CERT-In Vulnerability Note CIVN-2007-100
Cisco IOS Information Leakage Using IPv6 Routing Header

Original Issue Date: August 14, 2007

Severity Rating: High


Systems Affected

• Cisco IOS and Cisco IOS enabled for IPv6.

Overview

Vulnerability exists in Cisco IOS and Cisco IOS XR when processing specially crafted IPv6 packets with a Type 0 Routing Header present. Successful exploitation of this vulnerability can result in information leakage on affected IOS and IOS XR devices, and can subsequently crash the affected IOS device or IPv6 subsystem.

Description

This vulnerability is caused by an error when processing specially crafted IPv6 packets with a Type 0 Routing Header present. A remote attacker can exploit this vulnerability. Successful exploitation may cause swapping of memory between the destination IPv6 address field and the packet buffer, information leakage in the form of an IPv6 destination address, and crash the device.

In the case of Cisco IOS XR, successful exploitation will not crash the whole device but only lead to a restart of the IPv6 subsystem. Successful exploitation of this vulnerability may lead to a sustained denial of service (DoS) of all upper layer services that use IPv6 as the transport protocol but not the whole device.

Workaround

• To mitigate the vulnerabilities, user may have to use access-list. 

Vendor Information

Cisco
http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-IPv6-leak.shtml

References

FrSirt
http://www.frsirt.com/english/advisories/2007/2819

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003