HOME > VULNERABILITY NOTES


   VULNERABILITY NOTE

 

CERT-In Vulnerability Note CIVN-2009-42
Cisco IOS Software IP Sockets Denial of Service Vulnerability

Original Issue Date: April 06, 2009

Severity Rating: High

Systems Affected

Cisco IOS Software and Cisco IOS XE Software 12.0 through 12.4 are affected if they are running any of the following features:

  • Cisco Unified Communications Manager Express
  • SIP Gateway Signaling Support Over Transport Layer Security (TLS) Transport
  • Secure Signaling and Media Encryption
  • Blocks Extensible Exchange Protocol (BEEP)
  • Network Admission Control HTTP Authentication Proxy
  • Per-user URL Redirect for EAPoUDP, Dot1x, and MAC Authentication Bypass
  • Distributed Director with HTTP Redirects
  • DNS (TCP mode only)

Overview

A vulnerability has been reported in Cisco IOS Software that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

Description

This vulnerability is due to an error in the Cisco IOS Software while handling crafted TCP/IP packets. An unauthenticated, remote attacker could exploit this vulnerability by sending a sequence of specially crafted TCP/IP packets to cause the target service to stop accepting new connections or sessions, consume device memory, or consume excessive CPU resources or cause the target device to reload.

Workaround

Use appropriate access-list as suggested by vendor at: http://www.cisco.com/en/US/products/products_
security_advisory09186a0080a904c6.shtml

Solution

Apply appropriate fixed versions as mentioned in CISCO Security Advisory
http://www.cisco.com/en/US/products/products_
security_advisory09186a0080a904c6.shtml

Vendor Information

CISCO
http://www.cisco.com/en/US/products/products_
security_advisory09186a0080a904c6.shtml

References

 Security Focus
http://www.securityfocus.com/bid/34242

Secunia
http://secunia.com/advisories/34438

CVE Name
CVE-2009-0630

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003