Slew of Cisco Alerts

Posted on by

The Cisco Systems Product Security Incident Response Team release a group of security advisories today. The majority of the vulnerabilities can result in Denial of Service for multiple products. Here’s the round up:

Cisco IOS Virtual Private Dial-up Network Denial of Service Vulnerability

Devices running certain versions of Cisco IOS prior to 12.3 with VPDN enabled may be affected by the vulnerabilities. The vulnerabilities are a result of a memory leak and an inability to reuse virtual interfaces. See the original advisory for full details:
http://www.cisco.com/warp/public/707/cisco-sa-20080326-pptp.shtml

Vulnerability in Cisco IOS with OSPF, MPLS VPN, and Certain Processors

Some Cisco Catalyst 6500 Series and Cisco 7600 Routers running particular branches of Cisco IOS based on 12.2 may be vulnerable to a denial of service vulnerability. To be vulnerable they must be configured to use OSPF and MPLS enabled VPNs. Products known to be vulnerable are based on the Supervisor Engine 32 (Sup32), Supervisor Engine 720 (Sup720) or Route Switch Processor 720 (RSP720). See the original advisory for full details: http://www.cisco.com/warp/public/707/cisco-sa-20080326-queue.shtml

Cisco IOS User Datagram Protocol Delivery Issue For IPv4/IPv6 Dual-stack Routers

Devices running Cisco IOS software with Internet Protocol version 6 (IPv6) enabled may be subject to a denial of service attack. To be vulnerable the device must also  have certain Internet Protocol version 4 (IPv4) User Datagram Protocol (UDP) services enabled. See the original advisory for full details: http://www.cisco.com/warp/public/707/cisco-sa-20080326-IPv4IPv6.shtml

Multiple DLSw Denial of Service Vulnerabilities in Cisco IOS

All devices running Cisco IOS with the Data-link Switching (DLSw) feature enabled may be susceptible to a vulnerability that can result in a reload or memory leak when processing specially crafted UDP or IP Protocol 91 packets.  See the original advisory for full details: http://www.cisco.com/warp/public/707/cisco-sa-20080326-dlsw.shtml

Cisco IOS Multicast Virtual Private Network (MVPN) Data Leak

All devices running Cisco IOS and configured for MVPN are susceptible to a vulnerability that can allow an attacker to receive multicast traffic from other MVPN networks. See the original advisory for full details:  http://www.cisco.com/warp/public/707/cisco-sa-20080326-mvpn.shtml

Leave a Reply