwork Operating System
Worst of the trio is a "Crafted IP Option" vulnerability that creates a
potential means for hackers to load hostile code onto a range of Cisco
routers and switches running IOS. Attacks would have worked by sending
certain ICMP, PIMv2, PGM or URD packets with a specific IP option set to
a Cisco device, thereby causing the hardware to either crash or load in
such a way that arbitrary code is executed. The flaw applies to most of
the code base of IOS 12.0, 12.1 and 12.2.
The second vulnerability means that malformed TCP Packets can tie up the
memory of vulnerable devices eventually causing them to crash. The third
flaw also involves a denial of service risk, triggered by a packet
containing crafted IPv6 Type 0 Routing headers.
Cisco Security Advisories and vulnerability notes provided information
on patching and possible workarounds to address the flaws. Sys admins
are strongly advised to review these detailed bulletins. More
easily-digestible information is available in summaries from the
Internet Storm Centre (here)  and US CERT (here) .
 http://isc.sans.org/diary.html?storyid 97
Subscribe to InfoSec News