- Cisco network devices running IOS in various configurations
Several vulnerabilities have been discovered in Cisco's Internet Operating System (IOS). A remote attacker may be able to execute arbitrary code on an affected device, cause an affected device to reload the operating system, or cause other types of denial of service.
Cisco has published three advisories describing flaws in IOS with various security impacts, the most serious of which could allow a remote attacker to execute arbitrary code on an affected system. Further details are available in the following vulnerability notes:
VU#217912 - Cisco IOS fails to properly process TCP packets
The Cisco IOS Transmission Control Protocol listener in certain versions of Cisco IOS software contains a memory leak. This memory leak may allow an attacker to create a denial-of-service condition.
VU#341288 - Cisco IOS fails to properly prcoess certain packets containing a crafted IP option
A vulnerability exists in the way Cisco IOS processes a number of different types of IPv4 packets containing a specially crafted IP option. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code on an affected device or create a denial-of-service condition
VU#274760 - Cisco IOS fails to properly process specially crafted IPv6 packets
Cisco IOS fails to properly process IPv6 packets with specially crafted routing headers. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code on an affected device or create a denial-of-service condition.
Although the resulting impacts of these three vulnerabilities is slightly different, in the case of VU#341288 and VU#274760, a remote attacker could cause an affected device to reload the operating system. In some cases, this creates a secondary denial-of-service condition because packets are not forwarded through the affected device while it is reloading. Repeated exploitation of these vulnerabilites may result in a sustained denial-of-service condition.
Because devices running IOS may transmit traffic for a number of other networks, the secondary impacts of a denial of service may be severe.
Also in the case of VU#341288 and VU#274760, successful exploitation may allow a remote attacker to execute arbitrary code on an affected device.
Upgrade to a fixed version of IOS
Cisco has updated versions of its IOS software to address these vulnerabilities. Please refer to the "Software Versions and Fixes" sections of the Cisco Security Advisories listed in the References section of this document for more information on upgrading.
Cisco has also published practical workarounds for these vulnerabilities. Please refer to the "Workarounds" section of each Cisco Security Advisory listed in the References section of this document for more information.
Sites that are unable to install an upgraded version of IOS are encouraged to implement these workarounds.
- US-CERT Vulnerability Note VU#217912 - http://www.kb.cert.org/vuls/id/217912>
January 24, 2007: Initial release