Cisco IOS XR ASR 9000 IPv6 Processing Flaw Lets Remote Users Deny Service
SecurityTracker Alert ID: 1030400|
SecurityTracker URL: http://securitytracker.com/id/1030400
(Links to External Site)
Date: Jun 11 2014
Denial of service via network|
Fix Available: Yes Vendor Confirmed: Yes |
A vulnerability was reported in Cisco IOS XR on ASR 9000 routers. A remote user can cause denial of service conditions.|
A remote user can send specially crafted IPv6 packets to cause the target Network Processor (NP) chip and line card to lock up and eventually reload.
Only Trident-based line cards on Cisco ASR 9000 Series Aggregation Services Routers are affected.
On systems not configured for IPv6, a remote user on the adjacent network can exploit this flaw. On systems configured for IPv6, a remote user can exploit this flaw.
The vendor has assigned bug ID CSCun71928 to this vulnerability.
A remote user can cause the target Network Processor (NP) chip and line card to lock up and reload.|
The vendor has issued a fix:|
For 4.2.1: asr9k-p-4.2.1.CSCun71928 and asr9k-px-4.2.1.CSCun71928
For 4.2.3: asr9k-px-4.2.3.CSCun71928 and asr9k-p-4.2.3.CSCun71928
For 4.3.1: asr9k-px-4.3.1.CSCun71928
For 4.3.2: asr9k-px-4.3.2.CSCun71928
For 4.3.4: asr9k-px-4.3.4.CSCuo22306
For 5.1.1: asr9k-px-5.1.1.CSCuo22306
The vendor's advisory is available at:
Vendor URL: tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140611-ipv6 (Links to External Site)
Source Message Contents
Subject: Cisco Security Advisory: Cisco IOS XR Software IPv6 Malformed Packet Denial of Service Vulnerability|
-----BEGIN PGP SIGNED MESSAGE-----
Cisco IOS XR Software IPv6 Malformed Packet Denial of Service Vulnerability
Advisory ID: cisco-sa-20140611-ipv6
For Public Release 2014 June 11 16:00 UTC (GMT)
A vulnerability in the parsing of malformed Internet Protocol version 6 (IPv6) packets in Cisco IOS XR Software for ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause a lockup and eventual reload of a Network Processor (NP) chip and a line card processing traffic. Only Trident-based line cards on Cisco ASR 9000 Series Aggregation Services Routers are affected by this vulnerability.
The vulnerability is due to insufficient logic in parsing malformed IPv6 packets. An attacker could exploit this vulnerability by sending a stream of malformed IPv6 packets to the affected device. An exploit could allow the attacker to cause a lockup and eventual reload of an NP chip and a line card, leading to a denial of service (DoS) condition.
Cisco has released free software updates that address this vulnerability.
There are no workarounds that address this vulnerability.
This advisory is available at the following link:
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
-----END PGP SIGNATURE-----
cust-security-announce mailing list
To unsubscribe, send the command "unsubscribe" in the subject of your message to firstname.lastname@example.org