Cisco issued two alerts on April 6. The first involves IPSec VPNs, where the extended authentication (Xault) messages for handling Internet Key Exchange (IKE) can be exploited to gain control of a router. The flaw pertains to versions of IOS that are running Cisco's Easy VPN Server application.
The other flaw is actually four vulnerabilities in one. (What a deal!) All four are scenarios that can cause a router to reload if Cisco's IOS Secure Shell (SSH) server and Terminal Access Controller Access Control System Plus (TACACS+) are being used for remote management.
The danger is that one of the flaws could be exploited repeatedly to put the router in a continual state of reset, effectively paralyzing it. This is one type of denial of service (DOS) attack, the kind of problem pertaining to most of Cisco's security advisories these days.
Three of the trouble scenarios for this second flaw involve specific sets of actions -- for example, a logged-in user attempting a "send" command while an SSH session is awaiting another user's login and password information. The fourth scenario involves a memory leak that can crop up if an invalid user name or password is received.
Cisco is providing free software patches to address both problems.
Cisco's policy is to announce such vulnerabilities as they are discovered. The security alerts can be found on Cisco's Web site at http://www.cisco.com/en/US/products/products_security_advisories_listing.html.
— Craig Matsumoto, Senior Editor, Light Reading
CALLING ALL SECURITY APPLIANCE MANUFACTURERS: Make sure your company and products are listed free of charge in Light Reading's forthcoming security directory by completing this questionnaire.
For further education, visit the archives of related Light Reading Webinars:
- Security & VPNs
- Multi-Layered Security: Security in an Insecure World
- Implementing Managed Security Services