Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Networking Pearl Harbor in the Making

  • From: Eric Gauthier
  • Date: Mon Nov 07 11:25:08 2005

Robert,

> All of our network is now patched for the latest Cisco advisory. We were 
> already running fixed code on a few routers when the advisory came 
> out so we knew the code was stable and moved to it on all other 
> boxes.

I'm not exactly "in the know" on this one, but the heap-overflow advisory
that we've seen indicates that the IOS updates Cisco put out are not patches
for this problem:

  "Cisco has devised counter-measures by implementing extra checks to
  enforce the proper integrity of system timers. This extra validation
  should reduce the possibility of heap-based overflow attack vectors
  achieving remote code execution."
from http://www.cisco.com/warp/public/707/cisco-sa-20051102-timers.shtml

We've asked Cisco for a better explanation - namely, are their recommended
updates "patches" to the problem (i.e. repairs) or simply mitigating 
updates that make is harder to exploit.  The wording of their advisory seems
to indicate the latter.  This latter case is what worries me since it implies 
that there is a fundamental problem in IOS, the problem still exists even after
patching, and that Cisco can't readily repair it.  Unfortunately, so far we've 
gotten the run-around and haven't been able to get a better answer, again 
leading me to believe the worst.

Eric :)




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.