|
Cisco IOS Regular Expressions Denial of Service
|
|
|
|
|
Secunia Advisory:
|
SA26798
|
|
|
Release Date:
|
2007-09-13
|
|
|
Critical:
|
Not critical
|
|
Impact:
|
DoS
|
|
Where:
|
Local system
|
|
Solution Status:
|
Unpatched
|
|
| OS: | Cisco IOS 12.x
Cisco IOS R12.x
|
|
|
|
This advisory is currently marked as unpatched!
- Companies can be alerted when a patch is released! |
|
|
Description:
A vulnerability has been reported in Cisco IOS, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
The vulnerability is caused due to an error when handling regular expressions containing repetition operators and pattern recalls. This can be exploited to cause a stack overflow by sending a command with specially crafted regular expressions to the command line interface.
Successful exploitation causes the device to crash and requires a reboot, but requires valid user credentials.
The vulnerability is reported in versions 12.0, 12.1, 12.2, 12.3, and 12.4.
Solution:
Restrict access to trusted people only.
Provided and/or discovered by:
Sebastian Wiesinger
Original Advisory:
http://www.cisco.com/en/US/products/p...ecurity_response09186a00808bb91c.html
Other References:
https://puck.nether.net/pipermail/cisco-nsp/2007-August/043002.html
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
58 Related Secunia Security Advisories, displaying 10
|
|
|
1. Cisco IOS Denial of Service Vulnerability
|
|
2. Cisco IOS Multiple Vulnerabilities
|
|
3. Cisco Products EAP Denial of Service Vulnerability
|
|
4. Cisco IOS Line Printer Daemon Buffer Overflow Vulnerability
|
|
5. Cisco IOS Voice Service Multiple Protocol Handling Vulnerabilities
|
|
6. Cisco IOS Secure Copy Security Bypass Vulnerability
|
|
7. Cisco IOS Next Hop Resolution Protocol Buffer Overflow
|
|
8. Cisco IOS IPv6 Routing Header Information Disclosure and Denial of Service
|
|
9. Cisco Products Crypto Library Denial of Service
|
|
10. Cisco IOS SSL Messages Denial of Service Vulnerabilities
|
Show all related advisories
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
