×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Exploit Available for Cisco IOS Vulnerability

michael posted more than 10 years ago | from the there-goes-the-internet dept.

Security 277

GNUman writes "Cisco's IOS vulnerability, posted by Slashdot and CERT, has now a published exploit available, as reported recently by CERT. While there are some some articles claiming that the Internet survived a major flaw, maybe with a publicly available exploit could script kiddies start creating havock?. jerw134 wanted to start a pool to find out when the exploit would be publicly available, here's the answer."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

277 comments

whee (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#6472508)

fun-n-games

Them Script Kiddies (4, Funny)

inertia@yahoo.com (156602) | more than 10 years ago | (#6472509)

About them Script Kiddies,
the internet's old plight.
Goin' all around,
usin' hacks they didn't write.
Them Script Kiddies lurk the net,
as devious little foes.
Keep them admins well employed,
and keeps them on their toes!
When Script Kiddies learn a trick,
it makes for one tight spot.
If you ain't patched up to date,
think again, because you ought.
How to be a Script Kiddy,
logon the net ad hoc.
Google for the hack you want,
and start your own havoc.

Re:Them Script Kiddies (0)

Anonymous Coward | more than 10 years ago | (#6472653)

Am I the only one getting tired of this shite? Dude, you post this stuff alllllllll the time.

Re:Them Script Kiddies (0, Offtopic)

inertia@yahoo.com (156602) | more than 10 years ago | (#6472723)

Get bent.

You know, there's this feature in /. where you can mark people as your Foe. Then you can assign them -6 so you never see them again. It's like saying "Shut up I hate you, don't bug me ever again, you twit!" to that person. Not only that, but they get the slap in the face of knowing that you hate them whenever they look in their Freak list.

Re:Them Script Kiddies (0)

Anonymous Coward | more than 10 years ago | (#6472853)

Thanks for the suggestion. Now I never have to read one of your poems again.

And? (-1, Troll)

Anonymous Coward | more than 10 years ago | (#6472518)

you eat = teh dick

dilbert is retarded and so are you
\
FAST POST

Great... (4, Interesting)

mfifer (660491) | more than 10 years ago | (#6472520)

...the 'sploit is more easily available than the fix!

Anyone else gone through hell today trying to get the patch from Cisco?

Grrr... >-/

Re:Great... (1, Funny)

Anonymous Coward | more than 10 years ago | (#6472552)

Someone with the patches should setup a bittorrent with them. Then we can setup a pool to see how long before the RIAA fucks up and sends them a C&D. "Whoops! Cisco? I thought it said Disco!"

Re:Great... (0)

Anonymous Coward | more than 10 years ago | (#6472610)

Someone with the patches should setup a bittorrent with them. Then we can setup a pool to see how long before the RIAA fucks up and sends them a C&D. "Whoops! Cisco? I thought it said Disco!"

Would make more sense if you had said Sisqo, maker of such wonderful hits as "The Thong Song".

Re:Great... (4, Informative)

NerveGas (168686) | more than 10 years ago | (#6472556)


The patch is extremely easy to come by. Do a "sh ver" on your router, and send the output to tac@cisco.com, and ask for an updated IOS. They'll likely be back to you within an hour or so.

steve

Re:Great... (2, Insightful)

rosewood (99925) | more than 10 years ago | (#6472657)

I cant say that im in charge of any cisco routers. Well, I am but I luckily don't ever have to mess with them and have moved away from using them but thats another story.

However, you have to email cisco to get an update from their screw up?

?????

Ill remember this when it comes time to buy network hardware.

not that easy (0)

Anonymous Coward | more than 10 years ago | (#6472765)

I've been searching thru the updated ios software, and the one that the advisory tells me to migrate to is way to big for my router. Plus it's not telling me whether it has 3des+ipsec support.
I don't think cisco's website is really that friendly.

Re:not that easy (1)

Trigun (685027) | more than 10 years ago | (#6472928)

I have 5 25xx's and 2 1601's sitting on my desk until I can get enough ram to run the new fixes.

I really should just pull them out of service, but hey, they work.

Re:Great... (2, Insightful)

Anonymous Coward | more than 10 years ago | (#6472940)

You have either a bizarre definition of the phrase "extremely easy" or very little perspective on how easy it is to patch many other products.

What would you call it if they had just provided in their advisory a publically-accessible link from which to download the patch? "ultra-easy"? How about running "apt-get upgrade"? "hyper-easy"? Or having the patch automatically installed for you by Windows Update? "mega-easy"?

Obviously, I'm not saying that Cisco should adopt any of these specific methods, but patch processes involving an email exchange don't fit most people's definition of "extremely easy."

The original poster's point is quite valid -- you don't have to email somebody and wait an hour to get the exploit. It's easier to get the exploit than it is to get the fix.

Re:Great... (2, Interesting)

silas_moeckel (234313) | more than 10 years ago | (#6472599)

Well I havent had any issues just go login to your CCO account and grab the new IOS's actualy my local mirror updated yesterday automaticaly. As for going through TAC thats allways a PITA to say a couple hundred dollars a year.

pool (-1, Flamebait)

Anonymous Coward | more than 10 years ago | (#6472526)

How about a pool on how long before someone posts the exploit on here?

Long enough? (1)

lewiz (33370) | more than 10 years ago | (#6472531)

Hehe, good to see the creator gave admins plenty of time to patch / resolve problems with their Cisco gear...

this is why.... (-1, Flamebait)

italian cock (690272) | more than 10 years ago | (#6472539)

I call it "CiscBlow"

OMFG, TOO FUNNY! (0)

Anonymous Coward | more than 10 years ago | (#6472768)

you so clever!

i laugh long time!

i bet you tell that one to all you loser friends!

OMFG!

FUNNY MAN!

Contact your network company (4, Insightful)

nacturation (646836) | more than 10 years ago | (#6472540)

If you haven't yet received notification from your NOC that they're going to be doing maintenance, you really need to impress upon them to get this fixed. In a nutshell, this flaw could allow a malicious hacker to shut down traffic to your servers.

Re:Contact your network company (5, Funny)

Sick Boy (5293) | more than 10 years ago | (#6472695)

After which they'll explain that they use Juniper equipment because it doesn't suck near as much as Cisco and you'll look like an ass.

Re:Contact your network company (-1)

bytes256 (519140) | more than 10 years ago | (#6472813)

unless they're a real network company and have redundant routers that they can update independantly and thus prevent downtime

Re:Contact your network company (4, Insightful)

Florian Weimer (88405) | more than 10 years ago | (#6472916)

If you haven't yet received notification from your NOC that they're going to be doing maintenance, you really need to impress upon them to get this fixed. In a nutshell, this flaw could allow a malicious hacker to shut down traffic to your servers.

First of all, your network might be running on non-Cisco gear (yes, there are other vendors).

Second, the fact that so many NOCs have to apply emergency patches is scaring. I can understand that NOCs hesitate to install the latest release just after it has been published (some of the releases which include the fix have been available for months), but this particular bug only affects you if your router is insufficiently protected by ACLs against all kinds of malicious traffic. You really want to install such ACLs to mitigate the effect of typical DoS attacks targeted at the router itself, and if you've done your homework, bugs like the present one do not require emergency maintainance.

Exploits et al., (0, Interesting)

Jack Wagner (444727) | more than 10 years ago | (#6472542)

This is something that is such a black plague on the IT industry and it just amazes me that we're supposed to take it in stride. The problem here is that we continue to use tools that are not mature.

During these difficult economic times I've had to branch out and do some "web programming" along with my real programming contract work (mostly low level 4Q multi-threaded kernel hacking, etc.) and after doing some cursory studying and testing of various techniques I'm amazed at how badly most of the sites on the web are designed and how most of them use the wrong tool for the job.

For instance I was able to reduce the load time of a very well known and heavily traveled Fortune 500 website by moving all the graphics to black and white only, as they load on an average of Olog(n) faster than color graphics (where n is the number of pixels in the color graphic) thusly improving their UHCRF (unique hit customer retention factor) ratio by 35%!! I won't brag about the $10,000 bonus check I received from hitting that benchmark... heh. Other simple techniques like removing all interpreted languages (java, Visual Basic, c# etc.) and replacing them with low level compiled code (C, of course) has generated speed increases upwards of 25% and also increase the security of the site as a side effect.

It's a shame we don't teach IT people to spend some time to learn their trade inside and out instead of always forcing them to jump on the "flavour of the month" and use abstracted high level tools. As Leon Brooks sums it up in his famous book "The Mythical Man Month" - You'll never properly solve a programming problem by using tools that are not mature. Leon hit's the nail right on the head with that one.

Warmest regards,
--Jack

Re:Exploits et al., (4, Funny)

_14k4 (5085) | more than 10 years ago | (#6472565)

Right, only now the webpage sucks because it's black and white.. ;)

Re:Exploits et al., (2, Funny)

Fastfwd (44389) | more than 10 years ago | (#6472578)

I won't brag about the $10,000 bonus check I received from hitting that benchmark...

Too late. Now how are we supposed to believe the rest of your story? :P

Re:Exploits et al., (5, Interesting)

Burlynerd (535250) | more than 10 years ago | (#6472595)

You're right on the money with the "maturity" comments, Jack. The way technology has been running, we have been in a constant state of trying to learn something new. We've never really had a chance to get "really good" at some of our technologies, before the next version or replacement technology arrived.

The Cisco situation is not due to bleeding edge issues though. They should have found this problem sooner.

Re:Exploits et al., (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#6472597)

Too bad you didn't apply the same techniques to http://www.wagnerconsultingllc.com/ ...

Re:Exploits et al., (0)

Anonymous Coward | more than 10 years ago | (#6472604)

Very funny. You even got modded up for that bullshit. Moving from range-checked languages to C is exactly what helps with security problems. 25% speed increase comes from a faster machine, not from "optimized" code which creates ridiculous overhead during development and post-break-in cleanup.

Re:Exploits et al., (2, Interesting)

gabriel-dialupusa (555359) | more than 10 years ago | (#6472606)

It's also a shame we have to pat ourselves on the back a lot on slashdot. And as long as you're not bragging about $10k bonuses, make sure to not tell us how you didn't spend it on the EFF and FSF. ;-)

Troll. Don't reply to. (0)

Anonymous Coward | more than 10 years ago | (#6472608)

Sad sad troll. No friends in the world.

(For evidence of trolling, consider his use of the name "Leon Brooks [slashdot.org] " for the person actually named -- as is well known by actually competent developers -- "Frederick P. Brooks"

Re:Exploits et al., (0)

Anonymous Coward | more than 10 years ago | (#6472646)

Cool, the troll that always brags about doing a ridiculous task for an important company (b&w graphics, yeah that makes sense), always mentions the mythical man month with a different Brooks as the author and a topic from the book that doesn't exist, has a non-existant website, and always uses some non-sensical buzzword heavy solution to the problem. As if mature tools would help Cisco avoid security problems. How does this tripe ever get modded up?

Re:Exploits et al., (2, Interesting)

aliens (90441) | more than 10 years ago | (#6472655)

What kind of graphics were these? They should have been already optimized to allow for quick loading.

Unless you're talking about high quality TIF's B&W vs. Color should not be making a difference in your load times.

Re:Exploits et al., (1)

toomuchPerl (688058) | more than 10 years ago | (#6472656)

You obviously have no clue what you're talking about in regards to tools that are underdeveloped. As far as I am concerned, you had better be one hell of a C hacker to say that replacing a website with C on the backend will increase the security.

Abstracted high-level tools are what gets jobs done. I wouldn't recommend Java, VB, and C# though - Personally I get things done best with Perl.

-toomuchPerl

Re:Exploits et al., (1)

MattRog (527508) | more than 10 years ago | (#6472675)

Wow, nice troll. I think that deserves a golf clap for your efforts.

*polite applause*

Re:Exploits et al., (1)

MattRog (527508) | more than 10 years ago | (#6472697)

WHOA! Apologies -- I replied to the wrong thread. My reply was to the thread starter that, aside from being ridiculous, is obviously a troll.

Re:Exploits et al., (0)

Anonymous Coward | more than 10 years ago | (#6472687)

Isn't Perl some twisted acronym for job security?

Re:Amazing!!!! (1)

botzi (673768) | more than 10 years ago | (#6472670)

You sir are the best troll who doesn't know he's a troll I've ever seen!!!!

Re:Exploits et al., (2, Funny)

Vishal (29839) | more than 10 years ago | (#6472679)

Black and White graphics load on an average Olog(n) faster than color ones? Mel Brooks gave you that formula?

Re:Exploits et al., (1)

el-spectre (668104) | more than 10 years ago | (#6472684)

News flash: Web-based technologies change monthly, if not weekly. If we waited for them all to mature, we'd still be viewing Lynx compatible pages.

Also, those of us who build for the web have to deal with an incredibly variable environment (OS, browser, connect speed, screen size, language, etc). Some high level abstraction is necessary, unless we want to target just 1 small audience (sadly, many web developers do so).

