[logs] regexless parsing, again?
Tom Le
dottom at gmail.com
Mon Sep 17 14:38:56 PDT 2007
Speaking of regular expressions:
*Cisco has announced a confirmation of an unpatched denial of service
vulnerability<http://www.cisco.com/en/US/products/products_security_response09186a00808bb91c.html>in
Cisco IOS. From the NetPro Forum post: 'I have just discovered a
regular
expression that crashes the
router<http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Network%20Infrastructure&topic=WAN%2C%20Routing%20and%20Switching&CommCmd=MB%253Fcmd%3Ddisplay_location%26location%3D.1ddf7bc9#41583643122402103685>.
I suspect the error is because of division by zero. Since I work for the
Enterprise, I do not have direct access to TAC. Please somebody report this
to Cisco. I have tested it on ranges of routers (2611, 2821, 2851, 7206) and
IOSes (12.0-12.4). All routers crashed with some type of BUS ERROR. Command
can be issued in user mode, therefore I think it can be considered as
vulnerability to potentially cause DOS.'"* Of course, the command has to be
entered in user mode, so while potentially a vulnerability, chances are your
local IOS-based router won't be DoSed via the bug any time soon.
Cisco:
http://www.cisco.com/en/US/products/products_security_response09186a00808bb91c.html
Slashdot: http://it.slashdot.org/article.pl?sid=07/09/15/119227
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.loganalysis.org/pipermail/loganalysis/attachments/20070917/3f51a26e/attachment.html
More information about the LogAnalysis
mailing list