Cisco detects a second IOS bug

Cisco detects a second IOS bug The flaw is related to a vulnerability revealed at the Black Hat conference

News Story by Robert McMillanNOVEMBER 03, 2005 (IDG NEWS SERVICE) - Cisco Systems Inc. has discovered a critical bug in the operating system used to power its routers, the company said yesterday.
The flaw, rated "critical" by the French Security Incident Response Team, has to do with the system timers that Internetworking Operating System (IOS) uses to run certain operating system tasks. Under certain conditions, attackers may be able to take control of the router by tricking the system timers to run malicious code, Cisco said in a security advisory.
The flaw is the second serious problem Cisco has found in its routers' IOS that is related to a controversial security presentation given at the Black Hat USA security conference in July.
Cisco has published a patch for the vulnerability, which has not yet been exploited by hackers, the company said. The bug was discovered "as a result of continued research to the demonstration of the exploit of another vulnerability which occurred in July 2005 at the Black Hat USA Conference," the advisory states.
That problem was disclosed by security researcher Michael Lynn, who was forced to quit his job as a research analyst at Internet Security Systems Inc. and was then sued for disclosing the problem. The lawsuit was quickly settled, after Lynn agreed to stop discussing the matter (see "Dispute Over Cisco Flaw Sparks Criticism, Debate").
Shortly after Lynn's presentation, Cisco published an IOS patch that addressed the IPv6 attack he had described.
To take over a Cisco router, attackers would need to successfully take advantage of both the earlier IPv6 problem and the system timer bug disclosed today, said John Noh, a Cisco spokesman. "In order to exploit the issue we're talking about today, you needed an additional way to attack," he said.
Without proof that it can be exploited, Cisco's latest bug isn't particularly worrisome, said Russ Cooper, editor of the NTBugtraq newslist and a scientist at security vendor Cybertrust Inc. "My take on it is that it was just another vulnerability," he said.
But if someone figures out a way to take over Cisco's widely used routers, it could clear the way for a particularly devastating attack on the Internet.
Lynn said the potential consequences of such an IOS attack were so grave that he felt compelled to give his Black Hat presentation. "IOS is the Windows XP of the Internet," he said during his presentation.