SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

Vulnerability Note VU#310387

Cisco IOS discloses fragments of previous packets when Express Forwarding is enabled

Overview

A vulnerability exists in multiple versions of Cisco's Internetworking Operating System (IOS) software that allows an attacker to collect fragments of previously processed packets.

I. Description

Many networking devices running Cisco IOS with Cisco Express Forwarding (CEF) enabled contain a vulnerability that allows an attacker to collect fragments of previously processed packets. When the header of an incoming IP packet specifies an IP packet length that is greater than the length specified by the physical layer (eg. MAC) header, affected Cisco devices will extend the physical layer packet to meet the length specified in the IP header. The data used for this extension is taken from a buffer that contains previously processed packets, so it is possible for affected devices to include fragments of an older packet in the extended packet.

For information regarding affected products and versions, please consult the vendor section of this document.

II. Impact

This vulnerability creates an information leak that allows an attacker to obtain fragments of previously processed packets.

III. Solution

Apply a patch from Cisco


Cisco has provided patches for affected versions of the IOS software. For further details, please consult the vendor section of this document.

Disable Cisco Express Forwarding

If it is not possible or practical to immediately patch an affected device, disabling CEF will prevent exploitation of this vulnerability.

Systems Affected

VendorStatusDate NotifiedDate Updated
CiscoVulnerable4-Mar-2002

References


http://www.cisco.com/warp/public/707/IOS-CEF-pub.shtml
http://www.securityfocus.com/bid/4191

Credit

The CERT/CC thanks Cisco for the information contained in their advisory.

This document was written by Jeffrey P Lanza and is based on information from the Cisco advisory.

Other Information

Date Public:2002-02-27
Date First Published:2002-03-04
Date Last Updated:2002-03-05
CERT Advisory: 
CVE-ID(s): 
NVD-ID(s): 
US-CERT Technical Alerts: 
Metric:3.94
Document Revision:19

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Copyright 2002 Carnegie Mellon University
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader