Cisco has confirmed that more of its products that rely on the Linux kernel are vulnerable to a potentially dangerous denial-of-service flaw.
The bug, dubbed FragmentSmack, was in August revealed to affect the IP networking stack in the Linux kernel, prompting a round of patches for numerous Linux distributions and patches at Akamai, Amazon, and Juniper Networks, and more.
The bug can saturate a CPU’s capacity when under a low-speed attack using fragmented IPv4 and IPv6 packets, which could cause a denial-of-service condition on the affected device.
As RedHat noted in its write-up, an attacker can use FragmentSmack to drive up CPU usage by sending fragmented IP packets that trigger the kernel’s ‘time and calculation expensive’ reassembly algorithm.
Cisco has focused its search for the vulnerability in products that use the Linux kernel version 3.9 or later, which have confirmed to be vulnerable to FragmentSmack.
The company has been updating its initial advisory over the past month with details about products confirmed to be vulnerable and those that are not.
Linux-based products aren’t exclusively affected. Microsoft this week also revealed that all supported versions of Windows were vulnerable to FragmentStack, with Windows servers the more likely target of an attack.
Cisco has now confirmed that the flaw affects 88 products, including its Nexus switches, Cisco IOS XE software, and equipment from its lines of Unified Computing and Unified Communications brands, several TelePresence products, and a handful of wireless access points.
Cisco notes that there may be some workarounds available, including using access-control lists and other rate-limiting techniques to control the flaw of fragmented packets that reach affected interfaces. External firewalls may also do the trick and minimize impact on downstream devices.
It’s currently investigating whether the Cisco Application Policy Infrastructure Controller (APIC) Enterprise module is affected.
FragmentSmack, and a similar DoS bug called SegmentStack, were disclosed by the Vulnerability Coordination team of the National Cyber Security Centre of Finland (NCSC-FI) and CERT Coordination Center (CERT/CC) in mid-August.
The bugs were discovered by Juha-Matti Tilli, of the Aalto University Department of Communications and Networking, and Nokia Bell Labs.
Cisco in August disclosed a DoS bug with a similar impact affecting its AsyncOS Software for Web Security Appliances, which a remote attacker could use to exhaust memory and cause the the device to stop processing new TCP connections.
Previous and related coverage
FragmentStack can drive CPU usage up through the roof, jamming servers bombarded with malformed IP packets. Just the ideal vulnerability for DDoS attacks on Windows servers.
Memcached denial-of-service attacks are getting bigger by the day, according to new analysis.
Distributed denial of service attacks just got turned up to 11 with Memcrashed, an internet assault that can slam a website with over a terabyte of bad traffic.
The latest DDoS wave to strike the system is “50 times greater” than previous attacks.
With distributed denial of service (DDoS) and bot-based attacks constantly evolving, businesses must stay vigilant, according to Akamai report.
This comes after more than 18 months of already helping the FBI stop cyberattacks.
>> Source Link