Networking Fixes from Cisco, Wireshark

Monday, April 9, 2012 @ 03:04 PM gHale


Companies live and die by their network and when that has problems, it can lead to bigger issues. That is why security professionals need to stay on top of it.

In one case as part of its bi-annual patch day, Cisco published nine security advisories for its IOS network operating system. These advisories address a number of vulnerabilities, one of which (CVSS 8.5) could allow unauthorized remote users to gain administrative access via a privilege escalation exploit.

RELATED STORIES
Gaps Filled in Smart Grid Standards
Feds: Grid Security Needs a Boost
Execs Unaware of Security Risks
Security to Industry: Time to Wake Up

The other eight advisories cover denial-of-service (DoS) vulnerabilities. Several bugs in Cisco’s IOS Zone-Based Firewall left it vulnerable to denial of service attacks. Other issues involve DoS problems when initiating NAT sessions, during Internet Key Exchange (IKE), establishing reverse SSH sessions, performing traffic optimization, handling multicast source discovery or while using IOS’s Smart Install feature.

Meanwhile, the Wireshark development team released versions 1.4.12 and 1.6.6 of its open source network protocol analyzer; these are maintenance updates that focus on fixing bugs and closing security holes found in the previous builds. The updates to the cross-platform tool address several vulnerabilities an attacker could exploit to cause a DoS.

These include a memory allocation flaw in the MP2T dissector that could cause it to allocate too much memory, a bug when trying to read ERF data using the pcap and pcap-ng file parsers, and a problem in the ANSI A dissector. For an attack to be successful, an attacker must inject a malformed packet onto the wire or convince a victim to read a malformed packet trace file.

Versions 1.4.0 to 1.4.11 and 1.6.0 to 1.6.5 all suffer from the issue; upgrading to the new releases corrects these problems. Developers also fixed another security bug affecting only the 1.6.x branch that could cause the IEEE 802.11 dissector to go into an infinite loop causing Wireshark to crash.

Further information about the updates, including a full list of bug fixes, can be found in the 1.4.12 and 1.6.6 release notes. Versions 1.6.6 and 1.4.12 of Wireshark are available to download from the project’s site. The license for the source code for Wireshark is under the GPLv2.



Leave a Reply

You must be logged in to post a comment.