Security updates for Cisco's Internetwork Operating System (IOS) were released Wednesday to shield against a number of vulnerabilities.
The security issues are varied and relate to TCP, UDP, mobile and VPN vulnerabilities. In describing one bug, an advisory warned about a problem that could block traffic to a router or even cause it to crash.
“Several features within Cisco IOS Software are affected by a crafted UDP packet vulnerability. If any of the affected features are enabled, a successful attack will result in a blocked input queue on the inbound interface,” the advisory says. “Cisco has released free software updates that address this vulnerability.”
Another vulnerability could enable a hacker to gain access to a router, and possibly examine password files.
Any device running Cisco IOS Software and Cisco IOS XE Software -- which sits on widely deployed Cisco routers and switches -- is affected if they have features such as Cisco's IP Service Level Agreements (SLA) Responder or Media Gateway Control Protocol (MGCP) running.
“A device is vulnerable if any of the features [listed] is configured and their associated UDP port number accessible,” an advisory said.
The advisories were released as a "bundle" of vulnerability notices for the IOS software. They include workarounds for the vulnerabilities, if the patches cannot be applied immediately.
The advisories also said that Cisco was not aware of malicious use of any of the vulnerabilities.
A summary of the advisories is available for download:
http://www.cisco.com/warp/public/707/cisco-sa-20090325-bundle.shtml{SCMAG}