Cisco IOS XR ICMP Memory Corruption Flaw Lets Local Users Deny Service
|
SecurityTracker Alert ID: 1028914 |
SecurityTracker URL: http://securitytracker.com/id/1028914
|
CVE Reference:
CVE-2013-3464
(Links to External Site)
|
Date: Aug 14 2013
|
Impact:
Denial of service via local system
|
Vendor Confirmed: Yes Exploit Included: Yes
|
|
Description:
A vulnerability was reported in Cisco IOS XR. A local user can cause denial of service conditions.
A local user can send specially crafted Internet Control Message Protocol (ICMP) messages to cause the device to reload. The flaw is due to a Silicon Packet Processor (SPP) buffer corruption flaw and a mutex flaw and can be triggered by sending an extended ping with 'timeout=0' and a large packet size and then terminating the process issuing a Control-C key command.
The vendor has assigned Bug ID CSCui60347 to this vulnerability.
|
Impact:
A local user can cause the target device to reload.
|
Solution:
No solution was available at the time of this entry.
The vendor's advisory is available at:
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3464
|
Vendor URL: tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3464 (Links to External Site)
|
Cause:
Access control error
|
|
Message History:
None.
|
Source Message Contents
|
|
[Original Message Not Available for Viewing]
|
|