exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Technical Cyber Security Alert 2004-316A

Technical Cyber Security Alert 2004-316A
Posted Nov 12, 2004
Authored by US-CERT | Site cert.org

Technical Cyber Security Alert TA04-316A - There is a vulnerability in the way Cisco IOS processes DHCP packets. Exploitation of this vulnerability may lead to a denial of service. The processing of DHCP packets is enabled by default.

tags | advisory, denial of service
systems | cisco
SHA-256 | 6d7e0df60be9abbc7bb549866d6dd8df85bbe76ad2cdc57356c933aab7f8eb8e

Technical Cyber Security Alert 2004-316A

Change Mirror Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Technical Cyber Security Alert TA04-316A
Cisco IOS Input Queue Vulnerability

Original release date: November 11, 2004
Last revised: --
Source: US-CERT

Systems Affected

* Cisco routers, switches, and line cards running vulnerable
versions of IOS

The following versions of IOS are known to be affected:

* 12.2(18)EW
* 12.2(18)EWA
* 12.2(18)S
* 12.2(18)SE
* 12.2(18)SV
* 12.2(18)SW
* 12.2(14)SZ

Overview

There is a vulnerability in the way Cisco IOS processes DHCP packets.
Exploitation of this vulnerability may lead to a denial of service.
The processing of DHCP packets is enabled by default.

I. Description

The Dynamic Host Configuration Protocol (DHCP) provides a means for
distributing configuration information to hosts on a TCP/IP
network.The Cisco Internetwork Operating System (IOS) contains a
vulnerability that allows malformed DHCP packets to cause an affected
device to stop processing incoming network traffic.

Cisco routers, switches, and line cards provide support for processing
DHCP packets. Cisco devices can act as a DHCP server, providing host
configuration information to clients, or they can forward DHCP and
BootP requests as a relay agent. The affected devices have the DHCP
service enabled by default and will accept and process incoming DHCP
packets. When a DHCP packet is received, it is placed into an input
queue so it can be processed. Undeliverable DHCP packets may remain in
the queue if malformed in a certain way. When the queue becomes full,
the device will stop accepting all traffic on that interface, not just
DHCP traffic.

The DHCP service is enabled by default in IOS. DHCP can only be
disabled when the no service dhcp command is specified in the running
configuration. Cisco notes the following in their advisory:

"Cisco routers are configured to process and accept DHCP
packets by default, therefore the command service dhcp does not
appear in the running configuration display, and only the
command for the disabled feature, no service dhcp, will appear
in the running configuration display when the feature is
disabled. The vulnerability is present, regardless if the DHCP
server or relay agent configurations are present on an affected
product. The only required configuration for this vulnerability
in affected versions is the lack of the no service dhcp
command."

Cisco is tracking this issue as CSCee50294. US-CERT is tracking this
issue as VU#630104.

II. Impact

By sending a specially crafted DHCP packet to an affected device, a
remote, unauthenticated attacker could cause the device to stop
processing incoming network traffic. Repeated exploitation of this
vulnerability could lead to a sustained denial-of-service condition.
In order to regain functionality, the device must be rebooted to clear
the input queue on the interface.

III. Solution

Upgrade to fixed versions of IOS

Cisco has published detailed information about upgrading affected
Cisco IOS software to correct this vulnerability. System managers are
encouraged to upgrade to one of the non-vulnerable releases. For
additional information regarding availability of repaired releases,
please refer to the "Software Versions and Fixes" section of the Cisco
Security Advisory.

Workarounds

Cisco recommends a number of workarounds. For a complete list of
workarounds, see the Cisco Security Advisory.

Appendix A. References

* Vulnerability Note VU#630104 -
<http://www.kb.cert.org/vuls/id/630104>

* Cisco Security Advisory: "Cisco IOS DHCP Blocked Interface
Denial-of-Service" -
<http://www.cisco.com/warp/public/707/cisco-sa-20041110-dhcp.shtml
>
_________________________________________________________________

US-CERT thanks Cisco Systems for notifying us about this problem.
_________________________________________________________________

Feedback can be directed to the authors: Jeff Havrilla, Damon Morda,
and Jason Rafail

_________________________________________________________________

This document is available from:

<http://www.us-cert.gov/cas/techalerts/TA04-316A.html>

_________________________________________________________________

Copyright 2004 Carnegie Mellon University.

Terms of use: <http://www.us-cert.gov/legal.html>
_________________________________________________________________

Revision History

Nov 11, 2004: Initial release

Last updated November 11, 2004


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBQZP5KBhoSezw4YfQAQLfEAgAlabhwlqCsQXLVFjedNKxa2CmRPYta5aC
GXy6I+TDAVv7V57pz4QE4LxreUEb2vyc8CE4TWUy5PL7+tR0IEduur7XXnOs13Is
O77GyYxBzxtOi+12zAui2wVM8gepobMS6JwYY7V5tyCRZ7mT7lGkVXzO2xHwFsM7
l6meXU/3eO0AjUv5NmJWBuWuGcPny3qyy3M4rgAcRCXIEWaVMnSCAALfSfPS6Ea8
6qYTmXOCbOnEC1RfdnRDgfmnWGwX5RlOPSrDJr3uS5DEkuEvFwaBnIDWMVtQUnvv
oL1jZwbFVY1WNuPIosKSFSBs0U4l7RStiwSw3BF/EbgPrUBg3ugYyw==
=gshZ
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    69 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close