July 31, 2009, 7:39 AM — Cisco on Thursday posted a security advisory warning that recent versions of its Cisco IOS software contain two vulnerabilities that could allow hackers to launch a Denial of Service (DoS) attack when dealing with certain Border Gateway Protocol (BGP) updates.
The first vulnerability could force a device to reload when processing a BGP update that contains autonomous system (AS) path segments comprise of more than one thousand autonomous systems, the company says.
The second one could force a device to reload when it processes a malformed BGP update crafted to trigger the issue, Cisco says.
According to Cisco, these vulnerabilities only occur on devices running Cisco’s IOS network operating system that have four-octet AS Number Space and BGP routing configured. The company has released software updates to patch the security holes.
Earlier this week, Cisco issued a patch to fix holes in a number of its WLAN controllers, and warned users of its Unity unified communications products that they were at risk from the vulnerability Microsoft announced regarding its Active Template Library, since certain Cisco products leverage that library and therefore could be exploited by the hole.
Do you tweet? Follow me on Twitter here.
