Cisco yesterday released a series of fixes for their switching and routing products to address a number of serious issues that affect IOS. 

The first of these fixes addresses a denial of service issue in all versions of IOS in the Transmission Control Protocol (TCP) listener. It only applies to traffic specifically directed at the device and not traffic that transverses the device. More details can be found here on the Cisco site.

The next issue is a problem the handling of IP packets that can be used with a specially crafted IP option packet to perform a denial of service attack. It seems however that this flaw may be used to execute arbitrary code on the device. The vulnerability may be exploited after processing an Internet Control Message Protocol (ICMP) packet, Protocol Independent Multicast version 2 (PIMv2) packet, Pragmatic General Multicast (PGM) packet, or URL Rendezvous Directory (URD) packet containing a specific crafted IP option in the packet's IP header. You can find out more here.

The final patched flaw is an Denial of Service issue affecting IOS devices with IPv6 enabled. The flaw relates to a specially crafted IPv6 Type 0 Routing header that can crash a device running IPv6 enabled IOS software. You can find out more here.

At this time it appears these issues are not being exploited, however you can expect that these will grab the attention of some of the hacker types out there and we recommend that if you have affected Cisco devices that you update them at the earliest opportunity.

Add this page to your favorite Social Bookmarking websites