Idealism is nice, but standing on a soapbox screaming 'Be Patient!' is not really practical given the tech-o-the-week world that the web is right now.

I don't expect the best social skills (we're geeks, that's not what we do), but you could at least try to see the big picture before you espouse ivory tower philosophies.

(whew, I can feel my karma draining, but it's worth it).

Re:Exploits et al., (1)

TheMidget (512188) | more than 10 years ago | (#6472881)

News flash: Web-based technologies change monthly, if not weekly. If we waited for them all to mature, we'd still be viewing Lynx compatible pages.

You say this as if it were a disadvantage. Do you also consider access ramps near buildings to be eye-sores, and do you routinely park your cark on the spots reserved for the disabled?

Lemme tell you: lot's of people don't use lynx by choice, but because they have a disability (blindness) that prevents them from using other browser. Text-only browsers may be used together with a braille line, or a text-to-speech synthesizer to enable the blind to experience the web.

Franky, web designers who pride themselves that their pages are not lynx compatible are dorks [codex.lu] .

Also, those of us who build for the web have to deal with an incredibly variable environment (OS, browser, connect speed, screen size, language, etc).

Rather than building specific versions of your page for your target, think of building target-independant pages. Stick to standards. Stick to "minimality principle": If all you want are buttons with pretty pictures, uses gif images, rather than flash animations. Oh, and add an ALT tag too, for the sake of your blind visitors.

Idealism is nice, but standing on a soapbox screaming 'Be Patient!' is not really practical given the tech-o-the-week world that the web is right now.

So, just explain to your management that your "flashy" website exposes your company to multi-million dollar A.D.A. lawsuits. Maybe then they'll understand better.

Security (0)

Anonymous Coward | more than 10 years ago | (#6472690)

Other simple techniques like removing all interpreted languages (java, Visual Basic, c# etc.) and replacing them with low level compiled code (C, of course) has generated speed increases upwards of 25% and also increase the security of the site as a side effect.

if you're looking for a secure web development platform, Zope [zope.org] is good. Only 2 vulnerabilities in 5 years, and the Hotfixes were available almost immediately, added to this, they (the 2 vulnerabilities) were only local vulernabilities, not remotely exploitable. When the ISP I was working for was security audited, the Zope servers were amoung the few boxes that didn't have detectable vulernabilities. (and these were pro network security guys). Zope's written in Python and C.

Re:Exploits et al., (0)

Anonymous Coward | more than 10 years ago | (#6472699)

> black and white only, as they load on an
> average of Olog(n) faster than color graphics

What a shameless plug, sir. IT's not about file size then, and using JPEGs, GIFs and PNGs as appropriate, and not the other way around?

Nice trolling though, moderators fell for it.

Re:Exploits et al., (2, Insightful)

jeffmeden (135043) | more than 10 years ago | (#6472717)

Thats a bigger load of bullshhh than I've ever seen before, and thats including all of high school! Its times like these /. needs a 'retarded' moderation.

Re:Exploits et al., (1)

Urban Garlic (447282) | more than 10 years ago | (#6472721)

> As Leon Brooks sums it up in his famous book "The Mythical Man Month"... Leon hit's the nail right on the head....

It's a shame we don't teach IT people the names of other practitioners in their field, or how to use apostrophes.

That'd be *Fredrick* Brooks.

And Bob. [angryflower.com]

Re:What next??? (1)

botzi (673768) | more than 10 years ago | (#6472724)

I received from hitting that benchmark... heh. Other simple techniques like removing all interpreted languages (java, Visual Basic, c# etc.) and replacing them with low level compiled code (C, of course)

What an insight!!!!!!
I'm sure that the coming site support teams will talk a loooong time about the _real programmer_ guy who's been there before them.... Imagine the following:
- Hey, Joe, how the hell is this page header generated.....ooooooh, an executable....Nice!!!!;o))))
You know, I should agree that the nunmber of people in the web programming that don't have a clue what exactly they're doing is significant, that doesn't meen that you should come with a kernel module every time you want to generate an xml file.....

