HOME > ADVISORIES


   ADVISORY

CERT-In Advisory CIAD-2008-49
Multiple Multicast Vulnerabilities in Cisco IOS Software

Original issue date: October 10, 2008

Severity Rating: High

Systems Affected

  • Devices that are running Cisco IOS Software and configured for PIM

Overview

A vulnerability has been reported in Cisco IOS Software, configured for PIM that could allow an attacker to cause a denial of service (DoS) condition. Cisco IOS Gigabit Switch Router (GSR) devices that are configured for Protocol Independent Multicast (PIM) also contain a vulnerability that could allow a remote attacker to cause a DoS condition.

Description

1. Cisco IOS PIM Packet Reload Denial of Service Vulnerability     (CVE-2008-3808)

The vulnerability exists while handling crafted PIM packets. A remote attacker can exploit this vulnerability by sending a crafted request to the target system. Successful exploitation may cause the device to fail or reload.

2. Cisco IOS Gigabit Switch Router PIM Packet Processing     Denial of Service Vulnerability (CVE-2008-3809)

The vulnerability is due to an error that may occur when the devices process crafted PIM packets.  An attacker could exploit the vulnerability by sending a crafted request to the affected system.  An exploit could allow the attacker to cause the GSR device to crash, which may result in a denial of service (DoS) condition.

Workarounds

  • Use access control lists (ACLs) to restrict packets that do not originate from authorized sources.
  • Allow only trusted PIM neighbors to access the device.

Solution

Apply appropriate fixed versions as mentioned in CISCO Security Advisory.
http://www.cisco.com/en/US/products/products_security_advisory
09186a0080a01491.shtml

Vendor Information

CISCO
http://www.cisco.com/en/US/products/products_security_advisory
09186a0080a01491.shtml


References

 CISCO
http://tools.cisco.com/security/center/viewAlert.x?alertId=16638
http://tools.cisco.com/security/center/viewAlert.x?alertId=16636

SecurityTracker
http://securitytracker.com/alerts/2008/Sep/1020936.html

CVE Name
CVE-2008-3808
CVE-2008-3809

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003