No sooner did Cisco Systems Inc. announce the release of the newest version of its routing software than the bugs started showing up.
Cisco’s IOS 12.0, which was announced on Dec. 21 (please see “IOS 12.0 integrates prior enhancements,” NWC, Jan. 29, 1999, page 10), can crash routers when packets are sent to the devices’ syslog port, according to a posting from a Cisco official dated Dec. 27, 1998, on the BUGTRAQ mailing list. The syslog port generates router event messages used for managing the devices.
The bug also affects IOS Version 11.3AA and 11.3DB, the posting stated.
Cisco recently began issuing fixes for the bug, according to one user. But a Cisco spokesperson said all of the fixes have not yet been released.
Though the posting stated that Cisco customers have not yet reported any attacks, it said the bug is easy to exploit. The posting was written by John Bashinski, a member of Cisco’s product security response and escalation team.
“Administrators should be on the lookout for potential exploitation of this bug,” Bashinski stated in the posting.
The crashing problem appears to be caused by packets sent to the router’s syslog port, UDP port 514, the posting stated. The bug may cause different routers to “crash differently,” with some rebooting and claiming they were restarted by power-on, the posting stated.
ADC Telecommunications in Minneapolis said the bug could have affected four of its internal routers. But Cisco recently began issuing fixes for it, and ADC routers are running that software, said Roy Hegge, senior network engineer at the company.
Users can also apply an access list to block incoming syslog traffic as a workaround, Bashinski suggested in his posting. The access list needs to block syslog traffic destined for any of the router’s own IP addresses or for any broadcast or multicast address on which the router may be listening. It should be applied to all interfaces running IP, the posting stated.
This workaround, however, may have a significant performance impact on some users’ routers, Bashinski warned.
“The impact isn’t usually extreme, but it may make a difference on a router that’s already heavily loaded,” Bashinski stated. “Install it with care if you install it.”
IOS 12.0 features quality-of-service, scalability and, ironically, security enhancements, as well as voice support, according to Cisco. The security features include integrated firewall, authentication and IP Security (IPSec) tunnelling.
IOS 12.0 is available now on Cisco’s routers and switches.
