Cisco releases bundle of router security patches
Cisco has issued a set of security patches for the Internet Operating System (IOS) software, used to power its routers and switches.
The patches were published Wednesday, the date Cisco had previously set aside as the latest release date for its twice-yearly IOS patches. Cisco also published 12 security advisories describing the bugs, noting that many of these vulnerabilities could be exploited by attackers to crash an IOS device.
One of the bugs, a flaw in the Simple Network Management Protocol (SNMP) could be exploited by an attacker to seize control of the router. However, only specially configured Cisco uBR10012 series devices, used by telecommunications companies to connect broadband customers to the Internet are affected by the flaw, Cisco said.
Symantec rates this flaw critical and on Wednesday advised users of these devices who have configured their routers for linecard redundancy apply the patches as soon as possible.
Cisco is not aware of any attacks or previous public disclosures that were based on this flaw.
Other bugs that were patched affect Cisco's multicast, SSL processing, and Session Initiation Protocol software. A complete list of Wednesday's security bulletins can be found here.
IDG News Service
Build your tech library with our book giveaways.
Hacking Exposed, Sixth Edition
By Stuart McClure, Joel Scambray, George Kurtz; Published by McGraw-Hill/Osborne
The original Hacking Exposed authors rejoin forces on this tenth anniversary edition to offer completely up-to-date coverage of today's most devastating hacks and how to prevent them. Using their proven methodology, the authors reveal how to locate and patch system vulnerabilities. The book includes new coverage of ISO images, wireless and RFID attacks, Web 2.0 vulnerabilities, anonymous hacking tools, Ubuntu, Windows Server 2008, mobile devices, and more. Enter now!
