Cisco IPv6 Vulnerability

Discussion in 'Computer Security' started by Imhotep, Aug 1, 2005.

  1. Imhotep

    Imhotep Guest

    Also:
    http://www.securityfocus.com/news/11264


    From CERT:

    US-CERT Technical Cyber Security Alert TA05-210A -- Cisco IOS IPv6
    Vulnerability
    From:
    US-CERT <>
    Reply-To:

    Date:
    Friday 29 July 2005 05:38:52 pm
    Groups:
    comp.security.announce
    no references


    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1


    National Cyber Alert System

    Technical Cyber Security Alert TA05-210A


    Cisco IOS IPv6 Vulnerability

    Original release date: July 29, 2005
    Last revised: --
    Source: US-CERT


    Systems Affected

    * Cisco IOS devices with IPv6 enabled

    For specific information, please see the Cisco Advisory.


    Overview

    Cisco IOS IPv6 processing functionality contains a vulnerability that
    could allow an unauthenticated, remote attacker to execute arbitrary
    code or cause a denial of service.


    I. Description

    Cisco IOS contains a vulnerability in the way IPv6 packets are
    processed. US-CERT has not confirmed further technical details.

    According to the Cisco Advisory, this vulnerability could be exploited
    by an attacker on the same IP subnet:

    Crafted packets from the local segment received on logical
    interfaces (that is, tunnels including 6to4 tunnels) as well as
    physical interfaces can trigger this vulnerability. Crafted packets
    can not traverse a 6to4 tunnel and attack a box across the tunnel.

    The crafted packet must be sent from a local network segment to
    trigger the attack. This vulnerability can not be exploited one or
    more hops from the IOS device.

    US-CERT strongly recommends that sites running Cisco IOS devices
    review the Cisco Advisory and upgrade as appropriate. We are tracking
    this vulnerability as VU#930892.


    II. Impact

    This vulnerability could allow an unauthenticated, remote attacker on
    the same IP subnet to execute arbitrary code or cause a denial of
    service. The attacker may be able to take control of a vulnerable
    device.


    III. Solutions

    Upgrade

    Upgrade to a fixed version of IOS. Please see the Software Versions
    and Fixes section of the Cisco Advisory for details.

    Disable IPv6

    From the Cisco Advisory:

    In networks where IPv6 is not needed, disabling IPv6 processing on
    an IOS device will eliminate exposure to this vulnerability. On a
    router which supports IPv6, this must be done by issuing the
    command "no ipv6 enable" and "no ipv6 address" on each interface.


    Appendix A. Vendor Information

    Cisco Systems, Inc.

    Cisco Systems, Inc. has released a security advisory regarding a
    vulnerability which was disclosed on July 27, 2005 at the Black Hat
    security conference. Security advisory is available at:

    http://www.cisco.com/warp/public/707/cisco-sa-20050729-ipv6.shtml

    For up-to-date information on security vulnerabilities in Cisco
    Systems, Inc. products, visit http://www.cisco.com/go/psirt.


    Appendix B. References

    * US-CERT Vulnerability Note VU#930892 -
    <http://www.kb.cert.org/vuls/id/930892>

    * Cisco Security Advisory: IPv6 Crafted Packet Vulnerability -
    <http://www.cisco.com/en/US/products/products_security_advisory091
    86a00804d82c9.shtml>

    _________________________________________________________________


    Information regarding this vulnerability was primarily provided by
    Cisco Systems, who in turn acknowledge the disclosure of this
    vulnerability at the Black Hat USA 2005 Briefings.

    _________________________________________________________________


    Feedback can be directed to US-CERT Technical Staff. Send mail to
    <> with "TA05-210A feedback VU#930892" in the subject.

    _________________________________________________________________


    The most recent version of this document is available at:

    <http://www.us-cert.gov/cas/techalerts/TA05-210A.html>

    _________________________________________________________________

    Produced 2005 by US-CERT, a government organization.
    _________________________________________________________________

    Terms of use:

    <http://www.us-cert.gov/legal.html>
    _________________________________________________________________


    Revision History

    July 29, 2005: Initial release

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.1 (GNU/Linux)

    iQEVAwUBQuqgLRhoSezw4YfQAQI5iwgAkSYXPNt6Hffg7BfMeYoBaZ4Co6XFVjQ6
    nWHKt1inYcYta/DXEuWJAhcjI/t8v74OH0b5sxGEr0mwtzEwV2r5pAF6nQesqyoj
    q3r60OE3TZygxUZPrGNmmkSpkhoNap9cSVs97Xt6Fd4evOmp0VZ6pqMdJtQ/r5xk
    d67LicCM9NLNoC0LPoen2/7ICu7jqxZnoF4oHDkZS8b2g2mx7vfz3Htj44Nd5/eD
    tWe8HqF8ReSyLEiOj8z8vrjcfz+BIwSLXnyr6DDxSvFmhy0CunGFkCQq074CwbVE
    GZjAJSn2r/A2Pp3HBP/RxQ9BNv8rHrSF7DkG9gADc5PV8WpaLCHP0Q==
    =4jtB
    -----END PGP SIGNATURE-----
    Imhotep, Aug 1, 2005
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. curro

    About new Cisco router ipv6

    curro, Dec 11, 2003, in forum: Cisco
    Replies:
    0
    Views:
    884
    curro
    Dec 11, 2003
  2. Bill Gates...not!  Email w/o whitelist in the subj

    MISSING Cisco Security Advisory: IPv6 Crafted Packet Vulnerability

    Bill Gates...not! Email w/o whitelist in the subj, Aug 1, 2005, in forum: Cisco
    Replies:
    1
    Views:
    432
    Martin Bilgrav
    Aug 1, 2005
  3. Bob Goddard

    Re: Cisco 827 IPv6 Configuration Howto

    Bob Goddard, Aug 1, 2005, in forum: Cisco
    Replies:
    3
    Views:
    1,673
    Walter Roberson
    Aug 3, 2005
  4. Replies:
    0
    Views:
    436
  5. PAMRibeiro
    Replies:
    3
    Views:
    1,685
    www.BradReese.Com
    Sep 11, 2005
Loading...

Share This Page