-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA07-024A
Cisco IOS is Affected by Multiple Vulnerabilities
Original release date: January 24, 2007
Last revised: --
Source: US-CERT
Systems Affected
* Cisco network devices running IOS in various configurations
Overview
Several vulnerabilities have been discovered in Cisco's Internet
Operating System (IOS). A remote attacker may be able to execute
arbitrary code on an affected device, cause an affected device to
reload the operating system, or cause other types of denial of
service.
I. Description
Cisco has published three advisories describing flaws in IOS with
various security impacts, the most serious of which could allow a
remote attacker to execute arbitrary code on an affected system.
Further details are available in the following vulnerability notes:
VU#217912 - Cisco IOS fails to properly process TCP packets
The Cisco IOS Transmission Control Protocol listener in certain
versions of Cisco IOS software contains a memory leak. This
memory leak may allow an attacker to create a denial-of-service
condition.
VU#341288 - Cisco IOS fails to properly prcoess certain packets
containing a crafted IP option
A vulnerability exists in the way Cisco IOS processes a number of
different types of IPv4 packets containing a specially crafted IP
option. Successful exploitation of this vulnerability may allow
an attacker to execute arbitrary code on an affected device or
create a denial-of-service condition
VU#274760 - Cisco IOS fails to properly process specially crafted IPv6
packets
Cisco IOS fails to properly process IPv6 packets with specially
crafted routing headers. Successful exploitation of this
vulnerability may allow an attacker to execute arbitrary code on an
affected device or create a denial-of-service condition.
II. Impact
Although the resulting impacts of these three vulnerabilities is
slightly different, in the case of VU#341288 and VU#274760, a
remote attacker could cause an affected device to reload the
operating system. In some cases, this creates a secondary
denial-of-service condition because packets are not forwarded
through the affected device while it is reloading. Repeated
exploitation of these vulnerabilites may result in a sustained
denial-of-service condition.
Because devices running IOS may transmit traffic for a number of
other networks, the secondary impacts of a denial of service may be
severe.
Also in the case of VU#341288 and VU#274760, successful
exploitation may allow a remote attacker to execute arbitrary code
on an affected device.
III. Solution
Upgrade to a fixed version of IOS
Cisco has updated versions of its IOS software to address these
vulnerabilities. Please refer to the "Software Versions and Fixes"
sections of the Cisco Security Advisories listed in the References
section of this document for more information on upgrading.
Workaround
Cisco has also published practical workarounds for these
vulnerabilities. Please refer to the "Workarounds" section of each
Cisco Security Advisory listed in the References section of this
document for more information.
Sites that are unable to install an upgraded version of IOS are
encouraged to implement these workarounds.
IV. References
* US-CERT Vulnerability Note VU#217912 -
<http://www.kb.cert.org/vuls/id/217912>
* US-CERT Vulnerability Note VU#341288 -
<http://www.kb.cert.org/vuls/id/341288>
* US-CERT Vulnerability Note VU#274760 -
<http://www.kb.cert.org/vuls/id/274760>
* Cisco Security Advisory: Crafted TCP Packet Can Cause Denial of
Service -
<http://www.cisco.com/warp/public/707/cisco-sa-20070124-crafted-tc
p.shtml>
* Cisco Security Advisory: Crafted IP Option Vulnerability -
<http://www.cisco.com/warp/public/707/cisco-sa-20070124-crafted-ip
-option.shtml>
* Cisco Security Advisory: Cisco Security Advisory: IPv6 Routing
Header Vulnerability -
<http://www.cisco.com/warp/public/707/cisco-sa-20070124-IOS-IPv6.s
html>
____________________________________________________________________
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA07-024A.html>
____________________________________________________________________
Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@xxxxxxxx> with "TA07-024A Feedback VU#217912" in the
subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Produced 2007 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
January 24, 2007: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBRbf06exOF3G+ig+rAQJOzgf/X7hyKuQsU4r7KzPU9K9VyX0KFFI0Yjzi
9sg630Mg2xZ+H93LSa/sTQKOYn2iDNxi6cf5cuFnbomH7ZkAvkiU5EjOseM0NrWI
DGeomQJUL7zVCKf8vOMeRK4pvItSbzC9j0VWLFYVESkQOIgTEOy5fJcWeCVI/+Qp
Wafo/HVcEprAbeH8E0xoOhVJxvKhC452WlE8fTYtPMJh/zUiEy1Nnovc/q056rus
vYfziC1gxyxO/YvwKwwBDH6jSFMxcmcZrUhNy1ITwTNJmedCMtFyq9R2rTw5p6ry
e1xukv37h3eeLgOqBPFlC7hbOo80mLvAQmZ1NOHKEZBbMEwT/DC5dA==
=j9yu
-----END PGP SIGNATURE-----
