TELECOM Digest OnLine - Sorted: Cisco IOS is Affected by Multiple Vulnerabilities


Cisco IOS is Affected by Multiple Vulnerabilities


Monty Solomon (monty@roscom.com)
Wed, 24 Jan 2007 22:43:41 -0500

Cisco IOS is Affected by Multiple Vulnerabilities

Original release date: January 24, 2007
Last revised: --
Source: US-CERT

Systems Affected

* Cisco network devices running IOS in various configurations

Overview

Several vulnerabilities have been discovered in Cisco's Internet
Operating System (IOS). A remote attacker may be able to execute
arbitrary code on an affected device, cause an affected device to
reload the operating system, or cause other types of denial of
service.

I. Description

Cisco has published three advisories describing flaws in IOS with
various security impacts, the most serious of which could allow a
remote attacker to execute arbitrary code on an affected system.
Further details are available in the following vulnerability notes:

VU#217912 - Cisco IOS fails to properly process TCP packets

The Cisco IOS Transmission Control Protocol listener in certain
versions of Cisco IOS software contains a memory leak. This
memory leak may allow an attacker to create a denial-of-service
condition.

VU#341288 - Cisco IOS fails to properly prcoess certain packets
containing a crafted IP option

A vulnerability exists in the way Cisco IOS processes a number of
different types of IPv4 packets containing a specially crafted IP
option. Successful exploitation of this vulnerability may allow
an attacker to execute arbitrary code on an affected device or
create a denial-of-service condition

VU#274760 - Cisco IOS fails to properly process specially crafted IPv6
packets

Cisco IOS fails to properly process IPv6 packets with specially
crafted routing headers. Successful exploitation of this
vulnerability may allow an attacker to execute arbitrary code on an
affected device or create a denial-of-service condition.

II. Impact

Although the resulting impacts of these three vulnerabilities is
slightly different, in the case of VU#341288 and VU#274760, a
remote attacker could cause an affected device to reload the
operating system. In some cases, this creates a secondary
denial-of-service condition because packets are not forwarded
through the affected device while it is reloading. Repeated
exploitation of these vulnerabilites may result in a sustained
denial-of-service condition.

Because devices running IOS may transmit traffic for a number of
other networks, the secondary impacts of a denial of service may be
severe.

Also in the case of VU#341288 and VU#274760, successful
exploitation may allow a remote attacker to execute arbitrary code
on an affected device.

III. Solution

Upgrade to a fixed version of IOS

Cisco has updated versions of its IOS software to address these
vulnerabilities. Please refer to the "Software Versions and Fixes"
sections of the Cisco Security Advisories listed in the References
section of this document for more information on upgrading.

Workaround

Cisco has also published practical workarounds for these
vulnerabilities. Please refer to the "Workarounds" section of each
Cisco Security Advisory listed in the References section of this
document for more information.

Sites that are unable to install an upgraded version of IOS are
encouraged to implement these workarounds.

IV. References

* US-CERT Vulnerability Note VU#217912 -
<http://www.kb.cert.org/vuls/id/217912>

* US-CERT Vulnerability Note VU#341288 -
<http://www.kb.cert.org/vuls/id/341288>

* US-CERT Vulnerability Note VU#274760 -
<http://www.kb.cert.org/vuls/id/274760>

* Cisco Security Advisory: Crafted TCP Packet Can Cause Denial of
Service -
<http://www.cisco.com/warp/public/707/cisco-sa-20070124-crafted-tc
p.shtml>

* Cisco Security Advisory: Crafted IP Option Vulnerability -
<http://www.cisco.com/warp/public/707/cisco-sa-20070124-crafted-ip
-option.shtml>

* Cisco Security Advisory: Cisco Security Advisory: IPv6 Routing
Header Vulnerability -
<http://www.cisco.com/warp/public/707/cisco-sa-20070124-IOS-IPv6.s
html>

The most recent version of this document can be found at:

<http://www.us-cert.gov/cas/techalerts/TA07-024A.html>

Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA07-024A Feedback VU#217912" in the

Produced 2007 by US-CERT, a government organization.

Terms of use:

<http://www.us-cert.gov/legal.html>

Post Followup Article Use your browser's quoting feature to quote article into reply
Go to Next message: communicationsdirect_daily: "CommunicationsDirect News Daily Update - January 25, 2007"
Go to Previous message: Monty Solomon: "AACS Decryption Code Released"
TELECOM Digest: Home Page