NTA Monitor

Latest News

60% of UK website tests revealed Internet encryption and cross-site scripting vulnerabilities

10th April 2008 60% of web application tests performed for UK organisations showed that their websites contain weak encryption or cross-site scripting (XSS) vulnerabilities Read More

Demilitarised Zone most secure option for BlackBerry device

28th February 2008 Recent BlackBerry testing by IT security consultancy, NTA Monitor, has revealed that organisations are still not configuring these mobile devices correctly Read More

Retailers should put security top of their Christmas list

13th November 2007 With British consumers spending more than £6.6 billion online in the last two months of last year, the 2007 festive season is set to be one of great cheer for online retailers Read More

Businesses warned not to have skeletons in cupboards

13th November 2007 For many organisations, the festive season is an opportunity to heave a corporate sigh of relief and enjoy the brief respite in frenetic business activity as countless people all over the world, go home to celebrate Christmas Read More

Date: 30th May 2005
Risk: High

Britain's national emergency response team has announced a software flaw that affects products from Cisco Systems, Juniper Networks and IBM.

The National Infrastructure Security Co-ordination Centre, part of the UK Home Office, has published details of a denial-of-service vulnerability that can affect routers' ability to handle traffic using TCP, or Transmission Control Protocol, the predominant protocol used to send data over the Internet.

"The impact of the ICMP TCP reset vulnerability varies by vendor and application, but in some deployment scenarios it is likely to be rated medium to high," the NISCC said in the issued advisory. "If exploited, (this) could allow an attacker to create a denial-of-service condition against existing TCP connections, resulting in premature session termination."

As most TCP connections are short-lived this flaw is of low impact, however some routing protocols, such as BGP use long-lived TCP connections. If a BGP connection between two routers were terminated, they would assume a network fault and thus change routing tables. This routing change would be transmitted to neighbouring routers, thereby creating the possibility of DoS attacks on routed networks or large environments (such as the Internet).

Cisco is advising customers to update their products. It said the problem affects PIX firewalls and all products running IOS - the operating system used by the majority of Cisco routers.

"There is a free software fix available," a Cisco representative said. "It's an industry issue. We worked with NISCC to coordinate the fix." He added that the company had known about the issue for some time.

IBM has said that its AIX operating system is also vulnerable. The company did not respond in time for the publication of this article.

Juniper have confirmed that certain M-series and T-series routers running certain releases of JunOS software are susceptible to the vulnerability. The issue however has been identified within the software and a software fix made available.

Although Cisco, Juniper and IBM are unlikely to be the only companies affected by the vulnerability, their products form a large part of the Internet's infrastructure.

NISCC has published details of how to identify and fix the problem on its web site.

References

http://www.uniras.gov.uk/niscc/docs/al-20050412-00308.html?lang=en