Vulnerability Note VU#341288

Cisco IOS fails to properly process certain packets containing a crafted IP option

Original Release date: 24 Jan 2007 | Last revised: 31 Jan 2007

Overview

Cisco IOS software contains a vulnerablity that may allow an attacker to execute arbitrary code or create a denial of service condition.

Description

Cisco IOS is an operating system that is used on Cisco network devices. The Internet Control Message Protocol (ICMP) is a protocol commonly used for testing connections and diagnosing problems.

A vulnerability exists in the way Cisco IOS processes the following types of packets sent to an IPv4 address on an affected system.

  • ICMP - Echo (Type 8)
  • ICMP - Timestamp (Type 13)
  • ICMP - Information Request (Type 15)
  • ICMP - Address Mask Request (Type 17)
  • PIMv2 - IP protocol 103
  • PGM - IP protocol 113
  • URD - TCP Port 465

An attacker may be able to exploit the vulnerability by sending a packet with a specially crafted IP header to an IP address on a vulnerable system. Note that ICMP is often enabled on network infrastructure switches and routers for troubleshooting purposes.

Impact

A remote unauthenticated attacker may be able to execute arbitrary code or create a denial of service condition. Note that a vulnerable system would have to be the destination for the specially crafted packet.

Solution

Upgrade
See the Software Version and Fixes section of Cisco Security Advisory 20070124 for information on available upgrades.


Restrict Access

Restricitng public access to vulnerable systems mitigate this vulnerability. Access control lists, management VLANs, or alternate connection methods such as modem or console ports can be used to allow restricted access to the device.

Disable Services

Disabling IPv4 functionality on devices using IPv6 may prevent this vulnerability from being exploited.


For more information about these and other workarounds, see the workarounds section of Cisco Security Advisory 20070124.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Cisco Systems, Inc.Affected-24 Jan 2007
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

Thanks to Cisco for information that was used in this report.

This document was written by Ryan Giobbi.

Other Information

  • CVE IDs: Unknown
  • Date Public: 24 Jan 2007
  • Date First Published: 24 Jan 2007
  • Date Last Updated: 31 Jan 2007
  • Severity Metric: 18.15
  • Document Revision: 19

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.