|
|
|
>> Cisco IOS Multiple Denial of Service and Privilege Escalation Issues
|
Multiple vulnerabilities have been identified in Cisco IOS, which could be exploited by attackers to cause a denial of service or by malicious users to gain elevated privileges.
The first issue is caused by an error in the Cisco Tunneling Control Protocol (cTCP) feature when processing a series of TCP packets, which could cause an affected device configured as Easy VPN servers with cTCP to run out of memory, creating a denial of service condition.
The second vulnerability is caused by an error in the Session Initiation Protocol (SIP) when processing a specific and valid SIP message, which could be exploited to cause a vulnerable device to reload, creating a denial of service condition.
The third issue is caused by an error in the server side of the SCP implementation, which could allow authenticated users with an attached command-line interface (CLI) view to transfer files to and from a vulnerable device that is configured as a SCP server, regardless of user permissions defined via the CLI view configuration.
The fourth vulnerability īs caused by errors in the Mobile IPv6 and Mobile IP NAT Traversal features, which could be exploited to cause a vulnerable device to stop processing traffic.
The fifth issue is caused by errors in the WebVPN and SSLVPN (SSLVPN) features when processing specially crafted HTTPS packets, which may result in the device crashing, not accepting any new SSLVPN sessions or a memory leak.
The sixth vulnerability is caused by an error within the handling of IP sockets, which could be exploited to create a denial of service condition.
The seventh issue is caused by an error when processing a sequence of specially crafted TCP packets, which could be exploited to create a denial of service condition.
The eighth vulnerability is caused by an error when processing specially crafted UDP packets, which could be exploited to cause the inbound interface to be blocked and will silently drop any received traffic.
Affected Products
Cisco IOS 12.x
Solution
Apply fixes :
http://www.cisco.com/warp/public/707/cisco-sa-20090325-bundle.shtml
References
http://www.vupen.com/english/advisories/2009/0851
http://www.cisco.com/warp/public/707/cisco-sa-20090325-ctcp.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20090325-sip.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20090325-scp.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20090325-mobileip.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20090325-webvpn.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20090325-ip.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20090325-tcp.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20090325-udp.shtml
Credits
Vulnerabilities reported by the vendor, Kevin Graham and Jens Link.
ChangeLog
2009-03-26 : Initial release
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time alerts with CVE, CWE, and CVSS when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
 |
