SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Router/Bridge/Hub)  >   Cisco IOS Vendors:   Cisco
Cisco IOS XR Fragmented Packet Processing Flaw Lets Remote Users Deny Service
SecurityTracker Alert ID:  1029235
SecurityTracker URL:  http://securitytracker.com/id/1029235
CVE Reference:   CVE-2013-5549   (Links to External Site)
Date:  Oct 23 2013
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): IOS XR 3.3.0 to 4.2.0
Description:   A vulnerability was reported in Cisco IOS XR. A remote user can cause denial of service conditions.

A remote user can send specially crafted fragmented packets to the target device to cause the target route processor to be unable to transmit packets to the fabric.

The vendor has assigned bug IDs CSCuh30380 and CSCtz62593 to this vulnerability.

The following processors are affected:

Cisco CRS 16-Slot Line Card Chassis Route Processor (RP-A)
Cisco CRS 16-Slot Line Card Chassis Route Processor B (RP-B)
Carrier Routing System (CRS) Performance Route Processor (PRP)
Cisco CRS Distributed Route Processor (DRP-B)

Impact:   A remote user can cause the target route processor to be unable to transmit packets to the fabric.
Solution:   The vendor has issued a fix (XR 4.2.1).

A patch matrix for previous versions is available in the vendor's advisory.

The vendor's advisory is available at:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-iosxr

Vendor URL:  tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-iosxr (Links to External Site)
Cause:   Input validation error

Message History:   None.


 Source Message Contents

Subject:  Cisco Security Advisory: Cisco IOS XR Software Route Processor Denial of Service Vulnerability

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Cisco IOS XR Software Route Processor Denial of Service Vulnerability

Advisory ID: cisco-sa-20131023-iosxr

Revision 1.0

For Public Release 2013 October 23 16:00  UTC (GMT)
======================================================================

Summary
- -------

Cisco IOS XR Software contains a vulnerability when handling fragmented packets that may result in a denial of service condition of the Cisco CRS Route Processor cards listed under "Affected Products".  The vulnerability affects IOS XR Software versions 3.3.0 to 4.2.0

The vulnerability is a result of improper handing of fragmented packets and could cause the route processor, which processes the packets, to be unable to transmit packets to the fabric.

Customers that are running version 4.2.1 or later of Cisco IOS XR Software, or that have previously installed the SMU for CSCtz62593 are not affected by this vulnerability.

Cisco has released free software updates that address these vulnerabilities.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-iosxr

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org

iF4EAREIAAYFAlJn58UACgkQUddfH3/BbTrv4QEAh+QY4ZydQisX8dgb64PnLJ4T
ojL0gqnAyhJyjmlTfQQA/3gUxnSomEgEvh1N1T8OD5oWRTJn/FdI+B8w0wr+9TDN
=GDEc
-----END PGP SIGNATURE-----
_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC