|
|
>> Cisco IOS Denial of Service and Information Disclosure Vulnerabilities
|
Multiple vulnerabilities have been identified in Cisco IOS, which could be exploited by attackers to cause a denial of service or disclose and manipulate sensitive information.
The first issue is caused by an error when handling terminate PPTP sessions, which could cause a memory leak.
The second vulnerability is caused by an error when removing the virtual access interface that is associated with a terminated PPTP session, which can result in an exhaustion of the interface descriptor block (IDB) limit, preventing any new interfaces being created.
The third issue is caused by errors in the in the Data-link Switching (DLSw) feature when handling certain UDP and IP protocol 91 packets, which may result in a reload of a vulnerable system or a memory leak on the device, leading to a denial of service condition.
The fourth vulnerability is caused by an error in the Internet Protocol version 6 (IPv6) service when processing malformed packets while the device has certain Internet Protocol version 4 (IPv4) User Datagram Protocol (UDP) services enabled, which could prevent the interface from receiving any additional traffic or could cause a vulnerable device to crash when the Resource Reservation Protocol (RSVP) service is configured on the interface.
The fifth issue is caused by an error in the implementation of Multicast Virtual Private Network (MVPN) when handling specially crafted Multicast Distribution Tree (MDT) Data Join messages, which could allow a malicious user to create extra multicast states on the core routers or receive multicast traffic from other Multiprotocol Label Switching (MPLS) based Virtual Private Networks (VPN).
Affected Products
Cisco IOS versions 12.x
Solution
Apply fixes :
http://www.cisco.com/warp/public/707/cisco-sa-20080326-pptp.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20080326-dlsw.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20080326-IPv4IPv6.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20080326-mvpn.shtml
References
http://www.vupen.com/english/advisories/2008/1006
http://www.cisco.com/warp/public/707/cisco-sa-20080326-pptp.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20080326-dlsw.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20080326-IPv4IPv6.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20080326-mvpn.shtml
Credits
Vulnerabilities reported by the vendor, Martin Kluge (Elxsi Security), and Thomas Morin.
ChangeLog
2008-03-28 : Initial release
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
