- Nokia's new N97 vs. the iPhone
- 10 Microsoft research projects
- Hard to get justice in MySpace case
- Smartphone smackdown: Storm vs. iPhone
- Apple removes antivirus support page
Security experts are warning that ready-made code which exploits a recently announced Cisco IOS software vulnerability is circulating and attacks using the exploit are taking place.
Cisco did not respond to requests for comment, but updated its IOS bulletin to say that it is aware that an exploit had been published on a public mailing list.
On Wednesday, Cisco warned of a widespread and serious flaw in IOS that could make devices using the operating system vulnerable to a denial-of-service (DoS) attack.
The flaw affects a wide range of Cisco devices that run IOS and accept data packets using IPv4, including Cisco's popular Catalyst family of switches, 7300 series routers and Aironet family of wireless access points.
The exploit was posted to prominent security discussion lists by an unknown individual using the name "Marion Barry" and an e-mail address at the free Hotmail e-mail service.
Security provider Internet Security Systems Inc. said that it had tested the code contained in that message and that it works, according to Dan Ingevaldson, engineering director for ISS X-Force.
The code contains a small program written in the C programming language that makes it easy to quickly develop an exploit using the IOS vulnerability, Ingevaldson said.
"It's probably 200 lines. All it does is give you instructions on how to create an exploit. You just point at a target and it will fire an attack," he said.
A malicious hacker with a "moderate degree of sophistication" could run the exploit, according to Shawn Hernan, a member of the technical staff at the CERT Coordination Center.
ISS received reports Friday of the code being copied widely on the Internet and used in attacks on Internet service providers and major Internet backbone providers.
ISS does not know where the exploit came from, but was surprised by the speed with which it appeared, according to Ingevaldson.
"All I know is that there was an update on the Cisco bulletin and a few hours later there was an exploit," he said, referring to Cisco's modification of its earlier security bulletin regarding the IOS vulnerability.
That update bulletin gave more specific information than was first released on what protocols could be used with IPv4 data packets to trigger the IOS vulnerability and create a denial-of-service attack on vulnerable Cisco devices.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment