Cisco Software Flaw Affects Routers

Cisco routers and switches running the Cisco IOS software and configured to process IP version 4 (IPv4) packets are vulnerable to a DoS attack, the San Jose-based company said.

"A rare sequence of crafted IPv4 packets sent directly to the device may cause the input interface to stop processing traffic once the input queue is full. No authentication is required to process the inbound packet," Cisco said in its advisory.

Devices running IPv6 are not affected.

Cisco said it is offering software to fix the problem free of charge. Details are available at http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml.

The X-Force research team at Internet Security Systems said in an advisory that the Cisco vulnerability allows an attack that could be launched at a specific target or "launched indiscriminately to cause widespread outages." Legacy firewalls probably won't block the attack, according to ISS.

Symantec also weighed in, describing the Cisco vulnerability as serious "as it affects a significant number of infrastructure devices on both corporate and core Internet networks."