SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

Vulnerability Note VU#930892

Cisco IOS vulnerable to DoS or arbitrary code execution via specially crafted IPv6 packet

Overview

Cisco Internetwork Operating System (IOS) IPv6 packet handling is vulnerable to a denial-of-service attack and may potentially be vulnerable to a flaw that allows arbitrary code execution.

I. Description

Cisco Systems devices running IOS that are configured to handle Internet Protocol version 6 (IPv6) traffic may not properly handle a specially-crafted packet sent from the local network segment. This improper packet handling may result in a denial-of-service condition or in the execution of arbitrary code on the device running IOS. The specific nature of the crafted packets exploiting this vulnerability is not known.

Only devices configured to handle IPv6 traffic are vulnerable to this flaw. Any logical or physical interface that handles the crafted packet is vulnerable to the flaw. In addition, the attacker must send the crafted packet on the local network segment. Packets sent one or more hops away from the device will not affect the vulnerable device in a negative manner.

II. Impact

A remote, unauthenticated attacker on the local network segment that can craft and send an arbitrary IPv6 packet may be able to crash or take control of the device running IOS.

III. Solution

Apply An Update

For details on fixes, updates, and workarounds, please see Cisco Security Advisory 65783: IPv6 Crafted Packet Vulnerability.

Apply Workarounds

Disabling the handling of IPv6 traffic eliminates exposure to the vulnerability. This is accomplished with the "no ipv6 enable" and "no ipv6 address" commands for each interface.

Systems Affected

VendorStatusDate NotifiedDate Updated
Cisco SystemsVulnerable29-Jul-2005

References

http://www.us-cert.gov/cas/techalerts/TA05-210A.html
http://www.cisco.com/warp/public/707/cisco-sa-20050729-ipv6.shtml
http://www.cisco.com/en/US/products/products_security_advisory09186a00804d82c9.shtml
http://www.boingboing.net/2005/07/29/michael_lynns_contro.html
http://archives.neohapsis.com/archives/fulldisclosure/2005-07/0663.html
http://www.blackhat.com/html/bh-usa-05/bh-usa-05-speakers.html
http://secunia.com/advisories/16272/
http://xforce.iss.net/xforce/alerts/id/201

Credit

Information regarding this vulnerability was primarily provided by Cisco Systems, who in turn acknowledge the disclosure of this vulnerability at Black Hat USA 2005.

This document was written by Ken MacInnis.

Other Information

Date Public:2005-07-27
Date First Published:2005-08-01
Date Last Updated:2005-08-02
CERT Advisory: 
CVE-ID(s): 
NVD-ID(s): 
US-CERT Technical Alerts: 
Metric:25.64
Document Revision:23

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Produced 2005 by US-CERT, a government organization
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader