RealTime IT News

Cisco Confirms DoS Flaws

Routing and switching giant Cisco Systems has confirmed a Denial of Service (DoS) bug in a wide range of devices running the Internetwork Operating System (IOS).

A security alert from Cisco warned that a specifically crafted Transmission Control Protocol (TCP) connection to a telnet or reverse telnet port of a vulnerable device may block access to an IOS-powered device.

The flaw affects telnet, reverse telnet, Remote Shell (RSH), Secure Shell (SSH) and, in some cases, Hypertext Transport Protocol (HTTP) access to the Cisco device.

Telnet, reverse telnet, RSH and SSH sessions established prior to exploitation are not affected, the company said, noting that services such as packet forwarding, routing protocols and all other communication to and through the device were not affected.

The company has released workarounds (available here) and plan to issue free updates to address the vulnerability.

Separately, research firm Secunia issued an advisory for multiple bugs in Cisco's Secure Access Control Server (ACS) that could lead to system access and DoS attacks.

The first flaw is a connection-handling error within the Web-based management interface (CSAdmin) that causes the interface to stop responding to requests when it is flooded with TCP connections. "This may also cause other services processing authentication-related requests to become unstable or stop responding," Secunia warned.

The vendor also reported an error within the processing of LEAP (Light Extensible Authentication Protocol) authentication requests that could be exploited to crash a vulnerable device. Successful exploitation requires that the device has been configured as a LEAP RADIUS Proxy.

The vulnerabilities affect only Cisco Secure ACS for Windows and Cisco Secure ACS Solution Engine. Cisco has released patches to its customers.