Results 1 to 4 of 4

Thread: ***Cisco Security Alert - Buffer Overflow vulnerability in IOS***

  1. Nov 4, 2005, 10:44 AM #1
    BlackCryptoKnight's Avatar
    BlackCryptoKnight
    BlackCryptoKnight is offline Super Moderator
    Join Date
    Jun 2003
    Posts
    3,621
    Rep Power
    24

    Exclamation ***Cisco Security Alert - Buffer Overflow vulnerability in IOS***

    The Cisco Internetwork Operating System (IOS) may permit arbitrary code execution after exploitation of a heap-based buffer overflow vulnerability. Cisco has included additional integrity checks in its software, as further described below, that are intended to reduce the likelihood of arbitrary code execution.

    Cisco has made free software available that includes the additional integrity checks for affected customers.

    This advisory is posted at http://www.cisco.com/warp/public/707...2-timers.shtml.

    Cisco is not aware of any active exploitation of this vulnerability. This advisory documents changes to Cisco IOS® as a result of continued research related to the demonstration of the exploit for another vulnerability which occurred in July 2005 at the Black Hat USA Conference. Cisco addressed the IPv6 attack vector used in that demonstration in a separate advisory published on July 29, 2005.
    Network admins need to pay attention to this alert.
    My brain is high capacity,
    More Cells than a PS3.
    You crash like an XBOX360,
    Go away and play with your Wii!.
    Reply With Quote Reply With Quote
  2. Nov 4, 2005, 12:21 PM #2
    tech_guru
    tech_guru is offline Moderator
    Join Date
    Aug 2002
    Posts
    1,257
    Rep Power
    0

    Default

    This is Potentially a huge project depending on the number and complexity of configuration present on routers.
    If all fails please Net Admins have a backup copy of running-config prior to upgrade.
    I dont need to know everything, I just need to know where to find the answer...Einstein

    Omar O Thompson (CISA, CCSP, CCDA, CCNA, NCDS(CS1000), LPIC-1, Linux+)
    Reply With Quote Reply With Quote
  3. Nov 4, 2005, 12:44 PM #3
    king
    king is offline Techie
    Join Date
    Feb 2005
    Posts
    390
    Rep Power
    0

    Default

    Quote Originally Posted by tech_guru
    If all fails please Net Admins have a backup copy of running-config prior to upgrade.
    Amen to that.


    I have some routers (a lot) that are not on the internet side and I think I'll wait before I upgrade.
    Reply With Quote Reply With Quote
  4. Nov 5, 2005, 12:38 PM #4
    megiddo's Avatar
    megiddo
    megiddo is offline Hardcore Techie
    Join Date
    Sep 2003
    Posts
    2,849
    Rep Power
    0

    Default

    Remember over the summer when Cisco freaked out over a security researcher who revealed a pretty major vulnerability in the software that runs a lot of Cisco equipment? We already discussed how the move backfired badly by only calling much more attention to the vulnerability -- but also to the researcher, Michael Lynn himself. He lost his job at a security firm over the flap, but it appears the notoriety probably helped him find another one without too much trouble. He's now working at Juniper, a major Cisco rival. Does Cisco get the referral bonus for recommending him? Update: Oh and, by the way, it was only this week that Cisco finally patched the real problem Lynn was discussing. Update: Updated to make clear that Lynn worked at a security firm, since some felt I implied he worked at Cisco.
    http://techdirt.com/articles/20051104/1518205_F.shtml
    starry heavens above and the moral law within
    Open source!
    dmitridawkins.com
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules

Options

About

Welcome to Tech Jamaica - Jamaica's Technology Portal Forum!


TechJamaica is the online resource of technology information, news, events and discussion forums focusing on technology in the Jamaican environment. Anything tech-related and Jamaican will be found on TechJamaica.com.

Social Media