Re:Exploits et al., (3, Insightful)

brkello (642429) | more than 10 years ago | (#6472743)

Ok, this post really bothers me. In any complex system, there are bound to be bugs. I seriously find it hard to believe that if you tackled something as difficult as networking, spent years working on it, would have a finished product that was 100% error free. The word "mature" is just a label. It is meaningless in reality. I agree with you that people should use the right tool for the job, but comparing switching out color pictures for B&W ones and translating code in to C with routing and switching is like comparing a computer that can win at tic tac toe to a computer that can't be beat at chess. The fact of the matter is, Cisco is used by millions for their networking needs. If you think you can produce a more "mature" product that miraculously has no bugs then please do so. I guarantee you will be a rich man. The unfortunate thing is, that most likely by the time your system is mature, Cisco will have a product out that makes your device obsolete.

Re:Exploits et al., (0)

Anonymous Coward | more than 10 years ago | (#6472788)

Other simple techniques like removing all interpreted languages (java, Visual Basic, c# etc.) and replacing them with low level compiled code (C, of course) has generated speed increases upwards of 25% and also increase the security of the site as a side effect.

Funny thing to say considering Java, Visual Basic, and C# all compile into executable code. Perhaps you meant PHP?

Re:Exploits et al., (1)

jbottero (585319) | more than 10 years ago | (#6472789)

1. whois says your web address is not even registered.

2. I wonder what technology really is "mature" bofore it becomes out-of-date, these days.

Re:Exploits et al., (2, Informative)

slamb (119285) | more than 10 years ago | (#6472809)

Umm, apparently some moderators don't realize this is a troll. The things he is talking about aren't even remotely relevant to this exploit, which is at a much lower level. And it's not even consistent:

In this post, he said:

Other simple techniques like removing all interpreted languages (java, Visual Basic, c# etc.) and replacing them with low level compiled code (C, of course) has generated speed increases upwards of 25% and also increase the security of the site as a side effect.

Writing websites in C is generally a very bad idea. It does horrible things to the security - introduces buffer overflow problems. And the speed increase, when it even exists (Java's performance is better than most people think), is not worth the extra programmer time.

In an older post [slashdot.org] , he said:

Lets face it, all one has to do is take a quick look at the demand for certain skill sets on the net to get a pretty good feel for what's relevant today and I'm not sure c++ is anywhere on that radar screen. Most of my work as of late has been all Java and c#, with some legacy C programming done (on low level systems only of course, nobody would pay someone by the hour to have app level work done in C these days)

...so, apparently, he mostly uses the interpreted languages he just dissed stupidly.

The rest of the post is just stupid buzzwords:

For instance I was able to reduce the load time of a very well known and heavily traveled Fortune 500 website by moving all the graphics to black and white only, as they load on an average of Olog(n) faster than color graphics (where n is the number of pixels in the color graphic) thusly improving their UHCRF (unique hit customer retention factor) ratio by 35%!! I won't brag about the $10,000 bonus check I received from hitting that benchmark... heh.

More colors = more information = more time to download, but that O(log n) is stupid and wrong. And the other stuff is even more gibberish. This exploit has nothing to do with web applications, anyway.

Re:Exploits et al., (1)

jdhutchins (559010) | more than 10 years ago | (#6472839)

Great! You replaced their interpreted languages with C! But...

What's the lowly webpage designer going to do when *gasp* they want to change a page? Are they going to have to go down into C source, and have to change it? The webpage designer probably is going to really screw things up becuase the page needs changing. C may be fast, but for webpage design, it's probably not the right tool. If you have a half-decent server (Resin, for example), Java's not going to be slow. And JSP is going to be MUCH easier to maintain that C.

And as far as black-and-white graphics, I hope the site still looks good... There are other image optimizations that you can do, and that's probably made some of the difference.

Am i missing something (-1, Troll)

Anonymous Coward | more than 10 years ago | (#6472573)


I cannot see any exploit code on those links, just advisories ? where is the C code ?

As Mentioned on Slashdot (1, Insightful)

Saige (53303) | more than 10 years ago | (#6472583)

Now that it's been published, and Slashdot has broadcast it nice and loudly, surely the number of script kiddies planning on making use of this is significantly increasing. Not that I'm complaining about it being known - it'll really make certain people get their behinds in gear to fix it - but I'm sure we'll be seeing how serious of an exploit this is soon.

Let's see if we get significant network outages anywhere on the interenet anytime in the next few days/weeks...

Re:As Mentioned on Slashdot (1)

RobertNotBob (597987) | more than 10 years ago | (#6472734)

Actually, the link I E-mailed to the WAN manager pointing to this article was enough to start the precess.

