Vulnerabilities in Cisco's IOS
The network specialist Cisco has published three security advisories concerning vulnerabilities in its router operating systems. By means of manipulating packets, malicious individuals could execute Denial-of-Service attacks or even smuggle in program code – for instance using a specially prepared ping packet.
Errors in the processing routines for ICMP, PIMv2, PGM and URD packets which have placed IP options not named by Cisco in the headers lead to a router crash or to the execution of injected program code. These merely have to be addressed to a configured router interface. According to Cisco, a further error in the processing of prepared IPv6 routing headers in the IP layer can lead to memory structures being overwritten. Therefore there is a possibility that hackers could smuggle malicious code into routers using IPv6-TCP, UDP or ICMP packets with manipulated headers.
Hackers can provoke a Denial-of-Service via prepared TCP packets addressed to the router. Not even the three-way handshake required for TCP connections is required. With each incoming packet the router reserves a small memory area which it does not release until the device has used all available memory and the device then fails. This condition can only be remedied by a restart.
Cisco rates the first two vulnerabilities as being very serious. The manufacturer is providing registered customers with updated software that resolves the errors in the IOS operating system via the usual channels. Administrators of affected systems should perform the update as soon as possible. Cisco's advisories also provide information on alternative measures for administrators who are not in a position to update the software.
- IPv6 Routing Header Vulnerability, Cisco's security advisory
- Crafted IP Option Vulnerability, Cisco's security advisory
- Crafted TCP Packet Can Cause Denial of Service, Cisco's security advisory