Wednesday, June 6, 2007

Cisco Confirms OS Security Holes

Late last month, Cisco confirmed the existence of multiple vulnerabilities in IOS, along with separate flaws in IOS XR, its Cisco Firewall Service Module and its Cisco Unified Call Manager products.

According to a Cisco announcement, an attacker can trigger an IOS system crash by crafting malicious secure sockets layer (SSL) packets and passing them along during the protocol exchange process. Attackers can craft malicious ClientHello messages, Processing ChangeCipherSpec messages and Processing Finished messages, Cisco said.

In every case, according to the announcement, the big danger is denial of service. At this point, none of the SSL processing vulnerabilities have been linked to information disclosure or system compromise, Cisco stressed.

Cisco released software updates to patch both flaws.

1 comment:

SEO Services said...

I was looking for a video guide and thanks for posting this actually. Pentest