Cisco IOS Interface Denial of Service Vulnerability

Published: 2003-07-17
Last Updated: 2003-07-18 16:19:29 UTC
by Handlers (Version: 1)
0 comment(s)

Cisco announced a critical infrastructure vulnerability concerning the IOS software which is widely deployed as a network operating system on routers and switches.

A working exploit has been posted to public mailing lists. It has been reported
that the exploit code was used in some attacks. However, so far we don't see any
widespread usage. Sporadic network outages over the last two days can be attributed to network operators upgrading routers.
Summary:

Cisco IOS is deployed on many routers involved in the Internet infrastructure. A specially crafted sequence of IPv4 packets could cause an error on router interfaces where the interface will incorrectly mark the interface as having a full queue and block inbound traffic to that interface. The effected router has to be rebooted to resume operation.

Impact:

A large number of ISPs and end users is using effected equipment. Large internet service providers already upgraded many routers. As a side effect, internet users may have experienced outages due to the maintenance work. Some of these outages are reflected in the 'global instability index' which is maintained by Dennis McGrath (Univ. Dartmouth): http://people.ists.dartmouth.edu/~dmcgrath/gii/ . The
measured BGB route flapping occurs as ISPs reroute traffic temporarily while some routers are down for upgrades.

Details:

More details are available from Cisco on this vulnerability and potential fixes or work arounds.

References:

http://www.cert.org/advisories/CA-2003-15.html

http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml
----
Contributed by the SANS Incident Handlers (isc at incidents dot org)
Keywords:
0 comment(s)

Comments


Diary Archives