 |
|
|
|
 |
 |
|
|
 |
|
||
 |
|
||
 |
|
||
 |
 |
|
|
 |
|
||
Did the BugBlog help you? Donate via PayPal to say thanks.
Even better, subscribe to the BugBlog Plus for even more coverage of bugs and their fixes.
Jump to the BugBlog archives Dec 06Nov 06
Oct 06
Sept 06
Aug 06
July 06
June 06
May 06
Apr 06
Mar 06
Feb 06
Jan 06
Dec 05
Nov 05
Oct 05
Sept 05
Aug 05
July 05
Jun 05
May 05
Apr 05
Mar 05
Feb 05
XP SP2
Jan 05
Dec 04
Nov 04
Oct 04
Sep 04
Aug 04
Jul 04
June 04
May 04
Apr 04
Mar 04
Feb 04
Jan 04
Dec 03
Nov 03
Oct 03
Sept 03
Aug 03
July 03
June 03
May 03
April 03
Mar 03
Feb 03
Jan 03
Dec 02
Nov 02
Order
books and more at Amazon.com
Order Windows
2000 Secrets from Amazon.com
BugBlog Bug of the Month
Every month the BugBlog picks its Bug of the Month, representing the most significant bug found in the past month. Sometimes, the bug will be the one which could potentially cause the most damage; sometimes it will be the bug which affects the most users. And sometimes, it will be the bug that is just the most interesting bug. This bug will be selected either from the free Bug of the Day, or from the subscription-only BugBlog Plus.
The Bug of the Month for August 2005 was posted as the Bug of the Day on July 29
After a dispute that was as much legal as technical, Cisco announced that their Internetwork Operating System (IOS) software, if it is enabled for IPv6, may be vulnerable to a denial of service attack as well as the possibility of running code sent by attackers. This type of attack can only be done from a local network segment, so the threat is somewhat tempered. Cisco has fix information at http://www.cisco.com/warp/public/707/cisco-sa-20050729-ipv6.shtml. This bug was discovered by Michael Lynn, who used to work for Internet Security System, and was discussed at the Black Hat Event in Las Vegas. Read about the legal dispute behind this at
http://news.com.com/2100-1002_3-5809390.html.
Why this one? A number of reasons. First, given the market share that Cisco has in routers, this bug could have a significant effect on the Internet, if it is exploited. It may only be a slight exaggeration when it is said that this bug could "bring the Internet to its knees." Second, the researcher who found the bug, Michael Lynn, lost his job for disclosing the bug at the Black Hat Security conference in Las Vegas, after a three-way legal wrangle between Cisco, his former employer ISS, and himself. The legal deal struck basically said that he can't talk about this any more. You can read news reports here, here, here and here. While Cisco has released fix information, not everyone has implemented the fix yet. And hackers everywhere are trying to figure out what Lynn found, so they can take a crack at crashing the Internet.
Previous Bugs of the Month
July 2005: RealNetworks Fixes Four Bugs in Their Media Player
June 2005: Flawed Rollout for Netscape 8
May 2005: TCP/IP Fix for Windows
April 2005: Denial of Service against Symantec Norton AntiVirus
March 2005: IDN Spoofing Bug
February 2005: Windows Animated Cursor Bug
January 2005: Windows Firewall Problems with Dial-up connections
The Bug of the Month is also posted at Blogcritics.org