Vulnerability Note VU#217912
Cisco IOS fails to properly process TCP packets
Overview
The Cisco IOS Transmission Control Protocol listener contains a memory leak.
Description
Cisco IOS is an operating system that is used on Cisco network devices. The Cisco IOS software can run Transmission Control Protocol (TCP) servers that allow administrators to connect to the devices for management or monitoring purposes. A vulnerability exists in the IOS TCP listener. An attacker may be able to craft an IPv4 TCP packet that causes IOS to leak memory when processed. An attacker may be able to exploit this vulnerability to create a denial-of-service condition. The specially crafted TCP can be delivered outside the context of a fully established TCP 3-way handshake. |
Impact
A remote, unauthenticated attacker with the ability to supply specially crafted TCP packets could cause memory to leak in the affected service. Sustained exploitation could eventually cause a denial of service due to shortage of memory in the affected device and would require a system reset to recover. An attacker could send spoofed TCP packets to trigger this vulnerability making an attack harder to detect or stop. |
Solution
Upgrade |
|
Systems Affected (Learn More)
Vendor | Status | Date Notified | Date Updated |
---|---|---|---|
Cisco Systems, Inc. | Affected | - | 24 Jan 2007 |
CVSS Metrics (Learn More)
Group | Score | Vector |
---|---|---|
Base | N/A | N/A |
Temporal | N/A | N/A |
Environmental | N/A | N/A |
References
- http://www.cisco.com/warp/public/707/cisco-sa-20070124-crafted-tcp.shtml
- http://www.cisco.com/univercd/cc/td/doc/product/lan/c2900xl/29_35wc/sc/swgvlans.htm#xtocid119662
- http://cio.cisco.com/warp/public/707/4.html#probdescrip
- http://www.cisco.com/warp/public/76/9.html#intro
- http://www.cisco.com/en/US/products/products_security_response09186a00807cb119.html
- http://www.cisco.com/warp/public/707/cisco-sa-20070124-crafted-tcp.shtml#workarounds
- http://www.cisco.com/warp/public/707/cisco-sa-20070124-bundle.shtml
- http://tools.ietf.org/html/rfc791
- http://en.wikipedia.org/wiki/Cisco_IOS
- http://en.wikipedia.org/wiki/Access_control_list
- http://en.wikipedia.org/wiki/Transmission_Control_Protocol#Connection_establishment
- http://secunia.com/advisories/23867/
- http://www.securityfocus.com/bid/22208
Credit
Thanks to Cisco for information that was used in this report.
This document was written by Ryan Giobbi.
Other Information
- CVE IDs: Unknown
- Date Public: 24 Jan 2007
- Date First Published: 24 Jan 2007
- Date Last Updated: 02 Feb 2007
- Severity Metric: 7.53
- Document Revision: 39
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.