The Web    Google
Cisco Fixes a Pair of IOS Vulnerabilities

Cisco Fixes a Pair of IOS Vulnerabilities
April 7, 2005

Yesterday, Cisco announced patches to IOS that address denial of service vulnerabilities, and a bug that could allow malicious users access to VPNs.

According to a notice sent out by the company, versions of its Internetwork Operating System (IOS) configured to use the IOS Secure Shell Server (SSH) contain a pair of vulnerabilities that would allow malicious users to cause devices running IOS to exhaust their available resources, forcing a reload. Exploited enough times, the company warned, the vulnerability could cause a denial of service.

According to the notice posted on its site, the vulnerability affects ''any Cisco device running an unfixed version of Cisco IOS that supports, and is configured to use, the SSH server functionality.'' The company said running the command show ip ssh would indicate to users whether or not SSH functionality is enabled on a given device, and also shows the version of SSH running on the device. The advisory indicates that one of the vulnerabilities affects only equipment using the SSH2 protocol, while both affect equipment running the SSH1 protocol.

The second vulnerability Cisco reported addresses an authentication issue in IOS that affects all Cisco devices running any version of Cisco IOS that supports, and is configured for, Cisco Easy VPN Server Xauth version 6 authentication.

According to the company's announcement, malformed packets sent to UDP port 500 of the IOS Easy VPN Server could permit an unauthorized user to complete authentication and gain access to network resources.

The vulnerability is the more obscure of the two reported today, to the extent it requires the attacker to know the VPN's shared group key in order to complete one step of a connection negotiation before the Xauth negotiation, where the vulnerability lies, takes place.

This article was first published on

  • 2/15: Randex-COX a Network-Aware Worm
  • 2/23: Stang-A Worm Spreads Via MSN IM
  • Meta Group Slams Wireless LAN Suppliers on Security
  • Virus Alert: Worm Spreads Via Hidden System Shares
  • 12/6: Atak-B a Mass-Mailing Worm
  • 2/17: Poebot-A Worm Has Backdoor Functions
  • China Backs Down on WAPI Deadline
  • 7/28: Downloader-NE.dr a New Trojan
  • 2/2: Symbos_Locknut-A Hits Symbian Devices
  • 7/21: Lovgate-V Worm Provides Remote Access
  • Sophos Small-Business Suite Fights Viruses, Spam
  • Security Camera Related Information