Two vulnerabilities have been reported in Cisco IOS, which can be exploited by malicious people to bypass certain security restrictions or cause a DoS (Denial of Service).
1) Cisco IOS IPS signatures using regular expressions may not correctly identify malicious traffic within fragmented IP packets. This can be exploited to bypass the detection mechanism by sending specially crafted, fragmented IP packets.
2) An error exists within the ATOMIC.TCP scanning mechanism and signatures, which use regular expressions (e.g. Signature 3123.0 for Netbus Pro Traffic). This can be exploited to crash a device by producing specially crafted network traffic.
Solution: See the vendor advisory for a patch matrix and workarounds.
Provided and/or discovered by: Reported by the vendor
Original Advisory: http://www.cisco.com/warp/public/707/cisco-sa-20070213-iosips.shtml
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org
Subject: Cisco IOS IPS Security Bypass and Denial of Service
No posts yet
You must be logged in to post a comment.
Secunia Customer Login
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.