The security flaw outed by
former researcher Michael Lynn at this week's
Black Hat Briefings conference in Las Vegas is now the subject of a
formal security advisory from Cisco.
Posted this morning, the advisory notes an "IPv6 Crafted Packet Vulnerabilty" in Cisco's Internetwork Operating System (IOS) that can open a router to "an arbitrary code execution attack." Cisco knew about the bug and issued a patch in April but without fanfare.
The flaw could be used to launch a denial-of-service attack, as is the case with most IOS vulnerabilities discovered lately. More chilling, though, is the "code execution" part, meaning that a hacker could take over the router completely (see
Cisco Faces Security Flap).
The Cisco advisory notes that the attack only works if a router is "specifically configured" for IPv6.
Cisco and ISS had sponsored Lynn's talk but at the last minute asked him to change topics. Lynn didn't comply, quitting his ISS job just before going on stage to demonstrate the security flaw. He did not reveal details of how to exploit the flaw.
Since then, Cisco and ISS have been granted a court order preventing Lynn and the Black Hat organizers from further discussing the flaw. "Cisco and ISS were granted a permanent injunction against Michael Lynn and Black Hat on terms that all parties agreed to," a Cisco spokesman says.
Lynn might also face an FBI investigation, according to some reports.
— Craig Matsumoto, Senior Editor,
Light Reading
