Cisco patches IOS vulnerabilities

Cisco patched multiple vulnerabilities on Wednesday with the most important fixes covering data-link switching, IPv6 and VPN flaws.

Among the highest rated patches (all rated 7 or above on a 10 scale): Cisco patched multiple vulnerabilities in the Data-link Switching (DLSw) feature in its IOS. In an advisory Cisco said:

Multiple vulnerabilities exists in Cisco IOS when processing UDP and IP protocol 91 packets (rating 7.8). These vulnerabilities do not affect TCP packet processing. A successful exploitation may result in a reload of the system or a memory leak on the device, leading to a denial of service (DoS) condition.

Cisco IOS devices configured for DLSw with dlsw local-peer automatically listen for IP protocol 91 packets. A Cisco IOS device that is configured for DLSw with the dlsw local-peer peer-id <IP-address> command listen for IP protocol 91 packets and UDP port 2067.

Cisco patched its IOS after discovering that Internet Protocol version 6 devices may be subject to a denial of service attack (rating 7.8). In an advisory, Cisco said:

A device running Cisco IOS software that has Internet Protocol version 6 (IPv6) enabled may be subject to a denial of service (DoS) attack. For the device to be affected by this vulnerability the device also has to have certain Internet Protocol version 4 (IPv4) User Datagram Protocol (UDP) services enabled. To exploit this vulnerability an offending IPv6 packet must be targeted to the device. Packets that are routed throughout the router can not trigger this vulnerability. Successful exploitation will prevent the interface from receiving any additional traffic. The only exception is Resource Reservation Protocol (RSVP) service, which if exploited, will cause the device to crash. Only the interface on which the vulnerability was exploited will be affected.

Cisco patched two vulnerabilities for its virtual private dial-up network software. From Cisco's advisory:

Two vulnerabilities exist in the virtual private dial-up network (VPDN) solution when Point-to-Point Tunneling Protocol (PPTP) is used in certain Cisco IOS releases prior to 12.3. PPTP is only one of the supported tunneling protocols used to tunnel PPP frames within the VPDN solution.

The first vulnerability is a memory leak that occurs as a result of PPTP session termination (rating: 7.1). The second vulnerability may consume all interface descriptor blocks on the affected device because those devices will not reuse virtual access interfaces. If these vulnerabilities are repeatedly exploited, the memory and/or interface resources of the attacked device may be depleted.

Affected devices include any Cisco IOS version prior to 12.3. The detail portion of the advisory highlights an example of the memory leak.

All of Cisco's patches can be found at its security advisory listing.