Cisco IOS GRE Packet Decapsulation

2006-09-06T09:48:45
ID OSVDB:28590
Type osvdb
Reporter FX(fx@phenoelit.de)
Modified 2006-09-06T09:48:45

Description

Vulnerability Description

IOS contains a flaw that may allow a malicious user to bypass access restrictions. The issue is triggered when specially-crafted GRE packets are decapsulated by a GRE endpoint without verifying an offset field, and may reuse unrelated packet data from memory. It is possible that the flaw may allow an attacker to inject source routing information which may bypass access restrictions resulting in a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

IOS contains a flaw that may allow a malicious user to bypass access restrictions. The issue is triggered when specially-crafted GRE packets are decapsulated by a GRE endpoint without verifying an offset field, and may reuse unrelated packet data from memory. It is possible that the flaw may allow an attacker to inject source routing information which may bypass access restrictions resulting in a loss of integrity.

References:

Vendor Specific Advisory URL Security Tracker: 1016799 Secunia Advisory ID:21783 Other Advisory URL: http://www.phenoelit.de/stuff/CiscoGRE.txt Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-09/0065.html Keyword: CSCuk27655,CSCea22552,CSCei62762 ISS X-Force ID: 28786 FrSIRT Advisory: ADV-2006-3502 CVE-2006-4650