Vulnerability Note VU#930892
Cisco IOS vulnerable to DoS or arbitrary code execution via specially crafted IPv6 packet
Overview
Cisco Internetwork Operating System (IOS) IPv6 packet handling is vulnerable to a denial-of-service attack and may potentially be vulnerable to a flaw that allows arbitrary code execution.
Description
Cisco Systems devices running IOS that are configured to handle Internet Protocol version 6 (IPv6) traffic may not properly handle a specially-crafted packet sent from the local network segment. This improper packet handling may result in a denial-of-service condition or in the execution of arbitrary code on the device running IOS. The specific nature of the crafted packets exploiting this vulnerability is not known. Only devices configured to handle IPv6 traffic are vulnerable to this flaw. Any logical or physical interface that handles the crafted packet is vulnerable to the flaw. In addition, the attacker must send the crafted packet on the local network segment. Packets sent one or more hops away from the device will not affect the vulnerable device in a negative manner. |
Impact
A remote, unauthenticated attacker on the local network segment that can craft and send an arbitrary IPv6 packet may be able to crash or take control of the device running IOS. |
Solution
Apply An Update |
|
Systems Affected (Learn More)
| Vendor | Status | Date Notified | Date Updated |
|---|---|---|---|
| Cisco Systems | Affected | - | 29 Jul 2005 |
CVSS Metrics (Learn More)
| Group | Score | Vector |
|---|---|---|
| Base | N/A | N/A |
| Temporal | N/A | N/A |
| Environmental | N/A | N/A |
References
- http://www.us-cert.gov/cas/techalerts/TA05-210A.html
- http://www.cisco.com/warp/public/707/cisco-sa-20050729-ipv6.shtml
- http://www.cisco.com/en/US/products/products_security_advisory09186a00804d82c9.shtml
- http://www.boingboing.net/2005/07/29/michael_lynns_contro.html
- http://archives.neohapsis.com/archives/fulldisclosure/2005-07/0663.html
- http://www.blackhat.com/html/bh-usa-05/bh-usa-05-speakers.html
- http://secunia.com/advisories/16272/
- http://xforce.iss.net/xforce/alerts/id/201
Credit
Information regarding this vulnerability was primarily provided by Cisco Systems, who in turn acknowledge the disclosure of this vulnerability at Black Hat USA 2005.
This document was written by Ken MacInnis.
Other Information
- CVE IDs: Unknown
- Date Public: 27 Jul 2005
- Date First Published: 01 Aug 2005
- Date Last Updated: 02 Aug 2005
- Severity Metric: 25.64
- Document Revision: 23
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.
View Notes By
Report a Vulnerability
Please use the Vulnerability Reporting Form to report a vulnerability. Alternatively, you can send us email. Be sure to read our vulnerability disclosure policy.