Thursday, January 25, 2007

Cisco Releases Security Advisories for Multiple Vulnerabilities in IOS

Via US-CERT -

Cisco has released three Security Advisories to address severely rated vulnerabilities in their Internetwork Operating System Software (IOS).

Cisco Security Advisory: Crafted IP Option Vulnerability addresses a remotely exploitable denial-of-service vulnerability that may potentially allow for arbitrary code execution. This vulnerability may be exploited when an affected device processes a crafted packet that meets all of the following conditions:
  • The packet contains a specific crafted IP option.
  • The packet is one of the following protocols:
    ICMP - Echo Request (Type 8)
    ICMP - Timestamp (Type 13)
    ICMP - Information Request (Type 15)
    ICMP - Address Mask Request (Type 17)
    PIMv2 - IP protocol 103
    PGM - IP protocol 113
    URD - TCP Port 465
  • The packet is sent to a physical or virtual IPv4 address configured on the affected device.

Cisco Security Advisory: Crafted TCP Packet Can Cause Denial of Service addresses a denial-of-service vulnerability in the Transmission Control Protocol listener. Crafted packets may cause the device to leak a small amount of memory. Over time, such a memory leak may lead to memory exhaustion and a denial-of-service condition.

Cisco Security Advisory: IPv6 Routing Header Vulnerability addresses a remotely exploitable denial-of-service vulnerability in the IPv6 Type 0 Routing header handling. This vulnerability can be triggered by a packet containing crafted IPv6 Type 0 Routing headers.

More information about these vulnerabilities can be found in the Vulnerability Notes Database.

US-CERT encourages users to apply the fixes and workarounds described in the Cisco Security Advisories and Vulnerability Notes, and will continue to investigate and provide additional information as it becomes available.

No comments:

Post a Comment