---------------------------------------------------------------------- Secunia is proud to announce the availability of the Secunia Software Inspector. The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor. Try it out online: http://secunia.com/software_inspector/ ---------------------------------------------------------------------- TITLE: Cisco IOS Multiple Vulnerabilities SECUNIA ADVISORY ID: SA23867 VERIFY ADVISORY: http://secunia.com/advisories/23867/ CRITICAL: Highly critical IMPACT: DoS, System access WHERE: >From remote OPERATING SYSTEM: Cisco IOS XR 3.x http://secunia.com/product/4907/ Cisco IOS R12.x http://secunia.com/product/50/ Cisco IOS R11.x http://secunia.com/product/53/ Cisco IOS 12.x http://secunia.com/product/182/ Cisco IOS 11.x http://secunia.com/product/183/ Cisco IOS 10.x http://secunia.com/product/184/ DESCRIPTION: Some vulnerabilities have been reported in Cisco IOS, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. 1) An error exists in the processing of IP options in various IP packets (including some ICMP requests, PIMv2, PGM, and URD requests). This can be exploited to restart the device or ipv4_io process or potentially execute arbitrary code via a specially crafted IP Option field in a packet sent to a physical or virtual IPv4 address configured on the device. 2) A memory leak error in the processing of TCP packets can be exploited to cause the device to consume a large amount of memory over time and may lead to a degraded service via a specially crafted packet sent to a physical or virtual IPv4 address configured on the device. 3) An error in the processing of IPv6 Type 0 Routing headers can be exploited to crash the device via a specially crafted packet sent to an IPv6 address defined on the device. Successful exploitation of this vulnerability requires that IPv6 is enabled. SOLUTION: Update to the latest version (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: 1) Reported by the vendor. 2) Reported by the vendor. 3) Arnaud Ebalard, EADS Corporate Research Center. ORIGINAL ADVISORY: Cisco Systems: http://www.cisco.com/warp/public/707/cisco-sa-20070124-bundle.shtml http://www.cisco.com/warp/public/707/cisco-sa-20070124-crafted-ip-option.shtml http://www.cisco.com/warp/public/707/cisco-sa-20070124-crafted-tcp.shtml http://www.cisco.com/warp/public/707/cisco-sa-20070124-IOS-IPv6.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------