Of course I am seriously doubting that the Net will be any fun this weekend.

Re:As Mentioned on Slashdot (1)

Saige (53303) | more than 10 years ago | (#6472906)

Well, we can hope that most people are as aware as your WAN manager. But, sadly, I think the security awareness around the internet isn't always up to that level of quality, as we've seen from other attacks and viruses and the like that exploited known vunerabilities that should and could have already been fixed.

I guess CERT and Slashdot are probably some of the best places to make people aware of this, as anyone worth their paycheck keeps track of at least one, if not both, and will have taken appropriate action.

We'll see soon enough how many people actually did something about the vunerability.

Tell me why (5, Insightful)

broothal (186066) | more than 10 years ago | (#6472622)

Ok, maybe it's just me, but why is it that I have to provide Ciso with serial number, date of purchase and the name of my cat to get this fix? I mean - the fix is software, and it will only work on Ciso units. So - for crying out loud - put the patch on an FTP site and get over with it. Jumping through hoops to get the patch isn't going to speed things up.

Re:Tell me why (5, Informative)

jht (5006) | more than 10 years ago | (#6472712)

Gee, I just had to call TAC up and give them the serial number to get in (our router doesn't have a service contract). Within an hour, I had a callback from the engineer who was given my case and an e-mail in my inbox looking for the specific info needed (the version of IOS I was running and the exact name of the binary - all produced by "sh ver").

After I got him the info, it was only a few minutes before the patch link was sent to me for download. The whole thing was done before lunch today - and that's for a little piss-ant customer with no service contract and a single router.

I think that's about as simple as it needs to be, personally. There's different versions of IOS for different devices, and all sorts of supported code revisions to deal with - it's not like Windows where you have a core version and service packs/hotfixes you may or may not have applied in random combination. Typically, if you have a Cisco router and it's working you'll only want to apply the minimum possible fix to the specific version you're running. So it's a pretty darned complex upgrade matrix. I, for one, am perfectly happy to let TAC guide me through it.

Re:Tell me why (1)

hawkbug (94280) | more than 10 years ago | (#6472830)

Well, you have a point - but on the side of the coin, there should be another option like the previous poster wants. Let's say that you are an experienced network admin who knows exactly what version of the IOS you need, and you know how to install it. Wouldn't it be a pain in the ass for you to have to go through this ridiculous process for every router you were responisble for if you didn't have a contract with Cisco like many companies don't? I'm half-way wondering if this isn't an easy way for Cisco to generate some business for itself by showing why it's better for your company to have a service contract with Cisco.... makes you think, doesn't it?

Re:Tell me why (2, Insightful)

Penguinshit (591885) | more than 10 years ago | (#6472879)

It seems to me that it's Cisco's way of preventing even worse problems by someone fat-fingering the upgrade themselves. It's a little bit slower, but in the end you're assured that you get exactly what you need for your systems. I find that extremely conscientious of Cisco.

Re:Tell me why (0)

Comen (321331) | more than 10 years ago | (#6472917)

Your absolutely right, people can complain all they want but I have had outstanding service from cisco, I can name allot of other companies that I dont get near the quality of service from. We were even contacted by our cisco rep before this was posted on the internet giving us a small heads up.
Every cisco rep have been almost to nice about the whole thing, they trying to make sure people dont stay mad to long I guess, and the process has been very smooth. I talked to a couple of guys at cisco while working on other cases with them, and asked them how its been on the phones lately since this advisory and they were saying it was just very busy etc... Most companies wouldnt even be able to keep up with kind of traffic and they are handing it very nicely with patchs ready. And you know someone was still going to be out there complaining.

hmm, and suddenly today roadrunner is dog-slow... (1)

muddy_mudskipper (186492) | more than 10 years ago | (#6472644)



coincidence?

or perhaps someone in my subnet finally figured out how to mirror torrentse.cx?

Re:hmm, and suddenly today roadrunner is dog-slow. (2, Informative)

Elminst (53259) | more than 10 years ago | (#6472752)

Today?
RR in upstate NY has bee dog-ass slow for 2 days straight now... despite the "network status" page being filled with "area down for cable maintenance/upgrades" for 3 days.
Oh look.. it says there's nothing wrong in my area.. bullshit!

"Creating" havock... (3, Insightful)

MattRog (527508) | more than 10 years ago | (#6472647)

They'll be creating something but I don't know what. Hopefully it won't resemble havoc.

