Secunia Logo
 Vulnerability IntelligenceVulnerability ScanningBlog - new entry!Corporate InformationOnline ShopCustomer Login  
 Secunia AdvisoriesSecunia ResearchBinary Analysis  
Home > Vulnerability Intelligence > Secunia Advisories > Cisco Various Products ICMP Message Handling Denial of Service
Secunia Advisories
Advisories
Search
Advisories by Product
Advisories by Vendor
Historic Advisories
Mailing Lists & RSS
Report Vulnerability
Contact Form
Business Solutions Restricted
Partner Solutions Restricted
About
 
Cisco Various Products ICMP Message Handling Denial of Service
Secunia Advisory: SA14904
Advisory Toolbox:
Issue ticket
Save in to-do list
Mark as handled
Exploit information
Download as PDF
Review actions
Add comment
Release Date: 2005-04-12
Last Update: 2005-04-13
Popularity: 17,750 views

Critical:
Less critical
Impact: DoS
Where: From remote
Solution Status: Partial Fix

OS:Cisco Content Services Switch 11000 Series (WebNS)
Cisco Global Site Selector (GSS) 4480 1.x
Cisco IOS 10.x
Cisco IOS 11.x
Cisco IOS 12.x
Cisco IOS R11.x
Cisco IOS R12.x
Cisco IOS XR 3.x
Cisco ONS 15000 Series
Cisco PIX 6.x
Cisco SAN-OS 1.x (MDS 9000 Switches)
Subscribe: Instant alerts on relevant vulnerabilities

CVE reference:CVE-2004-0790
CVE-2004-0791
CVE-2004-1060
Description:
Fernando Gont has published an Internet-Draft describing how ICMP (Internet Control Message Protocol) can be exploited by malicious people to cause a DoS (Denial of Service). Cisco has acknowledged that various Cisco products are affected.

The published Internet-Draft details three types of attacks, which utilize the following ICMP messages to cause a negative impact on TCP connections either terminating or originating from a vulnerable device.

1) ICMP "hard" error messages
2) ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages (known as PMTUD attacks)
3) ICMP "source quench" messages

These attacks can all be exploited to cause TCP connection resets, reduce the throughput in existing TCP connections, or consume large amounts of CPU and memory resources.

Successful exploitation requires knowledge of IP address information of the source and destination of the TCP network connection..

NOTE: See the original advisory for a list of affected versions.

Solution:
See patch matrix in vendor advisory for information about fixes.
http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml#software

Provided and/or discovered by:
Fernando Gont

Changelog:
2005-04-13: Added link to US-CERT vulnerability note. Added CVE references.

Original Advisory:
Cisco:
http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml

NISCC:
http://www.niscc.gov.uk/niscc/docs/al-20050412-00308.html

ICMP attacks against TCP:
http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html

Other References:
RFC1122 (Requirements for Internet Hosts -- Communication Layers):
http://www.ietf.org/rfc/rfc1122.txt

RFC1191 (Path MTU Discovery):
http://www.ietf.org/rfc/rfc1191.txt

US-CERT VU#222750:
http://www.kb.cert.org/vuls/id/222750

Track this Secunia Advisory
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.

Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.

About this Secunia Advisory
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.

Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
  
Latest Advisories

Today
New advisories: 10
New vulnerabilities: 32
Updated advisories: 13

Less // 90 views
SemanticScuttle Cross-Site Scripting Vulnerabilities
Moderately // 102 views
Easyedit CMS Multiple SQL Injection Vulnerabilities
Highly // 101 views
Fedora update for thunderbird
Less // 117 views
IBM Workplace Web Content Management Cross-Site Scripting Vulnerabilities
Highly // 255 views
BitDefender Antivirus PDF Processing Memory Corruption Vulnerability
Moderately // 192 views
xt:Commerce SQL Injection Vulnerability
Less // 166 views
Softbiz Classifieds Script "msg" Cross-Site Scripting Vulnerability
Not // 245 views
Checkpoint VPN-1 Information Disclosure Vulnerability
Moderately // 218 views
Avaya CMS Solaris "sadmind" Buffer Overflow Vulnerability
Moderately // 247 views
EMC Control Center SAN Manager Multiple Vulnerabilities

Solutions | More...  

Send Feedback to Secunia
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.

Ideas, suggestions, and other feedback are most welcome.

Most Popular - 3 Hours

1. BitDefender Antivirus PDF Processing Memory Corruption Vulnerability // 116 views
2. IBM Workplace Web Content Management Cross-Site Scripting Vulnerabilities // 108 views
3. Checkpoint VPN-1 Information Disclosure Vulnerability // 99 views
4. Fedora update for thunderbird // 89 views
5. Easyedit CMS Multiple SQL Injection Vulnerabilities // 88 views
6. xt:Commerce SQL Injection Vulnerability // 77 views
7. EMC Control Center SAN Manager Multiple Vulnerabilities // 76 views
8. SemanticScuttle Cross-Site Scripting Vulnerabilities // 76 views
9. Softbiz Classifieds Script "msg" Cross-Site Scripting Vulnerability // 63 views
10. Avaya CMS Solaris "sadmind" Buffer Overflow Vulnerability // 61 views



Contact | Terms & Conditions and Copyright | Report Vulnerability | Press | Jobs | About Secunia
Copyright Secunia 2002-2008