Vulnerability Note VU#310387
Cisco IOS discloses fragments of previous packets when Express Forwarding is enabled
A vulnerability exists in multiple versions of Cisco's Internetworking Operating System (IOS) software that allows an attacker to collect fragments of previously processed packets.
Many networking devices running Cisco IOS with Cisco Express Forwarding (CEF) enabled contain a vulnerability that allows an attacker to collect fragments of previously processed packets. When the header of an incoming IP packet specifies an IP packet length that is greater than the length specified by the physical layer (eg. MAC) header, affected Cisco devices will extend the physical layer packet to meet the length specified in the IP header. The data used for this extension is taken from a buffer that contains previously processed packets, so it is possible for affected devices to include fragments of an older packet in the extended packet.
For information regarding affected products and versions, please consult the vendor section of this document.
This vulnerability creates an information leak that allows an attacker to obtain fragments of previously processed packets.
Apply a patch from Cisco
Disable Cisco Express Forwarding
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Cisco||Affected||27 Feb 2002||04 Mar 2002|
CVSS Metrics (Learn More)
The CERT/CC thanks Cisco for the information contained in their advisory.
This document was written by Jeffrey P Lanza and is based on information from the Cisco advisory.
- CVE IDs: Unknown
- Date Public: 27 Feb 2002
- Date First Published: 04 Mar 2002
- Date Last Updated: 05 Mar 2002
- Severity Metric: 3.94
- Document Revision: 19
If you have feedback, comments, or additional information about this vulnerability, please send us email.