ID

VAR-200508-0320

CVE

CVE-2005-2451

TITLE

Cisco IOS vulnerable to DoS or arbitrary code execution via specially crafted IPv6 packet

DESCRIPTION

Cisco IOS 12.0 through 12.4 and IOS XR before 3.2, with IPv6 enabled, allows remote attackers on a local network segment to cause a denial of service (device reload) and possibly execute arbitrary code via a crafted IPv6 packet. A successful attack may allow the attacker to execute arbitrary code and gain unauthorized access to the device. The attacker can also leverage this issue to cause an affected device to reload, denying service to legitimate users. Cisco has stated that exploits of this vulnerability in Cisco IOS XR may cause the IPv6 neighbor discovery process to restart. If exploited repeatedly, this could result in a prolonged denial of service affecting IPv6 traffic traveling through the device. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA05-210A Cisco IOS IPv6 Vulnerability Original release date: July 29, 2005 Last revised: -- Source: US-CERT Systems Affected * Cisco IOS devices with IPv6 enabled For specific information, please see the Cisco Advisory. I. US-CERT has not confirmed further technical details. According to the Cisco Advisory, this vulnerability could be exploited by an attacker on the same IP subnet: Crafted packets from the local segment received on logical interfaces (that is, tunnels including 6to4 tunnels) as well as physical interfaces can trigger this vulnerability. Crafted packets can not traverse a 6to4 tunnel and attack a box across the tunnel. The crafted packet must be sent from a local network segment to trigger the attack. This vulnerability can not be exploited one or more hops from the IOS device. US-CERT strongly recommends that sites running Cisco IOS devices review the Cisco Advisory and upgrade as appropriate. We are tracking this vulnerability as VU#930892. II. The attacker may be able to take control of a vulnerable device. III. Solutions Upgrade Upgrade to a fixed version of IOS. Please see the Software Versions and Fixes section of the Cisco Advisory for details. On a router which supports IPv6, this must be done by issuing the command "no ipv6 enable" and "no ipv6 address" on each interface. Appendix A. Vendor Information Cisco Systems, Inc. Cisco Systems, Inc. has released a security advisory regarding a vulnerability which was disclosed on July 27, 2005 at the Black Hat security conference. Security advisory is available at: http://www.cisco.com/warp/public/707/cisco-sa-20050729-ipv6.shtml For up-to-date information on security vulnerabilities in Cisco Systems, Inc. products, visit http://www.cisco.com/go/psirt. Appendix B. References * US-CERT Vulnerability Note VU#930892 - <http://www.kb.cert.org/vuls/id/930892> * Cisco Security Advisory: IPv6 Crafted Packet Vulnerability - <http://www.cisco.com/en/US/products/products_security_advisory091 86a00804d82c9.shtml> _________________________________________________________________ Information regarding this vulnerability was primarily provided by Cisco Systems, who in turn acknowledge the disclosure of this vulnerability at the Black Hat USA 2005 Briefings. _________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Send mail to <cert@cert.org> with "TA05-210A feedback VU#930892" in the subject. _________________________________________________________________ The most recent version of this document is available at: <http://www.us-cert.gov/cas/techalerts/TA05-210A.html> _________________________________________________________________ Produced 2005 by US-CERT, a government organization. _________________________________________________________________ Terms of use: <http://www.us-cert.gov/legal.html> _________________________________________________________________ Revision History July 29, 2005: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBQuqgLRhoSezw4YfQAQI5iwgAkSYXPNt6Hffg7BfMeYoBaZ4Co6XFVjQ6 nWHKt1inYcYta/DXEuWJAhcjI/t8v74OH0b5sxGEr0mwtzEwV2r5pAF6nQesqyoj q3r60OE3TZygxUZPrGNmmkSpkhoNap9cSVs97Xt6Fd4evOmp0VZ6pqMdJtQ/r5xk d67LicCM9NLNoC0LPoen2/7ICu7jqxZnoF4oHDkZS8b2g2mx7vfz3Htj44Nd5/eD tWe8HqF8ReSyLEiOj8z8vrjcfz+BIwSLXnyr6DDxSvFmhy0CunGFkCQq074CwbVE GZjAJSn2r/A2Pp3HBP/RxQ9BNv8rHrSF7DkG9gADc5PV8WpaLCHP0Q== =4jtB -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: Cisco IOS IPv6 Packet Handling Vulnerability SECUNIA ADVISORY ID: SA16272 VERIFY ADVISORY: http://secunia.com/advisories/16272/ CRITICAL: Moderately critical IMPACT: DoS, System access WHERE: >From local network OPERATING SYSTEM: Cisco IOS R12.x http://secunia.com/product/50/ Cisco IOS 12.x http://secunia.com/product/182/ DESCRIPTION: A vulnerability has been reported in Ciso IOS, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable network device. SOLUTION: The vendor has issued updated versions (see patch matrix in vendor advisory). Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

local

TYPE

Boundary Condition Error

CONFIGURATIONS

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

This issue was reported by Michael Lynn at the Black Hat security conference.

SOURCES

LAST UPDATE DATE

2023-12-18T11:31:39.658000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE