[ISN] Patch now to reduce denial-of-service threat
InfoSec News
isn at c4i.org
Thu Apr 14 08:55:57 EDT 2005
http://www.computerweekly.com/articles/article.asp?liArticleID=137910
By Antony Savvas
14 April 2005
The UK's National Infrastructure Security Co-ordination Centre (NISCC)
has advised users to update their internet communications
infrastructure to plug a denial of service vulnerability in major
suppliers' equipment.
Cisco, Juniper Networks and IBM have already admitted to the problem
and have issued patches to prevent the threat, which can lead to
organisations' networks crashing from a remote denial-of-service
attack.
The threat involves network routers not being able to handle internet
traffic supported by the internet control message protocol (ICMP) and
the transmission connection protocol (TCP).
Hackers could use the protocols to launch a remote attack and crash
networks, said the NISCC. The NISCC has rated the threat "medium to
high".
Cisco equipment affected includes all router products running its
Internetworking Operating System (IOS) and its PIX firewall products.
IBM's AIX operating system is also vulnerable, as are some versions of
Juniper's JUNOS operating software running on its M-series and
T-series routers.
Other companies' products are believed to be affected by the
vulnerability.
The NISCC advisory is available from:
http://www.niscc.gov.uk/niscc/docs/al-20050412-00308.html?lang=en
More information about the ISN
mailing list