 |
 |
|
|
|
|||||||||||||||||||||||||||||||||||||
|
Flaw revealed in some Cisco software
(IDG) -- Cisco Systems has warned customers of a flaw in its Internetwork Operating System (IOS) software that could compromise the integrity of Transmission Control Protocol (TCP) traffic sent to and from its routers and switches. The vulnerability exists in all released versions of IOS, and hence affects all Cisco routers and switches running the software, the company said in a security advisory issued last week. Cisco's data networking equipment is the most widely used to carry traffic on the Internet.
The security flaw can allow the successful prediction of TCP Initial Sequence Numbers, Cisco said. Such numbers are supposed to be randomly generated by a sending machine and its receiving host as part of setting up a new IOS connection. Once the initial transmission is established, a sequence number is created based on the amount of data transmitted. However, if the initial number is not random, then it is possible "with varying degrees of success, to forge one half of a TCP connection with another host in order to gain access to that host, or hijack an existing connection between two hosts in order to compromise the contents of the TCP connection," Cisco said in the advisory. No Cisco customers had reported any attacks because of the vulnerability as of Thursday afternoon, a Cisco spokeswoman said. However, one analyst noted that with so much of the Internet running on Cisco equipment, any problem with its networking gear has the potential to become significant. "Anything that poses a flaw to Cisco is something to be alarmed about, since they control about 80 percent of the router market," said Irwin Lazar, senior consultant with analyst firm The Burton Group Corp. "The biggest issue out there is that people don't want to just slap an IOS upgrade in their routers without testing it first, in case another problem popped up when they corrected this one," he added. The flaw affects the security only of TCP connections that originate or terminate on the Cisco device itself, not of any traffic that passes through the device in transit. Cisco said it is offering free software upgrades for affected customers. RELATED STORIES:
Cisco switch users irked over delays RELATED IDG.net STORIES:
Cisco Web switches found to have security cracks RELATED SITES:
Cisco Systems, Inc. |
|
|
SCI-TECH
Study: Gadget sales flat Protest slams Dell's use of prison labor Steve Jobs keeps Apple in the limelight (MORE)
![[CNN.com]](http://i.cnn.net/cnn/images/newsnet/cnnlogo.gray.gif){kind=small} TOP STORIESN. Y. plans to heal skyline Stocks rise on Case departure Lieberman's presidential announcement today New arrests may be linked to UK ricin scare (MORE)
![[SI.com]](http://i.cnn.net/cnn/images/main/si.logo.gif){kind=logo} SPORTSJordan says farewell for the third time Shaq could miss playoff game for child's birth Ex-USOC official says athletes bent drug rules (MORE)
 All Scoreboards
|
|
|||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||
| Back to the top | |
© 2003 Cable News Network LP, LLLP.
A Time Warner Company. All Rights Reserved. Terms under which this service is provided to you. Read our privacy guidelines. Contact us. |
![[CNN Money]](http://i.cnn.net/cnn/images/main/fn.logo.newsnet.gif){kind=logo}
(