CERT-In Vulnerability Note CIVN-2008-155
Cisco IOS IPS Feature SERVICE.DNS Signature Engine Network Traffic Handling Denial of Service Vulnerability
Original Issue Date:October 10, 2008
Severity Rating:
High
Systems Affected
- All devices configured with Cisco IOS IPS feature
Overview
Vulnerability has been reported in Cisco IOS devices configured with IPS feature that could allow a remote attacker to cause a DoS Condition.
Description
Cisco IOS devices that are configured with the Cisco IOS Intrusion Prevention System (IPS) feature contain vulnerability. The vulnerability exists because of an unspecified error within the handling of certain IPS signatures that use SERVICE.DNS engine. This vulnerability can be exploited by a remote attacker via crafted network traffic that triggers certain IPS signatures. Successful exploitation of this vulnerability could cause a crash of the device resulting in a DoS condition.
Workaround
- Implement access control lists (ACLs) on each Cisco IOS IPS policy that is configured on the affected device to ensure that network traffic on ports 53 TCP and UDP is not inspected by the IPS feature.
Solution
Apply appropriate fixed versions as mentioned in CISCO Security Advisory.
http://www.cisco.com/en/US/products/products_security_advisory
09186a0080a01556.shtml
Vendor Information
CISCO
http://www.cisco.com/en/US/products/products_security_advisory
09186a0080a01556.shtml
References
CISCO
http://tools.cisco.com/security/center/viewAlert.x?alertId=16656
SecurityFocus
http://www.securityfocus.com/bid/31364
AusCERT
http://www.auscert.org.au/render.html?it=9894
SecurityTracker
http://securitytracker.com/alerts/2008/Sep/1020933.html
CVE Name
CVE-2008-2739
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
|
