SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips
 

Vulnerability Note VU#217912

Cisco IOS fails to properly process TCP packets

Overview

The Cisco IOS Transmission Control Protocol listener contains a memory leak.

I. Description

Cisco IOS is an operating system that is used on Cisco network devices. The Cisco IOS software can run Transmission Control Protocol (TCP) servers that allow administrators to connect to the devices for management or monitoring purposes.

A vulnerability exists in the IOS TCP listener. An attacker may be able to craft an IPv4 TCP packet that causes IOS to leak memory when processed. An attacker may be able to exploit this vulnerability to create a denial-of-service condition. The specially crafted TCP can be delivered outside the context of a fully established TCP 3-way handshake.

II. Impact

A remote, unauthenticated attacker with the ability to supply specially crafted TCP packets could cause memory to leak in the affected service. Sustained exploitation could eventually cause a denial of service due to shortage of memory in the affected device and would require a system reset to recover. An attacker could send spoofed TCP packets to trigger this vulnerability making an attack harder to detect or stop.

Note that Cisco states that this vulnerability only applies to traffic destined to the affected device. Traffic transiting the device will not trigger this vulnerability.

III. Solution

Upgrade

See the Software Version and Fixes section of Cisco Security Advisory 200701 for information on available upgrades.

Restrict Access

Restricting public access to TCP servers running on vulnerable systems may mitigate this vulnerability. Access control lists, management VLANs, or alternate connection methods such as modem or console ports can be used to allow restricted access to the device.

Disable Services

Disabling all services that accept incoming TCP connections on a vulnerable device may prevent this vulnerability from being exploited.


For more information about these and other workarounds, see the Workarounds section of Cisco Security Advisory 20070124.

Systems Affected

VendorStatusDate Updated
Cisco Systems, Inc.Vulnerable24-Jan-2007

References


http://www.cisco.com/warp/public/707/cisco-sa-20070124-crafted-tcp.shtml
http://www.cisco.com/univercd/cc/td/doc/product/lan/c2900xl/29_35wc/sc/swgvlans.htm#xtocid119662
http://cio.cisco.com/warp/public/707/4.html#probdescrip
http://www.cisco.com/warp/public/76/9.html#intro
http://www.cisco.com/en/US/products/products_security_response09186a00807cb119.html
http://www.cisco.com/warp/public/707/cisco-sa-20070124-crafted-tcp.shtml#workarounds
http://www.cisco.com/warp/public/707/cisco-sa-20070124-bundle.shtml
http://tools.ietf.org/html/rfc791
http://en.wikipedia.org/wiki/Cisco_IOS
http://en.wikipedia.org/wiki/Access_control_list
http://en.wikipedia.org/wiki/Transmission_Control_Protocol#Connection_establishment
http://secunia.com/advisories/23867/
http://www.securityfocus.com/bid/22208

Credit

Thanks to Cisco for information that was used in this report.

This document was written by Ryan Giobbi.

Other Information

Date Public01/24/2007
Date First Published01/24/2007 03:33:48 PM
Date Last Updated02/02/2007
CERT Advisory 
CVE-ID(s) 
NVD-ID(s) 
US-CERT Technical Alerts 
Metric7.53
Document Revision39

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Produced 2007 by US-CERT, a government organization
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader