Report: Cisco Flaw Could Allow Router Worm

Security researchers say they have found weaknesses in Cisco's Internet Operating System (IOS) which may enable an Internet worm to spread between Cisco routers. But Arhont Ltd. denied reports that such a worm had actually been developed.

In a post to the Bugtraq mailing list, Arhont's Andrei Mikhailovsky said his firm had discovered weaknesses in the way IOS uses the Enhanced Interior Gateway Routing Protocol (EIGRP), which handles information exchange between routers. "Among the discovered issues are multiple vulnerabilities in EIGRP implementation," Mikhailovsky wrote. "Also, authors have addressed the _theoretical_ aspects of an algorithm for a cross-platform worm that could spread in IOS based devices." EIGRP supports the AppleTalk and IPX (Novell Netware) networking protocols in addition to IP, allowing cross-platform routing. Arhont offered no additional details, but said it is preparing an advisory for Cisco's Product Security Incident Response Team (PSIRT).

Mikhailovsky said reports that a worm had been developed were a "complete lie," blaming them on inaccurate translations of a Russian-language weblog maintained by Arhont's Andrew Vladimirov. "Let me assure that there has been no development nor the desire to develop such code," Mikhailovsky said. The reports had fueled discussion on security-related mailing lists about a router worm's potential impact on Internet infrastructure. Mikhailovsky and Vladimirov are co-authors of "Wi-Foo: The Secrets of Wireless Hacking" and are preparing a new book on hacking Cisco networks.

The security of IOS has been a hot topic since a July presentation at the DefCon convention by Mike Lynn, who outlined potentially serious vulnerabilities in IOS.