Another critical hole has been found in Cisco's Internetwork Operating System (IOS), which runs on the network giant's routers.
The French Security Incident Response Team has reported that the new flaw covers the system timers that IOS uses to run some operating system tasks. Under certain conditions, attackers may be able to take control of the router by tricking the system timers to run malicious code, Cisco said in a security advisory.
Cisco has published a patch, which it says has not yet been exploited. The bug was discovered "as a result of continued research to the demonstration of the exploit of another vulnerability which occurred in July 2005 at the Black Hat USA Conference," the company said.
That problem was disclosed by security researcher Michael Lynn, who was forced to quit his job as a research analyst with Internet Security Systems, and then sued for disclosing the problem. The lawsuit was quickly settled, when Lynn agreed to not to discuss the matter further.
Shortly after Lynn's presentation, Cisco published an IOS patch that addressed the IPV6 attack he had described.
To take over a Cisco router, attackers would need to successfully take advantage of both the earlier IPV6 problem and the system timer bug disclosed today, said John Noh, a Cisco spokesman. "In order to exploit the issue we're talking about today, you needed an additional way to attack," he said.
Without proof that it can actually be exploited, Cisco's latest bug is not particularly worrisome, said Russ Cooper, editor of the NTBugtraq newslist. "My take on it that it was just another vulnerability," he said.
But should someone figure out a way of taking over Cisco's widely used routers, that could clear the way for a particularly devastating attack on the Internet.
Lynn said that the potential consequences of such an IOS attack were so grave that he had felt compelled to give his Black Hat presentation. "IOS is the Windows XP of the Internet," he said during his presentation.