Cisco IOS fails to properly process IPv6 packets with specially crafted routing headers. Successful exploitation of this vulnerability may allow an attacker to execute code, or create a denial-of-service condition.
Internet Protocol version 6 (IPv6) is a IP standard that is designed to replace the Internet Protocol version 4 (IPv4). IPv6 Type 0 Routing headers can store multiple addresses and are processed by routers for generalized source routing.
Cisco IOS software contains a vulnerability that occurs when proccessing IPv6 Type 0 Routing headers. An attacker may be able to trigger this vulnerability by sending an IP packet with a speciallly crafted IPv6 Type 0 Routing header to a vulnerable system.
A remote unauthenticated attacker may be able to execute arbitrary code on an affected device, or create a denial of service condition.
Thanks to Cisco for information used in this report.
This document was written by Ryan Giobbi.
|Date First Published:||2007-01-24|
|Date Last Updated:||2008-01-25 19:59 UTC|