Where is the Exploit ? (0)

Anonymous Coward | more than 10 years ago | (#6472662)


those links just point to the advisory which has been global news for a couple of days, anyone seen the actual exploit code or is this FUD from cert ?

Go Open Source (5, Funny)

Papa Legba (192550) | more than 10 years ago | (#6472665)

Once again we see the power of open source! From anounced flaw to exploit in two days. Beat that Microshaft!..... Oh.... Wait.... This is not a good thing is it....

Re:Go Open Source (0)

Anonymous Coward | more than 10 years ago | (#6472728)

LOL now thats why goverments and big compaines dont go open source they know that yes it may be more secure but chances are if someone finds a hole they then tell the whole world not going should i or should i not...

Re:Go Open Source (1)

GoneGaryT (637267) | more than 10 years ago | (#6472857)

What has Cisco's IOS got to do with open source?

Options:
a/ I'm missing something.
b/ You're a dickbrain.
c/ CowboyNeal
d/ All of the above.

The exploit was seen in the wild last night (1)

mclancy10006 (626420) | more than 10 years ago | (#6472672)

This was seen as activity on the net last night by some of the MSS firms. It seems post-patching of the Cicso boxes results in higher CPU utilization for a godd while. Not sure why yet, but maybe due to all that bad traffic...

Re:The exploit was seen in the wild last night (0)

Anonymous Coward | more than 10 years ago | (#6472757)

Yeah, I was ticked that I had to come up with
serial numbers on remotely deployed routers (which I couldn't and didn't do) - then the Cisco rep calls (yes, it was within 2 hours of emailing them) and says "oh my - all your versions boot from DRAM and all the patches boot from flash - and you don't have enough flash to load them"!
I'm just to have to buy more flash!

All your Ciscos... (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#6472693)

.... All your Ciscos are belong to us!

tried it... works quite well (2, Interesting)

Anonymous Coward | more than 10 years ago | (#6472708)

I've already compiled this and tested against an internal router, fills up the input queue quite nicely. Requires libnet.h

-orbit0r

Dear Slashdot, (5, Funny)

Anonymous Coward | more than 10 years ago | (#6472719)

Thanks heaps.

Regards,
Cisco Systems.

MOD PARENT DOWN (1, Informative)

Penguinshit (591885) | more than 10 years ago | (#6472827)

Relax. This news has been going around the various vulnerability mailing lists for over a week now. Slashdot is late to the party (rightfully so).

The discoverer notified Cisco and everyone else, but held back on the exploit code until Cisco had a chance to work on it. Now that the word is out as well as the patch, don't waste time here when you should be patching your CATs (or looking for a new job).

sheesh.

Protocol Independent Multicast? (3, Informative)

jkc120 (104731) | more than 10 years ago | (#6472720)

If I'm reading this page [cisco.com] correctly, the protocol type of the packet that causes the problem appears to be the PIM protocol:

grep 103 /etc/protocols
pim 103 PIM # Protocol Independent Multicast

Re:Protocol Independent Multicast? (5, Informative)

XenoPhage (242134) | more than 10 years ago | (#6472760)

Actually, it's 4 protocols ... 53, 55, 77, and 103.. Any one of these can kill the interface.

I've already posted a lot of information regarding this on the Nanog list.. but the "exploit" that has been release (shadowchode) isn't required to exploit this bug .. hping can do this just as easily..

Importance of shaming they who published the explo (5, Insightful)

lanner (107308) | more than 10 years ago | (#6472776)

Importance of shaming those who published this exploit

There was very little time to act upon the new IOS version that Cisco provided to the public. The software upgrades were available to the public on Thursday morning at 00:00. CERT made their announcement about 15 minutes later. Today, the exploit is public. That is less than 48 hours to upgrade the hundreds of thousands (if not million+) Cisco routers across the world.

This is the most important security event effecting the Internet since the root DNS server attacks some time back, and this one is potentially much more severe. I have been surprised at the lack of media attention of this issue, or how some of my technical colleges have treated it. They don't seem to understand how many Cisco routers are out there.

It needs to be shown that by making the exploit of this vulnerability public so soon, the persons who did this only did so for publicity gain at the expense of others.

They hurt others to profit themselves, and that is no more cool than slavery is. And what did they get out of it? "My dick is bigger than yours."

