Cisco IOS Listener Crafted TCP Packets DoS

2007-01-24T07:03:48
ID OSVDB:32093
Type osvdb
Reporter OSVDB
Modified 2007-01-24T07:03:48

Description

Vulnerability Description

Cisco IOS contains a flaw that may allow a remote attacker to cause a denial of service. The issue is due to the TCP listener not properly handling malformed TCP traffic sent to IPv4 addresses. By sending such traffic, an attacker can cause the device to leak memory and eventually exhaust resources causing the device to stop routing traffic.

Short Description

Cisco IOS contains a flaw that may allow a remote attacker to cause a denial of service. The issue is due to the TCP listener not properly handling malformed TCP traffic sent to IPv4 addresses. By sending such traffic, an attacker can cause the device to leak memory and eventually exhaust resources causing the device to stop routing traffic.

References:

Vendor Specific Advisory URL Vendor Specific Advisory URL Security Tracker: 1017551 Secunia Advisory ID:23867 Related OSVDB ID: 32091 Related OSVDB ID: 32092 News Article: http://www.theregister.co.uk/2007/01/25/cisco_ios_bug_fix/ Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-01/0552.html ISS X-Force ID: 31716 FrSIRT Advisory: ADV-2007-0329 CVE-2007-0479 CERT VU: 217912 Bugtraq ID: 22208