IBM and Cisco battle remote attack vulnerabilities

By Edmund X. DeJesus, Contributing Writer 12 Apr 2004 | SearchSecurity.com

Digg This!     StumbleUpon     Del.icio.us

Both IBM and Cisco are warning of vulnerabilities that remote attackers could exploit to cause denial of service and other problems. Administrators should apply available fixes to avoid security exposure.

IBM's HTTP Server is the latest victim of vulnerabilities due to OpenSSL flaws reported in November 2003. OpenSSL has flaws in handling invalid ASN.1 encodings that a remote attacker may leverage by using unusual ASN.1 tag values. The resulting deallocation of memory can allow denial of service and possible execution of arbitrary code.

The problem affects IBM HTTP Server versions 1.x and 2.x. IBM has provided fixes in the form of upgrades to version 1.3.x or 2.0.

A different vulnerability affects Cisco's Catalyst 6500 Series Switches and 7600 Series Internet Routers using the IP Security (IPSec) VPN Services Module (VPNSM). The VPNSM is a high-speed component that supplies infrastructure-integrated IPSec VPN services. Remote attackers using specially crafted Internet Key Exchange (IKE) packets can force the hardware to crash and reload, causing a denial of service.

The problem affects Cisco IOS versions 12.2SXA, 12.2SXB and 12.2SY using VPNSM. There are no workarounds to mitigate the problem, but Cisco is providing fixes. This issue with Cisco vulnerabilities is the latest of several in the past month.

Tags: Network Security Monitoring and Analysis,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Network Security Monitoring and Analysis Application-specific network intrusion detection systems emerge Anomaly-based intrusion protection configuration and installation How can I calculate perimeter firewall throughput? How do I find the application on my network that's dropping packets? Integrating NAC with network security tools Where can I find a sample security audit report? How can I run my own? The firewall remains the network traffic cop, but its role is changing Troubleshooting VLANs: How to monitor 802.1q tagged traffic Poor data-loss prevention practices almost cost Intel a billion How can I block my competitor's IP address range from my website?

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary deep packet inspection (DPI)  (SearchNetworking.com) FCAPS  (SearchNetworking.com) Nessus  (SearchNetworking.com) netstat  (SearchNetworking.com) port mirroring  (SearchNetworking.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary