Cisco Repairs Massive TCP flaw

By Sean Michael Kerner (Send Email)
Posted Sep 11, 2009


Cisco (NASDAQ:CSCO) now has a critical patch out for its IOS operating system fixing a TCP flaw that could trigger a Denial of Service (DoS) condition.

Cisco just released a critical patch for its IOS operating system. How concerned should we be?

The TCP flaw is similar in nature to one that Microsoft patched as part of its September Patch Tuesday update. TCP is the core transport protocol for most web traffic and the flaw is one that is not trivial.

By manipulating the state of a TCP connection, an attacker could force the TCP connection to remain in a long-lived state, possibly indefinitely," Cisco's warns in its advisory. "If enough TCP connections are forced into a long-lived or indefinite state, resources on a system under attack may be consumed, preventing new TCP connections from being accepted."

In other words, a flaw in TCP could have enabled a DoS attack.

Follow ServerWatch on Twitter

Read the rest at InternetNews.com blog Netstat -vat.

Page 1 of 1


Comment and Contribute

Your name/nickname

Your email

(Maximum characters: 1200). You have characters left.