Security threats Toolkit

Cisco squashes one bug

Marguerite Reardon CNET News

Published: 22 Apr 2004 08:40 BST

Cisco has released a fix to a flaw in a popular communications protocol that some experts said could take down the Net and has announced a new, unrelated security bug.

After the United Kingdom's National Infrastructure Security Co-ordination Centre sent out an advisory Tuesday describing the problem, Cisco and several other vendors acknowledged that their products could be affected by the flaw.

Cisco posted an alert to customers on its Web site and provided information for obtaining updated software. The problem affects a broad range of Cisco products, from its Internet Protocol routers and Ethernet switches to its optical, Internet Protocol telephony and storage products, according to the warning.

Other vendors, including Juniper Networks and Check Point Software Technologies, also have posted warnings and information regarding software updates on their Web sites.

As reported earlier by ZDNet UK sister site CNET News.com, the vulnerability found in TCP -- the Transmission Control Protocol -- allows for what's known as a reset attack. Many network appliances and software programs rely on a continuous stream of data from a single source called a session. Prematurely ending the session can cause a wide variety of problems for devices.

Unrelated to the TCP issue, Cisco also warned customers on Tuesday of a flaw discovered in some versions of its Internetwork Operating System software. The vulnerability, which was introduced through a previous version of a software upgrade, may cause a problem with a remote-management protocol called Simple Network Management Protocol.

The software bug causes devices to constantly reload information. Cisco warned that it could be exploited during a denial-of-service attack, causing affected devices to completely shut down. Denial-of-service attacks occur when hackers overwhelm a switch or router with millions of packets. Eventually, the device is unable to process the incoming packets, and it freezes or shuts down. Cisco has produced a code fix, which is available on its Web site.

A new version of Cisco's operating system expected later this year, should help prevent new bugs, such as the one discovered this week, from being introduced into products. Because the current version of Cisco's operating software runs on a single process, it requires network administrators to upload an entirely new version of software, even when only one element of the code needs to be changed. This often introduces bugs in different parts of the software.

The new software will run different functions on separate processes so that customers can add or update pieces of the code.