From: Secunia Security Advisories (sec-advsecunia.com)
Date: Thu Jul 17 2003 - 04:44:46 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

TITLE:
Cisco IOS IPv4 Packet Processing Denial of Service Vulnerability

READ ONLINE:
http://www.secunia.com/advisories/9288/

CRITICAL:
Moderately critical

IMPACT:
DoS

WHERE:
From remote

OPERATING SYSTEM:
Cisco IOS 11.x
Cisco IOS 12.x

DESCRIPTION:
A vulnerability has been identified in Cisco IOS, which can be
exploited by malicious people to cause a DoS (Denial of Service) on
vulnerable device.

The vulnerability is caused due to an error when processing certain
IPv4 traffic. This can be exploited by sending a specially crafted
sequence of IPv4 packets to the device, which erroneously may cause
the device to set the input queue for the specific interface to full.
This results in all further traffic being dropped by the interface.

Successful exploitation requires that processing of IPv4 packets is
enabled (default setting).

SOLUTION:
Cisco has released updated IOS versions. A patch matrix is available
at the web page (in the "Software Versions and Fixes" section)
referenced in "Original Advisory".

Workarounds are also detailed in the original advisory.

ORIGINAL ADVISORY:
http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml

----------------------------------------------------------------------

Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

Contact details:
Web : http://www.secunia.com/
E-mail : supportsecunia.com
Tel : +44 (0) 20 7016 2693
Fax : +44 (0) 20 7637 0419

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories

----------------------------------------------------------------------

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]