Links
Cisco IOS Advisory
GSA Reference Number: AD080327-01
Simply Put: Cisco has announced five vulnerabilities in their Cisco IOS (Cisco IOS is the operating system that most Cisco devices run, including all routers and switches). Gladiator is recommending customers upgrade their Cisco routers and switches to the latest IOS version. The first four vulnerabilities deal with issues that can lead to loss of service. The final vulnerability deals with possible data leakage. For a comprehensive list of affected IOS versions and recommended patched IOS versions refer to the Cisco article linked below in the Software Versions and Fixes section. To determine the version your Cisco switch or router is running, log in to a terminal session and run “show version” without the quotes. Then refer to the advisory in the reference link section to apply the correct IOS version.
Attack Details:
The attack details section is intended for technical review.
Cisco IOS Virtual Private Dial-up Network Denial of Service Vulnerability
Virtual Private Dial-up Network (VPDN) using Point-to-Point Tunneling Protocol (PPTP) has two issues, one is a memory leak caused by the termination of a PPTP session. The second can cause all available resources to be depleted through non-reuse of virtual access interfaces. Both if repeatedly exploited can lead to a Denial of Service (DoS)
http://www.cisco.com/warp/public/707/cisco-sa-20080326-pptp.shtmlMultiple DLSw Denial of Service Vulnerabilities in Cisco IOS
Data-Link Switching (DLSw) with specially crafted UDP or IP Protocol 91 packets can cause a memory leak or device reboots leading to a DoS attack on the device.
http://www.cisco.com/warp/public/707/cisco-sa-20080326-dlsw.shtmlCisco IOS User Datagram Protocol Delivery Issue For IPv4/IPv6 Dual-stack Routers
Routers running Internet Protocol version 6 (IPv6) with specific Internet Protocol version 4 (IPv4) User Datagram Protocol (UDP) services enabled are subject to a DoS attack. Successful exploitation can lead to affected interfaces not accepting inbound traffic; the exception is with Resource Reservation Protocol (RSVP) which can cause the device to crash.
http://www.cisco.com/warp/public/707/cisco-sa-20080326-IPv4IPv6.shtmlVulnerability in Cisco IOS with OSPF, MPLS VPN, and Supervisor 32, Supervisor 720, or Route Switch Processor 720
Cisco Catalyst 6500 and Cisco 7600 devices running Open Shortest Path First (OSPF) and Multiprotocol Switching (MPLS) when exploited can lead to affected interfaces to refuse inbound traffic.
http://www.cisco.com/warp/public/707/cisco-sa-20080326-queue.shtmlCisco IOS Multicast Virtual Private Network (MVPN) Data Leak
MVPN has a vulnerability that when exploited can lead to an attacker creating extra states or allow them to receive multicast traffic from other MPLS based Virtual Private Networks (VPN) by sending specially crafted packets.
http://www.cisco.com/warp/public/707/cisco-sa-20080326-mvpn.shtml
Countermeasures: Cisco has released IOS patches for each of the vulnerabilities listed above. Gladiator recommends determining which version of the Cisco IOS software your device is running, then applying the appropriate updates. Applying IOS updates can cause interruptions in router and switch service. Do not attempt this without assistance from your network support vendor.
Reference Links:
- Cisco Security Advisory Bundle ( http://www.cisco.com/warp/public/707/cisco-sa-20080326-bundle.shtml)
- Packetstorm Security (http://packetstormsecurity.org/0803-advisories/cisco-sa-20080326-dlsw.txt)