Cisco vulnerabilities

Published: 2007-01-24
Last Updated: 2007-01-28 16:25:07 UTC
by Maarten Van Horenbeeck (Version: 3)
0 comment(s)

Several readers have written in that Cisco just released three security bulletins regarding issues in the Cisco IOS software:

Crafted TCP Packet can cause denial of service (cisco-sa-20070124-crafted-tcp)
A remotely-exploitable memory leak in the Cisco IOS software could lead to a denial of service condition. This vulnerability applies to much of the IOS 12.0, 12.1 and 12.2 code base.

Crafted IP Option vulnerability (cisco-sa-20070124-crafted-ip-option)
By sending certain ICMP, PIMv2, PGM or URD packets with a specific IP option set to a Cisco IOS or IOS XR device, an attacker could cause the device to reload or even execute arbitrary code. This applies to a wide variety of releases.

IPv6 Routing Header vulnerability (cisco-sa-20070124-IOS-IPv6)
Certain crafted IPv6 Type 0 routing headers could crash a device running IOS. As this is a memory corruption vulnerability, it may also open the router up to remote code execution.

If you run Cisco switches or routers in your network, we advise you to review these bulletins in detail and take mitigative action where required. As a form of triage we believe organizations are most likely to be affected by the 'Crafted IP Option vulnerability', which also has the highest potential impact.

UPDATE:
Cisco has also released separate "Applied Intelligence Response" bulletins. These contain high quality information on how to detect exploitation of these vulnerabilities, and how they can be mitigated. Most organizations will need to perform a code upgrade for at least some of these vulnerabilities - while testing the new releases, these documents may prove useful.

Detecting and mitigating cisco-sa-20070124-crafted-tcp
Detecting and mitigating cisco-sa-20070124-crafted-ip-option
Detecting and mitigating cisco-sa-20070124-IOS-IPv6

Keywords:
0 comment(s)

Comments


Diary Archives