Cisco is advising users of its IP telephony kit to update their software following the discovery of a flaw that might allow hackers to mount denial of service attacks. The bug, involving flaws in the processing of maliciously crafted DNS (Domain Name System) packets, also affects some of Cisco's content networking and secure router products.
The vulnerability is limited to Cisco products running DNS clients, rather than DNS Server functions, and creates a means for remote attackers to crash vulnerable devices, Cisco warns. Cisco has made a series of free software upgrades available to address the vulnerability. The scope of the vulnerability - and the number of products affected - promises to create a lot of work in Cisco shops, so users are advised to scope out remedial work sooner rather than later. More technical details (but not a list of affected vendors) can be found in a UK government UNIRAS alert here. ®