[LAC-TF] US-CERT Technical Cyber Security Alert TA05-210A -- Cisco IOS IPv6 Vulnerability

JORDI PALET MARTINEZ jordi.palet at consulintel.es
Sun Jul 31 07:39:31 BRT 2005


Lo mas curioso es que solo puede ser producido (el ataque) desde el interior
de la red, asi que el nivel de peligrosidad es relativo, aunque no por ello
dejad de ser grave. Hace un par de dias justamente comentaba en un grupo de
ingenieros que hoy en dia cada vez se producen mas bugs, en todo tipo de
sistemas, dado que se programa cada vez mas deprisa y con menos control de
calidad. Sinceramente veo que este tipo de problemas son dificiles de evitar
si mantenemos ese ritmo :-(.

Por cierto, otro prefijo mas en la region:

2001:13a8::/32 (Universidad Autonoma de Hidalgo, Mexico)

Saludos,
Jordi




> De: "Gregorio R. Manzano R." <gmanzano at net-uno.net>
> Responder a: "lactf at lac.ipv6tf.org" <lactf at lac.ipv6tf.org>
> Fecha: Sat, 30 Jul 2005 21:05:18 -0400
> Para: <lactf at lac.ipv6tf.org>
> Asunto: [LAC-TF] US-CERT Technical Cyber Security Alert TA05-210A -- Cisco IOS
> IPv6 Vulnerability
> 
> Buenas noches amigos.
> 
> Considerando la delicadesa de este caso, es recomendable leer el anexo ASAP.
> 
> Saludos cordiales,
> 
> Gr. Manzano
> Supervisor de Operaciones IP
> NOC
> netuno
> Caracas - VE
> 
> 
>                         National Cyber Alert System
> 
>                   Technical Cyber Security Alert TA05-210A
> 
> 
> Cisco IOS IPv6 Vulnerability
> 
>    Original release date: July 29, 2005
>    Last revised: --
>    Source: US-CERT
> 
> 
> Systems Affected
> 
>      * Cisco IOS devices with IPv6 enabled
> 
>    For specific information, please see the Cisco Advisory.
> 
> 
> Overview
> 
>    Cisco IOS IPv6 processing functionality contains a vulnerability
> that
>    could allow an unauthenticated, remote attacker to execute arbitrary
>    code or cause a denial of service.
> 
> 
> I. Description
> 
>    Cisco IOS contains a vulnerability in the way IPv6 packets are
>    processed. US-CERT has not confirmed further technical details.
> 
>    According to the Cisco Advisory, this vulnerability could be
> exploited
>    by an attacker on the same IP subnet:
> 
>      Crafted packets from the local segment received on logical
>      interfaces (that is, tunnels including 6to4 tunnels) as well as
>      physical interfaces can trigger this vulnerability. Crafted
> packets
>      can not traverse a 6to4 tunnel and attack a box across the tunnel.
> 
>      The crafted packet must be sent from a local network segment to
>      trigger the attack. This vulnerability can not be exploited one or
>      more hops from the IOS device.
> 
>    US-CERT strongly recommends that sites running Cisco IOS devices
>    review the Cisco Advisory and upgrade as appropriate. We are
> tracking
>    this vulnerability as VU#930892.
> 
> 
> II. Impact
> 
>    This vulnerability could allow an unauthenticated, remote attacker
> on
>    the same IP subnet to execute arbitrary code or cause a denial of
>    service. The attacker may be able to take control of a vulnerable
>    device.
> 
> 
> III. Solutions
> 
> Upgrade
> 
>    Upgrade to a fixed version of IOS. Please see the Software Versions
>    and Fixes section of the Cisco Advisory for details.
> 
> Disable IPv6
> 
>    From the Cisco Advisory:
> 
>      In networks where IPv6 is not needed, disabling IPv6 processing on
>      an IOS device will eliminate exposure to this vulnerability. On a
>      router which supports IPv6, this must be done by issuing the
>      command "no ipv6 enable" and "no ipv6 address" on each interface.
> 
> 
> Appendix A. Vendor Information
> 
> Cisco Systems, Inc.
> 
>    Cisco Systems, Inc. has released a security advisory regarding a
>    vulnerability which was disclosed on July 27, 2005 at the Black Hat
>    security conference. Security advisory is available at:
> 
>      http://www.cisco.com/warp/public/707/cisco-sa-20050729-ipv6.shtml
> 
>    For up-to-date information on security vulnerabilities in Cisco
>    Systems, Inc. products, visit http://www.cisco.com/go/psirt.
> 
> 
> Appendix B. References
> 
>      * US-CERT Vulnerability Note VU#930892 -
>        <http://www.kb.cert.org/vuls/id/930892>
> 
>      * Cisco Security Advisory: IPv6 Crafted Packet Vulnerability -
>        
> <http://www.cisco.com/en/US/products/products_security_advisory091
>        86a00804d82c9.shtml>
> 
>      _________________________________________________________________
> 
> 
>    Information regarding this vulnerability was primarily provided by
>    Cisco Systems, who in turn acknowledge the disclosure of this
>    vulnerability at the Black Hat USA 2005 Briefings.
> 
>      _________________________________________________________________
> 
> 
>    Feedback can be directed to US-CERT Technical Staff.  Send mail to
>    <cert at cert.org> with "TA05-210A feedback VU#930892" in the subject.
> 
>      _________________________________________________________________
> 
> 
>    The most recent version of this document is available at:
> 
>      <http://www.us-cert.gov/cas/techalerts/TA05-210A.html>
> _______________________________________________
> LACTF mailing list
> LACTF at lac.ipv6tf.org
> http://lacnic.net/mailman/listinfo/lactf




************************************
The IPv6 Portal: http://www.ipv6tf.org

Barcelona 2005 Global IPv6 Summit
Information available at:
http://www.ipv6-es.com

This electronic message contains information which may be privileged or confidential. The information is intended to be for the use of the individual(s) named above. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, including attached files, is prohibited.






More information about the LACTF mailing list