------------------------------------------------------------------
I. Summary
Cisco Internetwork Operating System (IOS) 15.0 attempts to process SNMP solicited operations on improper ports (UDP 161,162), which allows remote attackers to cause a denial of service when SNMP is disabled.
------------------------------------------------------------------
II. Description
It has been reported that the Cisco Internet Operating System (IOS) is affected by a remote SNMP message processing denial of service vulnerability. This issue may be leveraged to cause a denial of service condition in the affected device. The denial of service is due to the process consumed all available CPU resources in the affected device.The device may have to be reset manually if the attack is successful.
------------------------------------------------------------------
III. Impact
Denial of service (process consume all available CPU resources)
------------------------------------------------------------------
IV. Affected
Cisco router 2921/K9 IOS 15.0<1r>M6, tested with kubuntu 10.10. Previous versions may also be affected due to code reuse.
------------------------------------------------------------------
V. Solution
Currently there are not any vendor-supplied patches for this issue.
------------------------------------------------------------------
VI. Credit
The penetration test team Of NCNIPC (China) is credited for this vulnerability.
[Ref] www.securityfocus.com
2011/05/05
Cisco IOS UDP Denial of Service Vulnerability
------------------------------------------------------------------
I. Summary
Cisco routers running IOS 15.0 allows a remote attacker to cause a denial of service via a flood of UDP packets (a randomly chosen UDP port).
------------------------------------------------------------------
II. Description
A potential denial of service condition may exist in Cisco's IOS firmware.
The problem reportedly occurs when a large number of UDP packets are sent to device running IOS. This causes the system to use all available CPU resources and thus become unresponsive. The device may have to be reset manually if the attack is successful.
------------------------------------------------------------------
III. Impact
Denial of service (process consume all available CPU resources)
------------------------------------------------------------------
IV. Affected
Cisco router 2921/K9 IOS 15.0<1r>M6, tested with kubuntu 10.10. Previous versions may also be affected due to code reuse.
------------------------------------------------------------------
V. Solution
Currently there are not any vendor-supplied patches for this issue.
------------------------------------------------------------------
VI. Credit
The penetration test team Of NCNIPC (China) is credited for this vulnerability.
[Ref] http://www.securityfocus.com/
I. Summary
Cisco routers running IOS 15.0 allows a remote attacker to cause a denial of service via a flood of UDP packets (a randomly chosen UDP port).
------------------------------------------------------------------
II. Description
A potential denial of service condition may exist in Cisco's IOS firmware.
The problem reportedly occurs when a large number of UDP packets are sent to device running IOS. This causes the system to use all available CPU resources and thus become unresponsive. The device may have to be reset manually if the attack is successful.
------------------------------------------------------------------
III. Impact
Denial of service (process consume all available CPU resources)
------------------------------------------------------------------
IV. Affected
Cisco router 2921/K9 IOS 15.0<1r>M6, tested with kubuntu 10.10. Previous versions may also be affected due to code reuse.
------------------------------------------------------------------
V. Solution
Currently there are not any vendor-supplied patches for this issue.
------------------------------------------------------------------
VI. Credit
The penetration test team Of NCNIPC (China) is credited for this vulnerability.
[Ref] http://www.securityfocus.com/
Is over-qualification need of time?
"Software has also been replacing engineers in such tasks as chip design. More
broadly, the idea that modern technology eliminates only menial jobs, that
well-educated workers are clear winners, may dominate popular discussion, but
it's actually decades out of date." more ...
Searching for over-qualified persons are hard and here is an article for those who are over-qualified. more ...
broadly, the idea that modern technology eliminates only menial jobs, that
well-educated workers are clear winners, may dominate popular discussion, but
it's actually decades out of date." more ...
Searching for over-qualified persons are hard and here is an article for those who are over-qualified. more ...
Cloud computing and risk management
"The cloud computing model is being adopted by many organizations because of it's efficiency, performance and cost benefits. But some organizations may be shying away from cloud because of security concerns. Read this data sheet from IBM to learn about services from IBM that can help you secure your cloud computing solutions. Discover how IBM experts can guide you through the security and privacy concerns, help identify and prioritize security requirements, and develop a high-level roadmap for risk mitigation." more ...
Free comic books
Big news for those, enthusiasts, who spend money on buying comic books and reading materials. freecomicbookday.com is going to offer free books on 7th of May 2011. Their collection include:
* Amazing Spider-man
* Avatar Last Airbender and Star Wars: The clone wars
* Elric the Balance Lost
* Mouse Guard and Dark Crystal Flip Book
For more info: www.freecomicbookday.com
* Amazing Spider-man
* Avatar Last Airbender and Star Wars: The clone wars
* Elric the Balance Lost
* Mouse Guard and Dark Crystal Flip Book
For more info: www.freecomicbookday.com
Subscribe to:
Comments (Atom)