DoS Flaw in Cisco Router, Switches

Cisco has issued an alert for a denial-of-service
vulnerability in routers and switches running its Cisco
IOS software and configured to process IPv4 packets.

Cisco, which dominate the market for switching and routing equipment used
to link networks said a rare sequence of crafted IPv4 packets sent directly
to the vulnerable device may cause the input interface to stop processing
traffic once the input queue is full.

The flaw, described as “moderately critical” by research firm Secunia,
could be compromised without authentication because processing of IPv4
packets is enabled by default. Devices running only IP version 6 (IPv6) are
not affected, Cisco said.

On Ethernet interfaces, Cisco said the Address Resolution Protocol (ARP)
times out after a default time of four hours causing a blockage of traffic
flow. “The device must be rebooted to clear the input queue on the
interface, and will not reload without user intervention. The attack may be
repeated on all interfaces causing the router to be remotely inaccessible,”
the company warned.

According to the advisory, a device receiving these specifically crafted
IPv4 packets will force the inbound interface to stop processing traffic.
“The device may stop processing packets destined to the router, including
routing protocol packets and ARP packets. No alarms will be triggered, nor
will the router reload to correct itself,” the company cautioned, noting
that the vulnerability may be exercised repeatedly resulting in loss of
availability until a workaround has been applied or the device has been
upgraded to a fixed version of code.

Cisco released a patch and workaround for the flaw.

The Computer Emergency Response Team (CERT), in an accompanying advisory,
urged network administrators to consider applying access control lists as an
additional safeguard until the patch could be applied.

Cisco said it was not aware of any public announcements or malicious use
of the vulnerabilities.

News Around the Web