SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Router/Bridge/Hub)  >   Cisco IOS Vendors:   Cisco
Cisco IOS GRE Parsing Error May Let Remote Users Inject Packets
SecurityTracker Alert ID:  1016799
SecurityTracker URL:  http://securitytracker.com/id/1016799
CVE Reference:   CVE-2006-4650   (Links to External Site)
Updated:  Jun 8 2008
Original Entry Date:  Sep 6 2006
Impact:   Host/resource access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 12.0, 12.1, and 12.2
Description:   A vulnerability was reported in Cisco IOS when using GRE. A remote user may be able to inject packets into the routing queues.

Cisco IOS does not properly parse GRE packets containing GRE source routing information. A remote user can send a specially crafted GRE packet to cause the router to reuse packet packet data from unrelated ring buffer memory and inject the the data into the routing queues.

As a result, memory contents of the packet ring buffers may be interpreted as the payload IP packet and reinjected into the routing queue.

A remote user may be able to exploit this to bypass access control lists.

The vendor was notified on July 7, 2005.

Cisco has assigned Cisco Bug IDs CSCuk27655, CSCea22552, and CSCei62762 to this vulnerability.

FX of Phenoelit Group discovered the original vulnerability.

The original advisory is available at:

http://www.phenoelit.de/stuff/CiscoGRE.txt

Impact:   A remote user may be able to inject packets into the routing queues to bypass access control lists.
Solution:   The vendor has issued a fix in Cisco IOS 12.3 and 12.4 based trains.

Cisco IOS 12.0(23)S or later is not vulnerable when Cisco Express Forwarding (CEF)
is enabled (default behavior).

The Cisco advisory is available at:

http://www.cisco.com/warp/public/707/cisco-sr-20060906-gre.shtml

Vendor URL:  www.cisco.com/warp/public/707/cisco-sr-20060906-gre.shtml (Links to External Site)
Cause:   Input validation error, State error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC