Cisco fixes long-standing TCP bug
Year-long DoS vulnerability finally tackled.
By Jim Duffy | Network World US | Published: 06:09, 10 September 2009
Cisco has issued a patch for a long-standing denial-of-service vulnerability that affects multiple products.
The vulnerability allowed attackers to manipulate the state of TCP connections, according to a Cisco security advisory. By manipulating the state of a TCP connection, an attacker could force the TCP connection to remain in a long-lived state, possibly indefinitely, the advisory said.
If enough TCP connections are forced into a long-lived or indefinite state, system resources may be consumed, preventing new TCP connections from being accepted and thus initiating a DoS condition. To exploit these vulnerabilities, an attacker must be able to complete a TCP three-way handshake with a vulnerable system.
Related Articles on Techworld
The bug was first discovered a year ago by Outpost24, a Swedish provider of network security products.
Affected products include scores of routers and switches running IOS, IOS-XE and CatOS operating systems; Cisco ASA and Cisco PIX security appliances running versions 7.0, 7.1, 7.2, 8.0, and 8.1 under certain configurations; NX-OS-based products such as the new Nexus 5000 and 7000 swsitches; and Scientific-Atlanta and Linksys products.
In addition to these vulnerabilities, Nexus 5000 switches contain a TCP DoS vulnerability that may result in a system crash, according to advisory. This vulnerability can be exploited remotely without authentication and without user interaction, and repeated attempts to exploit this vulnerability could result in a sustained DoS condition.
Cisco said it had released free software updates for download from its website that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are also available, the company said.
Cisco declined further comment on the situation.
