[NEWS] OSM Line Card Header Corruption Vulnerability
From: support@securiteam.com
Date: 12/12/02
- Previous message: support@securiteam.com: "[NT] Enceladus Server Directory Traversal Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Date: 12 Dec 2002 18:31:38 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
Beyond Security would like to welcome Tiscali World Online
to our service provider team.
For more info on their service offering IP-Secure,
please visit http://www.worldonline.co.za/services/work_ip.asp
- - - - - - - - -
OSM Line Card Header Corruption Vulnerability
------------------------------------------------------------------------
SUMMARY
The Optical Service Module (OSM) Line Cards installed in Catalyst 6500 or
Cisco 7600 chassis, and running Cisco IOSŪ Software Version 12.1(8)E and
higher are vulnerable to a Denial of Service upon receiving a specifically
constructed or corrupted packet from the local network.
Cisco has provided fixed software for this problem. The vulnerability has
been assigned Cisco Bug ID CSCdy29717.
DETAILS
Affected Products:
The following products are affected only when they have OSM Line Cards
installed and running in conjunction with Cisco IOS Software Versions
12.1(8)E through 12.1(13.4)E:
* Catalyst 6500 with Sup2/MSFC2 modules
* Cisco 7600
No other releases of Cisco Catalyst hardware and software combinations are
affected by this vulnerability. No other Cisco products are affected by
this vulnerability.
Details:
This defect was introduced by CSCdv23236 in version Cisco IOS Software
Versions 12.1(8)E. When certain malformed datagrams arrive on the
interface, the packet forwarding engine specific to this line card
rewrites the datagram in such a way that legitimate information is
overwritten resulting in the interface ceasing to receive and forward
further legitimate network traffic.
Because most networking devices typically drop the malformed datagrams,
the attack must occur from a locally attached network.
Bug ID
* CSCdy29717 - Traffic forwarding stops due to packet header corruption.
Impact:
This defect causes traffic forwarding to fail, resulting in a denial of
service. This can only be triggered from the local network and is not
propagated across networks by most layer 3 devices.
Software Versions:
This vulnerability is repaired in version 12.1(13.5)E, and is available
for general download in version 12.1(13)E1 and 12.1(12c)E2, and will be
available going forward in all versions supporting this hardware
combination, specifically 12.1(14)E. The 12.2S train is not affected by
this vulnerability, as this particular hardware combination is not
currently supported with the 12.2S software.
Obtaining Fixed Software:
Customers with contracts should obtain upgraded software through their
regular update channels. For most customers, this means that upgrades
should be obtained through the Software Center on Cisco's worldwide
website at <http://www.cisco.com/public/sw-center/sw-ios.shtml>
http://www.cisco.com/public/sw-center/sw-ios.shtml.
Customers whose Cisco products are provided or maintained through prior or
existing agreement with third-party support organizations such as Cisco
Partners, authorized resellers, or service providers should contact that
support organization for assistance with obtaining the free software
upgrade(s).
Customers who purchase direct from Cisco but who do not hold a Cisco
service contract and customers who purchase through third-party vendors
but are unsuccessful at obtaining fixed software through their point of
sale should get their upgrades by contacting the Cisco Technical
Assistance Center (TAC). TAC contacts are as follows:
* +1 800 553 2447 (toll-free from within North America)
* +1 408 526 7209 (toll call from anywhere in the world)
* email: tac@cisco.com .
See <http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml>
http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml for additional
TAC contact information, including special localized telephone numbers and
instructions and e-mail addresses for use in various languages.
Please have your product serial number available and give the URL of this
advisory as evidence of your entitlement to a free upgrade. Free upgrades
for non-contract customers must be requested through the TAC.
Please do not contact either "psirt@cisco.com" or
"security-alert@cisco.com" for software upgrades.
Workarounds:
No workarounds exist for this vulnerability. Cisco recommends upgrading to
repaired versions.
ADDITIONAL INFORMATION
The information has been provided by <mailto:psirt@cisco.com> Cisco
Systems Product Security Incident Response Team.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Next message: support@securiteam.com: "[NT] Kunani FTP Server Vulnerable to a Directory Traversal Attack"
- Previous message: support@securiteam.com: "[NT] Enceladus Server Directory Traversal Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
