Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Thursday, May 26, 2005

Cisco warns over DNS glitch

Cisco is advising users of its IP telephony kit to update their software following the discovery of a flaw that might allow hackers to mount denial of service attacks.

The bug, involving flaws in the processing of maliciously crafted DNS (Domain Name System) packets, also affects some of Cisco’s content networking and secure router products.  The vulnerability is limited to Cisco products running DNS clients, rather than DNS Server functions, and creates a means for remote attackers to crash vulnerable devices, Cisco warns.

Cisco has made a series of free software upgrades available to address the vulnerability.

The scope of the vulnerability - and the number of products affected - promises to create a lot of work in Cisco shops, so users are advised to scope out remedial work sooner rather than later. 

More technical details (but not a list of affected vendors) can be found in a UK government UNIRAS alert here: http://www.niscc.gov.uk/niscc/docs/al-20050524-00433.html


http://www.theregister.co.uk/2005/05/26/cisco_dns_glitch/

Posted on 05/26
WarningsPermalink