I just don't want this to pass over and the people who made this exploit public think that what they did was cool, or that they are going to get a lot of admiration or karma for it. If they like the Internet, which they probably do, they just did the most harmful thing to it as they could have possibly done.

Re:Importance of shaming they who published the ex (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#6472800)

We're here.

We're queer.

We dont want anymore bears.

Re:Importance of shaming they who published the ex (0)

Anonymous Coward | more than 10 years ago | (#6472814)

wahahahha

cry me a river philosophy boy

Some companies did have timely responses.. (1)

msimm (580077) | more than 10 years ago | (#6472856)

Here's the letter I received from Serverbeach yesterday afternoon:
July 17, 2003


Notice to Customers: Maintenance Window, July 18, 2003 - 12:00-2:00 am CST

Dear XXXX:


This letter is to inform you of a network maintenance window that will take place this evening, July 18, 2003, from 12:00-2:00 am central time.

We received an advisory today, sent to all Cisco IOS customers, that requires a network patch to ensure ongoing security and performance of the system. We have made the decision that, given the urgency of this notice, we should install the patch this evening. Customers may experience a disruption or reduction in network performance during this window.

We maintain our commitment to providing the highest level of service and network performance for our customers. Thank you for your business.

Feel free to contact me with questions or comments at ####@serverbeach.com.

Sincerely,

Richard Yoo
Big Kahuna
Nice to see someones paying attention.

Re:Some companies did have timely responses.. (0)

Anonymous Coward | more than 10 years ago | (#6472914)

And some really were paying attention (received 20030717 18:39)

As you may be aware, Level 3 performed significant maintenance to Cisco routers in our Network over the past two evenings. Due to restrictions in our contract with Cisco, we were not at liberty to share with you the nature or details of the pending work. Additional information can now be shared.
Level 3 Communications was notified by Cisco on the evening of Tuesday, July 15, of a potential software risk running on Cisco routers. In coordination with Cisco, Level 3 Engineers worked to secure the Level 3 Network through network modifications and router maintenance that evening. The remainder of our core Network infrastructure was completed in the maintenance window last evening.
We recognize that the timeframe and notification provided in this case have not been consistent with standard practice. The decision to move forward with work was based on a collective assessment of the potential impacts to your services if the risk was not mitigated.
We will continue to conduct maintenance activities over the coming days as we address issues associated with this specific exposure, and mitigate any potential remaining risk. We will provide specific maintenance notifications to Customers on the associated services we would impact in those follow-on maintenance activities.

enormous ddos potential - patch right away! (4, Informative)

Brian Ristuccia (2238) | more than 10 years ago | (#6472806)

Imagine your typical packet kiddie running dozens of instances of the following pseudocode on his farm of a few hundred trojaned boxes:


while (1) {

$x = random(255);
$y = random(255);
$z = random(255);
@hops = traceroute("$x.$y.$z.1");
for $hopnum (5..@#hops) { # don't kill nearby routers
system("shadowchode", $hops[$hopnum], 255 - $hopnum);

}

}

If you haven't patched already - do it now.

Just Fix It (5, Insightful)

vinn (4370) | more than 10 years ago | (#6472828)


Cisco released the fix two days ago to backbone providers. Other large customers could get the fix early yesterday. If you're affected by this vulnerability and it's not fixed yet:

  • You're not subscribed to the proper news channels (i.e. you're not doing your job) or
  • You're lazy (i.e. you're not doing your job) or
  • You're not as important as you thought (i.e. someone else isn't doing their job.)

It seems like Cisco handled this one correctly with the providers. I'm not sure how well large customers were handled, my guess is the .edu folks probably got screwed again.

Slightly more dangerous than a dos attack? (-1, Flamebait)

ratfynk (456467) | more than 10 years ago | (#6472831)

If I am reading this right all cisco Ipv4 could get whacked. Given that hubs use Cisco this is freaking serious! Come on Cisco fix it quick there are lots of people who will help. Do not do the old MS head in the sand crap!

Just tried it.. (5, Funny)

nolife (233813) | more than 10 years ago | (#6472902)

I just tried this on our routers at work, it does not appear to work. I did n tice som pkt lss but a r nn

Is this a problem of feature inflation? (3, Interesting)

CraigV (126819) | more than 10 years ago | (#6472915)

I had the impression that routing was a fairly straight-forward task and that 100% reliable software should be available for the routers. Has Cisco added frills to such an extent that the basic routing is compromised? Is this current problem associated with unnecessary features?
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...