Excerpt from Network World -More bugs crop up in Cisco gear
Network World Fusion, 11/11/98
More bugs have cropped up in Cisco Systems' routing software, affecting the security of the company's 7XXX series of routers that are prevalent in large enterprises and Internet service provider networks.
Certain versions of Cisco IOS software can cause IP datagrams to be output to network interfaces even though access lists (ACL) have been applied to filter those datagrams, according to a field notice on Cisco's Web site
Neither of the defects "fails reliably," Cisco says. This means the same ACLs on the same interfaces may work correctly at some times, but fail at other times. Because of this, administrators who test their ACLs may be misled that the lists are providing effective protection, when in fact they are not, the field notice states.
These vulnerabilities can be worked around by disabling DFS on network interfaces, Cisco says. Users should be aware, however, that the purpose of DFS is to transfer computational load from the router's primary CPU to the CPUs on the VIP cards. Disabling DFS may cause overload of the router's primary CPU, Cisco says.
...
This is at least the third major bug that has cropped up in Cisco IOS router software. Last summer, a bug allowed attackers to crash remote routers. And last month, a defect allowed users to gain access to network passwords. |
