-----BEGIN PGP SIGNED MESSAGE----- Internet Security Systems Security Brief July 17, 2003
Cisco IOS Remote Denial of Service Vulnerability Synopsis: A serious flaw exists in the Cisco IOS (Internetwork Operating System) that powers most currently deployed Cisco devices. Cisco Systems has released a security advisory documenting the vulnerability. All IPv4 Cisco devices running Cisco IOS are vulnerable to remote Denial of Service (DoS) attack. Impact: Cisco is the market leading router and infrastructure supplier of IP- based networking technology. The vulnerability may allow remote attackers to target and shutdown network interfaces on vulnerable devices by sending a special sequence of IPv4 packets. This type of attack can be launched at a specific target, or launched indiscriminately to cause widespread outages. The attack is unlikely to be blocked by legacy firewall devices. Affected Versions: Cisco IOS 11.x Cisco IOS 12.x Note: The vulnerable platforms represent the vast majority of currently deployed Cisco devices. Please refer to the Cisco Systems Security Advisory for the most current vulnerability matrix. IOS versions 12.3 and above are not vulnerable. Cisco devices that operate only in IPv6 environments are also not vulnerable. For the complete ISS X-Force Security Alert, please visit: http://xforce.iss.net/xforce/alerts/id/148 ______ About Internet Security Systems (ISS) Founded in 1994, Internet Security Systems (ISS) (Nasdaq: ISSX) is a pioneer and world leader in software and services that protect critical online resources from an ever-changing spectrum of threats and misuse. Internet Security Systems is headquartered in Atlanta, GA, with additional operations throughout the Americas, Asia, Australia, Europe and the Middle East. Copyright (c) 2003 Internet Security Systems, Inc. All rights reserved worldwide. Permission is hereby granted for the electronic redistribution of this document. It is not to be edited or altered in any way without the express written consent of the Internet Security Systems X-Force. If you wish to reprint the whole or any part of this document in any other medium excluding electronic media, please email [EMAIL PROTECTED] for permission. Disclaimer: The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information. X-Force PGP Key available on MIT's PGP key server and PGP.com's key server, as well as at http://www.iss.net/security_center/sensitive.php Please send suggestions, updates, and comments to: X-Force [EMAIL PROTECTED] of Internet Security Systems, Inc. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBPxYkfzRfJiV99eG9AQGwoAQAktP7TNAU9nOp8YgsXPBUjeqgMif2P7FV N22F4kTQ9S/KAXfWQTnFiZiOl5JHv3Gn2iOnpkvqMMK+164+TF0IhoJQqzcm1F1M s4iYR38Fhgh6LjZyaoLqtZGfyEc+mt05glVlW+4KBH8M0VxSzIjT6GZ3fDGw/Fx0 iboT0140glc= =VcqS -----END PGP SIGNATURE----- _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo
