Multiple Cisco products among those clobbered by OpenSSL flaw

Cisco switches, routers and firewalls are vulnerable to attack due to a problem in OpenSSL that has other software vendors scrambling to cope.

Cisco switches, routers and firewalls are vulnerable to attack due to a problem in OpenSSL that has other software

vendors scrambling to cope. Failure to deal with the problem can leave systems open to remote denial of service (DoS).

Multiple products with HTTPS servers running OpenSSL are vulnerable to a remote DoS attack. OpenSSL is an open source toolkit implementing the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols for security and cryptographic applications.

For more information

Click here for the Cisco advisory or here for the fix.

For information about other products affected by the flaw, see below:

Debian
EnGarde
FreeBSD
Gentoo

Kerberos
Mandrake
Red Hat
Slackware
SuSE

By using a specially formed SSL/TLS handshake, a vulnerability in the do_change_cipher_spec function in OpenSSL (versions 0.9.6c through 0.9.6k, and 0.9.7a through 0.9.7c) can allow a remote attacker to force a null-pointer assignment that crashes or resets the hardware, causing a DoS.

The problem affects Cisco IOS, Cisco PIX, Cisco Firewall Services Module for the Cisco Catalyst, Cisco MDS Multilayer Switch, Cisco Content Service Switch, Cisco Global Site Selector, CiscoWorks Common Services, CiscoWorks Common Management Foundation and Cisco Access Registrar (see Cisco site for version details).

Devices that use Secure Shell (SSH) instead of OpenSSL for secure access aren't affected by this vulnerability.

Limited workarounds are possible, including restricting access to the HTTPS server and disabling the SSL server or service. Cisco has provided fixes for these problems.

Cisco isn't alone in dealing with the OpenSSL problem. Vendors including Debian, EnGarde, FreeBSD, Gentoo, Kerberos, Mandrake, Red Hat, Slackware and SuSE are all struggling to deal with the consequences of the OpenSSL problem.

Dig deeper on Network Hardware

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchSDN

SearchEnterpriseWAN

SearchUnifiedCommunications

SearchMobileComputing

SearchDataCenter

SearchITChannel

Close