NOW READ THIS
("Security Advisory")

Go Back

---

Submitted by: Bill Hickey
NCVA List Master

NRT-0177 CISCO IOS Server "Flaw" Possibly a Planted Backdoor:

A security vendor is questioning whether the IOS (Internetwork Operating System) FTP (file transfer protocol) server vulnerabilities reported by CISCO on 9MAY might constitute an intentionally planted backdoor, as opposed to a series of programming errors that inadvertently led to a backdoor. Chris Eng, director of security services at Veracode, is suggesting that a remote attacker would need one of the flaws - improper authorization checking in IOS FTP - in order to exploit the second flaw - an IOS reload when transferring files via FTP. The first flaw allows an attacker to bypass authentication and avoid giving credentials. The attacker then has to overwrite the critical startup configuration file, and cause the router to reboot in order to execute the rewritten configuration file. "Is it a coincidence that both flaws happen to be there at the same time?" Eng asked. "Multiple things have to fall into place to really exercise the full extent of the attack. That seems a little bit odd."

Together, the flaws open the door for an attacker to retrieve or write any file from the device file system - including the device's saved configuration. "That configuration file may include passwords or other sensitive information," Cisco said in its advisory. The attacker could take the router offline, for example, or route traffic to another destination where the traffic can be intercepted.

If the flaws were not intentionally planted, then they at least highlight the need for more frequent and better security reviews, Eng said, given the number of versions of IOS that harbor the flaws. Use of the IOS FTP server is an optional service that is disabled by default, according to the report.

(PRNewswire 16MAY07)

Last Modified: Monday, 21-May-2007 20:13:45 EDT