Welcome!

XML Authors: Katharine Hadow, Greg Schulz, Ambal Balakrishnan, Jeff Scholes, Brad Abrams

Related Topics: Virtualization, IT SOLUTIONS GUIDE

Virtualization: Article

Cisco Outlines Security Problem, Symantec Warns Against It

Revealed at Black Hat Conference
By Security News Desk
Article Rating:
July 30, 2005 12:30 PM EDT
Reads:
 13,180
Symantec has warned customers that information about a potential Cisco vulnerability, revealed at the Black Hat conference earlier in the week,   "increases the threat of exploitation." Meanwhile, Cisco published an advisory alerting its users about the vulnerability leveraged in the exploit demonstration.

Michael Lynn, a former Internet Security Systems (ISS) researcher, had quit his job to present his findings at the security conference. His presentation was later omitted from the conference CD. 

Symantec's alert noted that the disclosure "represents a potentially significant threat against existing infrastructure currently deployed." It recommended that enterprises do an immediate audit of existing vulnerabilities in their Cisco hardware and apply the associated patches ASAP.

According to the advisory, IOS is vulnerable to a denial-of-service (DoS) attack, and possibly to a much more dangerous exploit that could actually introduce hacker code remotely, via a specially-crafted IPv6 packet.

"Lynn did not disclose a new vulnerability," said Cisco spokesman John Noh. "But this advisory relates to the vulnerability he discussed at Black Hat."

Cisco said in its advisory said that all its devices running on  "any unfixed version of IOS code that supports, and is configured for, IPv6" are vulnerable. An attack, however, relies on a deliberately built IPv6 packet that must be sent from a local network segment. "This vulnerability can not be exploited one or more hops from the IOS device," Cisco said. 


Published July 30, 2005 – Reads 13,180
Copyright © 2005 SYS-CON Media, Inc. — All Rights Reserved.
Syndicated stories and blog feeds, all rights reserved by the author.

More Stories By Security News Desk

SYS-CON's Security News desk trawls the world of security for news of software, hardware, products, and services that seems likely to be of interest to infosec professionals and summarizes them for easy assimilation by busy IT managers and staff.

Comments (1) View Comments

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.

Most Recent Comments
ISSJ News Desk 07/30/05 11:49:21 AM EDT

Cisco Outlines Security Problem, Symantec Warns Against It. Cisco has admitted and detailed a security vulnerability that was revealed at the Black Hat conference, and now Symantec has jumped into the fray, warning that the revelation at the conference increases the chance for the hole to be exploited.