ID

VAR-200505-1149

CVE

CVE-2005-0197

TITLE

Cisco IOS vulnerable to DoS via malformed BGP packet

DESCRIPTION

Cisco IOS 12.1T, 12.2, 12.2T, 12.3 and 12.3T, with Multi Protocol Label Switching (MPLS) installed but disabled, allows remote attackers to cause a denial of service (device reload) via a crafted packet sent to the disabled interface. A denial-of-service vulnerability exists in Cisco's Internetwork Operating System (IOS). This vulnerability may allow attackers to conduct denial-of-service attacks on an affected device. A vulnerability in the way Cisco IOS handles IPv6 packets could result in a remotely exploitable denial of service. It is reported that the vulnerability presents itself when an affected router handles an unspecified malicious packet on a MPLS disabled interface. A remote attacker that resides on the same network segment as the vulnerable router may exploit this vulnerability continuously to effectively deny network-based services to legitimate users. Cisco IOS is the operating system that runs on many Cisco devices. There is a problem in the processing of special MPLS packets in Cisco IOS devices. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Technical Cyber Security Alert TA05-026A Multiple Denial-of-Service Vulnerabilities in Cisco IOS Original release date: January 26, 2005 Last revised: -- Source: US-CERT Systems Affected * Cisco routers and switches running IOS in various configurations Overview Several denial-of-service vulnerabilities have been discovered in Cisco's Internet Operating System (IOS). I. An unauthenticated attacker can send these malformed packets on a local network segment that is connected to a vulnerable device interface. The vulnerability is exposed on both physical interfaces (i.e., hardware interfaces), and logical interfaces (i.e., software defined interfaces such as tunnels) that are configured for IPv6. VU#689326 - Cisco IOS vulnerable to DoS via malformed BGP packet An IOS device that is enabled for Border Gateway Protocol (BGP) and set up with the bgp log-neighbor-changes option is vulnerable to a denial-of-service attack via a malformed BGP packet. II. Impact Although the underlying causes of these three vulnerabilities is different, in each case a remote attacker could cause an affected device to reload the operating system. Repeated exploitation of these vulnerabilites would result in a sustained denial-of-service condition. Since devices running IOS may transit traffic for a number of other networks, the secondary impacts of a denial of service may be severe. III. Solution Upgrade to a fixed version of IOS Cisco has updated versions of its IOS software to address these vulnerabilities. Please refer to the "Software Versions and Fixes" sections of the Cisco Security Advisories listed in Appendix A for more information on upgrading. Workaround Cisco has also published practical workarounds for VU#689326 and VU#583638. Please refer to the "Workarounds" section of each Cisco Security Advisory listed in Appendix A for more information. Sites that are unable to install an upgraded version of IOS are encouraged to implement these workarounds. Appendix A. References * Cisco Security Advisory: Crafted Packet Causes Reload on Cisco Routers - <http://www.cisco.com/warp/public/707/cisco-sa-20050126-les.shtml> * Cisco Security Advisory: Multiple Crafted IPv6 Packets Cause Reload - <http://www.cisco.com/warp/public/707/cisco-sa-20050126-ipv6.shtml> * Cisco Security Advisory: Cisco IOS Malformed BGP Packet Causes Reload - <http://www.cisco.com/warp/public/707/cisco-sa-20050126-bgp.shtml> * US-CERT Vulnerability Note VU#583638 - <http://www.kb.cert.org/vuls/id/583638> * US-CERT Vulnerability Note VU#472582 - <http://www.kb.cert.org/vuls/id/472582> * US-CERT Vulnerability Note VU#689326 - <http://www.kb.cert.org/vuls/id/689326> _________________________________________________________________ Feedback can be directed to the authors: Will Dormann, Chad Dougherty, and Damon Morda _________________________________________________________________ This document is available from: <http://www.us-cert.gov/cas/techalerts/TA05-026A.html> _________________________________________________________________ Copyright 2005 Carnegie Mellon University. Terms of use: <http://www.us-cert.gov/legal.html> _________________________________________________________________ Revision History January 26, 2005: Initial release Last updated January 26, 2005 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBQfgfthhoSezw4YfQAQJQKAf8DxKPd+9aXGsomYzRhFPyCcnjEfy6dv/N 3GcqV8GR5WyshB207vhvw1PDfZdQVFIXiNr/xE9dmBKEhm38En3a70DnVe2UCmXO UobYXGk9tSW+pnR7Cdd3hc8yeZq0ys+LFKF/sztgpPJji/zFWojPnuS1wCcYggA1 kuGCQ9VD6My64Hlh/PStCYqx5C9azgGHNv086W6fQyCssgjwBz51YxdV9gZ9wJUt I8LGjq6T0Fp+5kEEd9SPoUjA+r7bNft3xUPAabb+N4dt8sZUYqzXDP71lYYXgZay z2FE7jkbtX/LYVQCiA4LfgGCbw1sI6p+UQABtj74CPte2CyJZO5hJw== =aHIO -----END PGP SIGNATURE-----

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

specific network environment

TYPE

configuration error

CONFIGURATIONS

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Cisco Security Advisory

SOURCES

LAST UPDATE DATE

2023-12-18T11:29:50.596000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE