In association with heise online

19 June 2008, 14:12

Jumbo frames crash Cisco's IPS

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Cisco has reported that Jumbo Ethernet frames are not handled properly by its Intrusion Prevention System (IPS). While the IPS is operating in inline mode, malformed packets on a gigabit network interface can cause a kernel panic and freeze the IPS. As a result, the system may no longer alert users in case of further attacks. Only a reboot resolves the situation.

Platforms without gigabit Ethernet are not vulnerable. According to Cisco, promiscuous mode is also unaffected. As jumbo Ethernet frames are generally rejected by internet service providers, attacks are confined to LAN environments. Cisco Intrusion Prevention System versions 5.x up to 5.1(8)E2 as well as 6.x up to 6.0(5)E2 are affected. The vendor plans to release versions 5.1(8)E2 and 6.0(5)E2 on June 20.

A vulnerability has also been reported in the Deterministic Network Enhancer (DNE) shipped with Cisco's VPN Client. Flawed processing of certain ioctl requests in the dne2000.sys driver allows local users to execute arbitrary code at kernel privilege level, thereby escalating their privileges. The flaw is said to have been resolved in version 3.21.12.17902 of the driver. According to the US-CERT, Cisco has also fixed the flaw in the Windows VPN Client with version 5.0.03.0530.

See also:

(mba)

Print Version | Send by email | Permalink: http://h-online.com/-736261
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit