12091: Cisco IOS Interface Blocked by IPv4 Packets (cisco-sa-20030717-blocked)

Cisco IOS Interface Blocked by IPv4 Packets (cisco-sa-20030717-blocked)

General Info

	TC:	12091
	Description:	Cisco routers and switches running Cisco IOS software and configured to process Internet Protocol version 4 (IPv4) packets are vulnerable to a Denial of Service (DoS) attack. Multiple IPv4 packets with specific protocol fields sent directly to the device may cause the input interface to stop processing traffic once the input queue is full. Cisco routers do not properly manage packets of certain protocol types: 53 (SWIPE) with a TTL of 1 55 (IP Mobility) with a TTL of 1 77 (SunND) with a TTL of 1 102 (PIM) with any TTL. This result in blocking the input queue of the router which will not be able to handle any packets. The threat is very serious because the router does not reload and no alarm is triggered.
	TC Impact:	Crash

Specific Operations and Actions:

	Vulnerability Publication:	July 17, 2003
	Advisory Copyright:	Cisco Systems, Inc.
	Summary:	It is possible to create a denial of service by sending crafted packets to your Cisco routers.
	Risk:	High
	CVSS 2.0 metrics:	Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete
	CVSS 2.0 Base Score:	7.8

	Vulnerability Impact:	Denial of Service

	Host Impact:	Devices can stop routing traffic until rebooted.
	Nature of Remediation:	Update the software.

	Step required to fix the reported vulnerability:
	*** Solution type: Upgrade Software *** Cisco released updated Cisco IOS software. See references for more details.

Glossary and References :

	References:
	* BID: 8211 http://www.securityfocus.com/bid/8211 * FULLDISC: 20030718 (no subject) http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006743.html * CISCO: 20030717 IOS Interface Blocked by IPv4 Packet http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml * CERT: CA-2003-15 http://www.cert.org/advisories/CA-2003-15.html * CERT: CA-2003-17 http://www.cert.org/advisories/CA-2003-17.html * CERT-VN: VU#411332 http://www.kb.cert.org/vuls/id/411332

	CVE Link:	CVE-2003-0567

	Glossary:	ARP Denial of Service DoS PIM TCP/IP

© 2003-2010 NexantiS Corporation (www.securescout.com)
SecureScout is a trademark of NexantiS
All Rights Reserved
All products names referenced herein are trademarks of their respective companies

SecureScout products are certified:
CVE Compatible
SANS TOP 20 Compatible
CVSS Compatible (Common Vulnerability Scoring System)