SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips
 

Vulnerability Note VU#341288

Cisco IOS fails to properly process certain packets containing a crafted IP option

Overview

Cisco IOS software contains a vulnerablity that may allow an attacker to execute arbitrary code or create a denial of service condition.

I. Description

Cisco IOS is an operating system that is used on Cisco network devices. The Internet Control Message Protocol (ICMP) is a protocol commonly used for testing connections and diagnosing problems.

A vulnerability exists in the way Cisco IOS processes the following types of packets sent to an IPv4 address on an affected system.

  • ICMP - Echo (Type 8)
  • ICMP - Timestamp (Type 13)
  • ICMP - Information Request (Type 15)
  • ICMP - Address Mask Request (Type 17)
  • PIMv2 - IP protocol 103
  • PGM - IP protocol 113
  • URD - TCP Port 465

An attacker may be able to exploit the vulnerability by sending a packet with a specially crafted IP header to an IP address on a vulnerable system. Note that ICMP is often enabled on network infrastructure switches and routers for troubleshooting purposes.

II. Impact

A remote unauthenticated attacker may be able to execute arbitrary code or create a denial of service condition. Note that a vulnerable system would have to be the destination for the specially crafted packet.

III. Solution

Upgrade

See the Software Version and Fixes section of Cisco Security Advisory 20070124 for information on available upgrades.

Restrict Access

Restricitng public access to vulnerable systems mitigate this vulnerability. Access control lists, management VLANs, or alternate connection methods such as modem or console ports can be used to allow restricted access to the device.

Disable Services

Disabling IPv4 functionality on devices using IPv6 may prevent this vulnerability from being exploited.


For more information about these and other workarounds, see the workarounds section of Cisco Security Advisory 20070124.

Systems Affected

VendorStatusDate Updated
Cisco Systems, Inc.Vulnerable24-Jan-2007

References


http://www.cisco.com/warp/public/707/cisco-sa-20070124-crafted-ip-option.shtml
http://www.cisco.com/univercd/cc/td/doc/product/lan/c2900xl/29_35wc/sc/swgvlans.htm#xtocid119662
http://en.wikipedia.org/wiki/Access_control_list
http://en.wikipedia.org/wiki/IPv6
http://tools.ietf.org/html/rfc791
http://www.cisco.com/warp/public/707/cisco-sa-20070124-crafted-ip-option.shtml#fixes
http://en.wikipedia.org/wiki/Cisco_IOS
http://tools.ietf.org/html/rfc792
http://www.cisco.com/warp/public/707/cisco-sa-20070124-bundle.shtml
http://secunia.com/advisories/23867/
http://www.cisco.com/en/US/products/products_security_response09186a00807cb0da.html
http://www.securityfocus.com/bid/22211

Credit

Thanks to Cisco for information that was used in this report.

This document was written by Ryan Giobbi.

Other Information

Date Public01/24/2007
Date First Published01/24/2007 04:34:22 PM
Date Last Updated01/31/2007
CERT Advisory 
CVE-ID(s) 
NVD-ID(s) 
US-CERT Technical Alerts 
Metric18.15
Document Revision19

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Produced 2007 by US-CERT, a government organization
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader