Cisco IOS fails to properly handle malformed DHCP packets

2004-11-10T00:00:00
ID VU:630104
Type cert
Reporter CERT
Modified 2004-11-11T20:04:00

Description

Overview

A denial-of-service vulnerability exists in Cisco's Internetwork Operating System (IOS). This vulnerability may allow remote attackers to conduct denial-of-service attacks on an affected device.

Description

The Dynamic Host Configuration Protocol (DHCP) provides a means for distributing configuration information to hosts on a TCP/IP network.The Cisco Internetwork Operating System (IOS) implementation of DHCP contains a vulnerability that allows malformed DHCP packets to cause an affected device to stop processing incoming network traffic.

Cisco devices place incoming DHCP packets into an input queue so that they can be processed. When an affected Cisco device encounters certain malformed DHCP packets that are undeliverable, it may allow these packets to remain in the queue. When the number of packets in the queue are equal to or greater than the size of the queue, the device will stop accepting traffic on that interface. Such packets can be sent by an unauthenticated remote attacker and may result in a denial-of-service condition.

By default, Cisco routers are configured to process DHCP packets. In order to regain functionality, the device must be rebooted to clear the input queue on the interface.


Impact

By sending a specially crafted DHCP packet to an affected device, a remote, unauthenticated attacker could cause the device to stop processing incoming network traffic. Repeated exploitation of this vulnerability could lead to a sustained denial-of-service condition. In order to regain functionality, the device must be rebooted to clear the input queue on the interface.


Solution

Apply a patch

Please refer to the "Software Versions and Fixes" section of the Cisco Security Advisory for more information on upgrading.


Workarounds

Cisco recommends a number of workarounds. For a complete list of workarounds, see the "Workarounds" section of the Cisco Security Advisory.


Vendor Information

630104

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Vendor has issued information

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Cisco Systems Inc. Affected

Updated: November 10, 2004

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please refer to Cisco Security Advisory "Cisco IOS DHCP Blocked Interface Denial-of-Service".

If you have feedback, comments, or additional information about this vulnerability, please send us email.

CVSS Metrics

Group | Score | Vector
---|---|---
Base | |
Temporal | |
Environmental | |

References

  • <http://www.cisco.com/warp/public/707/cisco-sa-20041110-dhcp.shtml>
  • <http://www.ietf.org/rfc/rfc2131.txt>

Acknowledgements

This vulnerability was reported by the Cisco Systems Product Security Incident Response Team (PSIRT).

This document was written by Damon Morda.

Other Information

CVE IDs: | None
---|---
Severity Metric: | 55.13
Date Public: | 2004-11-10
Date First Published: | 2004-11-10
Date Last Updated: | 2004-11-11 20:04 UTC
Document Revision: | 16