US-CERT Technical Cyber Security Alert TA07-024A -- Cisco IOS is Affected by Multiple Vulnerabilities

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 
                     National Cyber Alert System

               Technical Cyber Security Alert TA07-024A


Cisco IOS is Affected by Multiple Vulnerabilities

   Original release date: January 24, 2007
   Last revised: --
   Source: US-CERT


Systems Affected

     * Cisco network devices running IOS in various configurations


Overview

   Several vulnerabilities have been discovered in Cisco's Internet
   Operating System (IOS). A remote attacker may be able to execute
   arbitrary code on an affected device, cause an affected device to
   reload the operating system, or cause other types of denial of
   service.


I. Description

   Cisco has published three advisories describing flaws in IOS with
   various security impacts, the most serious of which could allow a
   remote attacker to execute arbitrary code on an affected system.
   Further details are available in the following vulnerability notes:

   VU#217912 - Cisco IOS fails to properly process TCP packets

     The Cisco IOS Transmission Control Protocol listener in certain
     versions of Cisco IOS software contains a memory leak. This
     memory leak may allow an attacker to create a denial-of-service
     condition.

   VU#341288 - Cisco IOS fails to properly prcoess certain packets
   containing a crafted IP option

     A vulnerability exists in the way Cisco IOS processes a number of
     different types of IPv4 packets containing a specially crafted IP
     option. Successful exploitation of this vulnerability may allow
     an attacker to execute arbitrary code on an affected device or
     create a denial-of-service condition

   VU#274760 - Cisco IOS fails to properly process specially crafted IPv6
   packets

   Cisco IOS fails to properly process IPv6 packets with specially
   crafted routing headers. Successful exploitation of this
   vulnerability may allow an attacker to execute arbitrary code on an
   affected device or create a denial-of-service condition.


II. Impact

   Although the resulting impacts of these three vulnerabilities is
   slightly different, in the case of VU#341288 and VU#274760, a
   remote attacker could cause an affected device to reload the
   operating system. In some cases, this creates a secondary
   denial-of-service condition because packets are not forwarded
   through the affected device while it is reloading. Repeated
   exploitation of these vulnerabilites may result in a sustained
   denial-of-service condition.

   Because devices running IOS may transmit traffic for a number of
   other networks, the secondary impacts of a denial of service may be
   severe.

   Also in the case of VU#341288 and VU#274760, successful
   exploitation may allow a remote attacker to execute arbitrary code
   on an affected device.


III. Solution

Upgrade to a fixed version of IOS

   Cisco has updated versions of its IOS software to address these
   vulnerabilities. Please refer to the "Software Versions and Fixes"
   sections of the Cisco Security Advisories listed in the References
   section of this document for more information on upgrading.

Workaround

   Cisco has also published practical workarounds for these
   vulnerabilities. Please refer to the "Workarounds" section of each
   Cisco Security Advisory listed in the References section of this
   document for more information.

   Sites that are unable to install an upgraded version of IOS are
   encouraged to implement these workarounds.


IV. References

     * US-CERT Vulnerability Note VU#217912 -
       <http://www.kb.cert.org/vuls/id/217912>

     * US-CERT Vulnerability Note VU#341288 -
       <http://www.kb.cert.org/vuls/id/341288>

     * US-CERT Vulnerability Note VU#274760 -
       <http://www.kb.cert.org/vuls/id/274760>

     * Cisco Security Advisory: Crafted TCP Packet Can Cause Denial of
       Service -
       <http://www.cisco.com/warp/public/707/cisco-sa-20070124-crafted-tc
       p.shtml>

     * Cisco Security Advisory: Crafted IP Option Vulnerability -
       <http://www.cisco.com/warp/public/707/cisco-sa-20070124-crafted-ip
       -option.shtml>

     * Cisco Security Advisory: Cisco Security Advisory: IPv6 Routing
       Header Vulnerability -
       <http://www.cisco.com/warp/public/707/cisco-sa-20070124-IOS-IPv6.s
       html>


 ____________________________________________________________________

   The most recent version of this document can be found at:

     <http://www.us-cert.gov/cas/techalerts/TA07-024A.html>
 ____________________________________________________________________

   Feedback can be directed to US-CERT Technical Staff. Please send
   email to <cert@xxxxxxxx> with "TA07-024A Feedback VU#217912" in the
   subject.
 ____________________________________________________________________

   For instructions on subscribing to or unsubscribing from this
   mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
 ____________________________________________________________________

   Produced 2007 by US-CERT, a government organization.

   Terms of use:

     <http://www.us-cert.gov/legal.html>
 ____________________________________________________________________


Revision History

   January 24, 2007: Initial release

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBRbf06exOF3G+ig+rAQJOzgf/X7hyKuQsU4r7KzPU9K9VyX0KFFI0Yjzi
9sg630Mg2xZ+H93LSa/sTQKOYn2iDNxi6cf5cuFnbomH7ZkAvkiU5EjOseM0NrWI
DGeomQJUL7zVCKf8vOMeRK4pvItSbzC9j0VWLFYVESkQOIgTEOy5fJcWeCVI/+Qp
Wafo/HVcEprAbeH8E0xoOhVJxvKhC452WlE8fTYtPMJh/zUiEy1Nnovc/q056rus
vYfziC1gxyxO/YvwKwwBDH6jSFMxcmcZrUhNy1ITwTNJmedCMtFyq9R2rTw5p6ry
e1xukv37h3eeLgOqBPFlC7hbOo80mLvAQmZ1NOHKEZBbMEwT/DC5dA==
=j9yu
-----END PGP SIGNATURE-----

[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux