Fernando Gont has published an Internet-Draft describing how ICMP (Internet Control Message Protocol) can be exploited by malicious people to cause a DoS (Denial of Service). Cisco has acknowledged that various Cisco products are affected.
The published Internet-Draft details three types of attacks, which utilize the following ICMP messages to cause a negative impact on TCP connections either terminating or originating from a vulnerable device.
1) ICMP "hard" error messages
2) ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages (known as PMTUD attacks)
3) ICMP "source quench" messages
These attacks can all be exploited to cause TCP connection resets, reduce the throughput in existing TCP connections, or consume large amounts of CPU and memory resources.
Successful exploitation requires knowledge of IP address information of the source and destination of the TCP network connection..
NOTE: See the original advisory for a list of affected versions.
Solution: See patch matrix in vendor advisory for information about fixes.
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org
Subject: Cisco Various Products ICMP Message Handling Denial of Service
No posts yet
You must be logged in to post a comment.
Secunia Customer Login
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.