Deadly pings for Cisco routers and switches
A bug in the Firewall Services Module (FWSM) software allows Cisco routers and switches to be disabled by a series of crafted ICMP packets. Catalyst 6500 series switches and Cisco 7600 series routers equipped with a Firewall Services Module are affected. All FWSM software versions 2.x, 3.x and 4.x without the specific fix for this bug are vulnerable. In a security advisory, Cisco states that processing ICMP packets can lead a processor to use all available execution threads, with the result that the system will not forward any further packets. The FSWM itself is then no longer available remotely and, if configured for failover operation, the failover may also fail.
The command show np 2 stats can be used to determine whether the problem has previously occurred. If it has the error message "ERROR: np_logger_query request for FP Stats failed" is returned. The vendor does not suggest a workaround, but has made updated versions of the FWSM software available in which the problem does not occur.
See also:
- Firewall Services Module Crafted ICMP Message Vulnerability, Cisco security advisory.
- One false ping and Solaris is in a panic, a report from The H.
(djwm)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
