Black Hat Show Yields Another Cisco Bug

Robert McMillan of IDG News Service writes:

Cisco Systems Inc. has discovered a critical bug in the operating system used to power its routers, the company announced Wednesday. The flaw is the second serious problem that Cisco has found in its routers’ Internetwork Operating System (IOS) that is related to a controversial security presentation given at the Black Hat USA security conference in July of this year.

The flaw, rated “critical” by the French Security Incident Response Team, has to do with the system timers that IOS uses to run certain operating system tasks. Under certain conditions, attackers may be able to take control of the router by tricking the system timers to run malicious code, Cisco said in a security advisory.

Cisco has published a patch for this vulnerability, which has not yet been exploited by hackers, the company said. The bug was discovered “as a result of continued research to the demonstration of the exploit of another vulnerability which occurred in July 2005 at the Black Hat USA Conference,” the advisory states.

[Continue reading Black Hat show yields another Cisco bug]

[tags]black hat,cisco bug,idg news,ios,internetwork operating system[/tags]