dcsimg
 

Cisco Patches IOS Flaw

By Ryan Naraine  |  Print this article Print
 
 
 
 
 
 
 

WEBINAR:
On-Demand

Re-Imagining Linux Platforms to Meet the Needs of Cloud Service Providers


Malicious hackers could launch denial-of-service attacks on VOIP devices.

Switching and routing firm Cisco Systems Inc. has issued a fix for a denial-of-service vulnerability affecting versions of its flagship IOS (Internetwork Operating System) software.

A security advisory from the San Jose, Calif.-based company said the flaw affects all Cisco devices that are configured for Cisco ITS (IOS Telephony Service), Cisco CME (CallManager Express) or SRST (Survivable Remote Site Telephony) services.

ITS, CME and SRST are features that allow a Cisco device running IOS to control IP phones using the Skinny Call Control Protocol. The company warned that a malicious hacker could send certain malformed packets to the SCCP port on an IOS device configured for ITS, CME or SRST, which may cause the target device to reload.

The attack scenario could be done repeatedly to create a denial-of-service attack against telephony devices, company officials said.

The vulnerability, which was detected and reported by researchers at SecureTest, exists because of an error within the processing of control protocol messages. It affects the 12.1YD, 12.2T, 12.3, and 12.3T release trains.

Dan Jackson, president and chief operating officer of DeepNines Technologies, said the Cisco flaw is further proof that routers could present a bigger target for malicious hackers.

"From a security standpoint, 2005 is the year that the router becomes the Achilles heel of the network," Jackson said in a statement. "Where there's smoke, there's fire—meaning these won't be the last router vulnerabilities we hear about this year."

Check out eWEEK.com's for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer's Weblog.

 
 
 
 
 
 
 
 
 
























By submitting your information, you agree that channelinsider.com may send you channelinsider offers via email, phone and text message, as well as email offers about other products and services that channelinsider believes may be of interest to you. channelinsider will process your information in accordance with the Quinstreet Privacy Policy.

 
 
 
 
 
 

Submit a Comment

Loading Comments...
























By submitting your information, you agree that channelinsider.com may send you channelinsider offers via email, phone and text message, as well as email offers about other products and services that channelinsider believes may be of interest to you. channelinsider will process your information in accordance with the Quinstreet Privacy Policy.

 
 
 
 
 
 
 
 
 
Thanks for your registration, follow us on our social networks to keep up-to-date