Cisco Discloses IOS XR Flaw

The latest denial-of-service warning out of Cisco relates to the CRS-1's operating system

Craig Matsumoto, Editor-in-Chief, Light Reading

January 24, 2007

1 Min Read
Light Reading logo in a gray background | Light Reading

Cisco Systems Inc. (Nasdaq: CSCO) issued three security advisories today, including one allowing the possible takeover of an IOS XR router.

IOS XR is the operating system for the CRS-1 and XR 12000 lines of routers. It's a modular operating system, as is JunOS from Juniper Networks Inc. (NYSE: JNPR), as opposed to the non-modular IOS that runs on most of Cisco's routers. (See Cisco Unveils the HFR and Cisco's CRS-1 Gets Edgy.)

The "Crafted IP Option Vulnerability," as Cisco calls it, can be used to start a denial of service (DOS) attack on a router, possibly leaving it open for "arbitrary code execution," as Cisco's advisory puts it.

The Crafted IP Option Vulnerability advisory can be found here.

This appears to be the first time Cisco has found a DOS loophole specific to IOS XR. But it isn't the first vulnerability discovered in IOS XR.

An alert in April noted several IOS XR flaws related to MPLS, although it didn't indicate that the problems could be exploited to create a DOS attack. A few alerts related to DOS attacks on IOS, such as one having to do with the Internet Control Message Protocol (ICMP), have the potential to affect IOS XR as well.

Cisco's two other advisories today relate to plain old IOS.

One is a TCP vulnerability that can be exploited in a DOS attack; that one appears to affect all IOS release 12.0 versions. An IPv6 header vulnerability, where a specially crafted header can crash a router, affects only certain 12.0 versions. Cisco has issued a free fix for both IOS vulnerabilities.

Craig Matsumoto, West Coast Editor, Light Reading

About the Author

Craig Matsumoto

Editor-in-Chief, Light Reading

Yes, THAT Craig Matsumoto – who used to be at Light Reading from 2002 until 2013 and then went away and did other stuff and now HE'S BACK! As Editor-in-Chief. Go Craig!!

Subscribe and receive the latest news from the industry.
Join 62,000+ members. Yes it's completely free.

You May Also Like