HOME > ADVISORIES


   ADVISORIES

CERT-In Advisory CIAD-2007-11
Cisco Catalyst 6000,6500 and Cisco 7600Series MPLS Packet Vulnerability

Original issue date: March 05, 2007

Severity Rating: Medium

Systems Affected

This vulnerability affects the following products:

  • Cisco Catalyst 6500 systems that run 12.2(18)SXF4 with Cisco IOS  Software Modularity are affected.
  • Cisco Catalyst 6000, 6500 and Cisco 7600 series systems with an SFC2 or MSFC3 that run in Hybrid Mode are affected.

Overview

Vulnerability has been found in Cisco Catalyst 6500 series systems. A Multi Protocol Label Switching (MPLS) packet may be used to attack on Cisco Catalyst 6500 series systems. The affected switches are those, which are running in Hybrid Mode (Catalyst OS (CatOS) software on the Supervisor Engine and IOS Software on the Multilayer Switch Feature Card (MSFC) or running with Cisco IOS Software Modularity. Exploitation of the vulnerability may result in reloading the systems. Repeated exploitation may lead to a denial of service condition .

Description

1. Cisco Catalyst 6500 systems that run 12.2(18)SXF4 with Cisco IOS  Software

Cisco IOS Software Modularity enhances the deliverables and are being used in in Cisco IOS Software for the Catalyst 6500 Series Supervisor Engine 720 and Supervisor Engine 32. Only the images with a "-vz" in the image name support Modular IOS and are affected by this vulnerability.

2. Cisco Catalyst 6000, 6500 and Cisco 7600 series systems with an SFC2 or MSFC3

CatOS provides the Layer 2 (L2) switching functionality. The Cisco IOS on the MSFC provides the Layer 3 (L3) routing functionality. CatOS image is used as the system software to run the Supervisor Engine on the Catalyst systems. A separate IOS Software image is used in order to run the MSFC. In Hybrid Mode, IOS images that run on MSFC start with "c6msfc2", "c6msfc2a" or "c6msfc3" . This vulnerability affects only those IOS software that run on MSFC in Hybrid Mode.

Even the MPLS is not configured on the system, MPLS packets received by a Route Processor (MSFC) Layer 3 interface can potentially trigger this vulnerability.

Workarounds

As such there is no workaround for this vulnerability.

Mitigations that can be deployed on Cisco devices within the network are available in the Cisco Applied Intelligence companion document for this advisory:
http://www.cisco.com/warp/public/707/cisco-air-20070228-
mpls.shtml


Vendor Information

Cisco
http://www.cisco.com/warp/public/707/cisco-sa-20070228-
mpls.shtml

References

Net-Security
http://www.net-security.org/advisory.php?id=7242

Security Focus
http://www.securityfocus.com/archive/1/461545

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003