18332 : Cisco IOS Crafted IPv6 Packet Remote Code Execution
Printer | http://osvdb.org/18332 | Email This | Edit Vulnerability

Views This Week Views All Time Added to OSVDB Last Modified Modified (since 2008) Percent Complete
3 523 over 6 years ago over 3 years ago 0 times 90%

Timeline
Disclosure Date
2005-07-27

Keywords

 michael lynn

Description

Cisco IOS contains a flaw that may allow a malicious user to cause denial of service conditions or execute arbitrary code. The issue is triggered when a crafted IPv6 packet is sent to a router running a vulnerable version of IPv6 code. It is possible that the flaw may allow a denial of service or the execution of arbitrary code, resulting in a loss of integrity, and/or availability.

Classification

 Location: Remote / Network Access
Attack Type: Denial of Service, Input Manipulation
Impact: Loss of Integrity, Loss of Availability
Exploit: Exploit Rumored
Disclosure: OSVDB Verified

Technical

Exploit code for the above vulnerability was demonstrated at Black Hat 2005. The exploit code, which was not released, shoveled a reverse shell with full enable access to a listening console on the attacking machine. While the attack must come from a directly connected subnet, this is still a remote attack.

Solution

Upgrade to the version appropriate for your installation, as outlined in the vulnerable version matrix provided by Cisco. It is also possible to correct the flaw by implementing the following workaround(s): Disable support for IPv6. IPv6 support is enabled on most versions of IOS by default. To disable IPv6 on a router which supports it, the "no ipv6 enable" and "no ipv6 address" commands must be given within the configuration of each interface on the router.

Products
Cisco Systems, Inc.
Watch-list
IOS
Watch-list
 12.0S
12.0SX
12.0SL
12.0ST
12.0SY
12.1x
12.2BC
12.2BW
12.2BY
12.2BX
12.2BZ
12.2CX
12.2CY
12.2CZ
12.2DX
12.2EU
12.2EW
12.2EWA
12.2EX
12.2EY
12.2EZ
12.2JA
12.2JK
12.2MB
12.2MC
12.2S
12.2SE
12.2SEA
12.2SEB
12.2SEC
12.2SO
12.2SU
12.2SV
12.2SW
12.2SX
12.2SXA
12.2SXB
12.2SXD
12.2SXE
12.2SY
12.2SZ
12.2T
12.2XA
12.2XB
12.2XC
12.2XD
12.2XE
12.2XF
12.2XG
12.2XH
12.2XI
12.2XJ
12.2XK
12.2XL
12.2XM
12.2XN
12.2XQ
12.2XR
12.2XT
12.2XU
12.2XW
12.2XZ
12.2YA
12.2YB
12.2YC
12.2YD
12.2YE
12.2YF
12.2YG
12.2YH
12.2YJ
12.2YK
12.2YL
12.2YM
12.2YN
12.2YO
12.2YP
12.2YQ
12.2YR
12.2YT
12.2YU
12.2YV
12.2YW
12.2Yx
12.2YY
12.2YZ
12.2ZA
12.2ZB
12.2ZC
12.2ZD
12.2ZE
12.2ZF
12.2ZG
12.2ZH
12.2ZJ
12.2ZL
12.2ZN
12.2ZO
12.2ZP
12.3
12.3B
12.3BC
12.3BW
12.3JA
12.3JK
12.3T
12.3XA
12.3XB
12.3XC
12.3XD
12.3XE
12.3XF
12.3XG
12.3XH
12.3XI
12.3XJ
12.3XK
12.3XL
12.3XM
12.3XQ
12.3XR
12.3XS
12.3XT
12.3XU
12.3XW
12.3Xx
12.3XY
12.3YA
12.3YD
12.3YF
12.3YG
12.3YH
12.3YI
12.3YJ
12.3YK
12.3YQ
12.3YS
12.3YT
12.3YU
12.4
12.4MR
12.4T

References

Tools & Filters
19771

Credit
  • Michael Lynn - abaddonio.com -

CVSSv2 Score

CVSSv2 Base Score = 2.1
Source: nvd.nist.gov | Generated: 2005-08-04 | Disagree?

Access_vector_0 Access_complexity_2 Authentication_2 Confidentiality_impact_0 Integrity_impact_0 Availability_impact_1

Blogs

This product uses the Daylife API but is not endorsed or certified by Daylife.

This section lists the latest news and blogs found via the daylife API (and for older items, the technorati API), which mention or otherwise discuss this vulnerability.

None found at this time

Comments

Add Comment

No Comments.

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

© Copyright 2012 Open Source Vulnerability Database (OSVDB), All Rights Reserved.
Privacy Statement - Terms of Use