Cisco Confirms DoS Flaws

Routing and switching giant Cisco Systems has
confirmed a Denial of Service (DoS) bug in a wide range of devices running the
Internetwork Operating System (IOS).

A security
alert
from Cisco warned that a specifically crafted Transmission
Control Protocol (TCP) connection to a telnet or reverse telnet port of
a vulnerable device may block access to an IOS-powered device.

The flaw affects telnet, reverse telnet, Remote Shell (RSH), Secure
Shell (SSH) and, in some cases, Hypertext Transport Protocol (HTTP)
access to the Cisco device.

Telnet, reverse telnet, RSH and SSH sessions established prior to
exploitation are not affected, the company said, noting that services
such as packet forwarding, routing protocols and all other communication
to and through the device were not affected.

The company has released workarounds (available
here
) and plan to issue free updates to address the vulnerability.

Separately, research firm Secunia issued an advisory for multiple
bugs in Cisco’s Secure Access Control Server (ACS) that could lead to
system access and DoS attacks.

The first flaw is a connection-handling error within the Web-based
management interface (CSAdmin) that causes the interface to stop
responding to requests when it is flooded with TCP connections. “This
may also cause other services processing authentication-related requests
to become unstable or stop responding,” Secunia warned.

The vendor also reported an error within the processing of LEAP
(Light Extensible Authentication Protocol) authentication requests that
could be exploited to crash a vulnerable device. Successful exploitation
requires that the device has been configured as a LEAP RADIUS Proxy.

The vulnerabilities affect only Cisco Secure ACS for Windows and
Cisco Secure ACS Solution Engine. Cisco has released patches
to its customers.

News Around the Web