- CNET NETWORKS UK BUSINESS SITES:
- atlarge.com
- BNET UK
- silicon.com
- SmartPlanet.com
- ZDNet.co.uk
Open to DoS attacks...
Published: 25 May 2005 08:55 BST
A software flaw that could crash Cisco's internet protocol phones has been discovered and the networking company has issued a patch to fix the problem.
The flaw, which opens the IP phone service up to denial-of-service attacks, was reported by the National Infrastructure Security Co-ordination Centre, a security research group based in the UK. It gave the Domain Name System (DNS) protocol vulnerability, which also affects other software, a "moderate risk" warning.
The flaw is associated with Cisco IP phones running the DNS protocol. DNS handles the translation of domain names into IP addresses. DNS servers are located throughout the internet to perform this translation and to ensure that IP packets arrive at their proper destinations.
To expedite lookups on DNS servers, log files are often compressed. According to the advisory, the vulnerability is caused by an error that occurs during the decompression of compressed DNS messages. The flaw can be exploited using specially crafted DNS packets containing invalid information in the compressed section of the message. This results in an error in processing on the IP phones, which could cause the phones to malfunction or crash.
In an advisory issued by Cisco, the company said the only products impacted are DNS clients, which run on its IP phones and content-networking products. The security flaw does not appear in products performing DNS server functions or DNS packet inspection. Affected products include Cisco IP Phones 7902/7905/7912; Cisco ATA (Analog Telephone Adaptor) 186/188; and several Cisco Unity Express and Cisco ACNS (Application and Content Networking System) devices.
Cisco has posted a complete list of affected products on its website. It said it has also developed a free software upgrade to fix the problem.
Other vendors also use the DNS protocol in their products, which may also be vulnerable, according to an advisory from the French Security Incident Response Team, or FrSIRT. Users should contact their vendors for more information about affected products and fixes, the group said.
Marguerite Reardon writes for CNET News.com
CNET News.com's Joris Evers contributed to this report
Other roles will include: - Create, delete, and modify Active Directory and Lotus Notes user accounts - Maintain and troubleshoot the Windows 2003 ...
The ability to perform advanced diagnosis of problems utilising tools such as crash dumps or network traces. Directory infrastructures involving tens ...
Strong knowledge of DHCP and DNS Exposure to Microsoft Active Directory. Job Description: The Server Infrastructure Specialist role involves support ...
CIO50 2008
The silicon.com CIO50 2008 profiles the most influential and innovative tech chiefs in the UK across all industries and organisation size, from the biggest FTSE100 companies to high growth dot-com start ups and the public sector. The list was voted on by the UK CIO community and a panel of experts. Find out more in our latest special report.
Stories from the web...
Copyright ©1995-2008 CNET Networks, Inc. All rights reserved. Top of page
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
RSS Feeds
Steve Ranger Editor's Blog: Why we write about the iPhone Is it just because it's so shiny?
Siān Croxon Legal Eye: Trademark landmark Pricking O2's bubble