[<prev] [next>] [day] [month] [year] [list]
Message-id: <201609281226.5.msdp@psirt.cisco.com>
Date: Wed, 28 Sep 2016 12:26:56 -0400
From: Cisco Systems Product Security Incident Response Team <psirt@...co.com>
To: bugtraq@...urityfocus.com
Cc: psirt@...co.com
Subject: Cisco Security Advisory: Cisco IOS and IOS XE Software Multicast Routing Denial of Service Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Cisco IOS and IOS XE Software Multicast Routing Denial of Service Vulnerabilities
Advisory ID: cisco-sa-20160928-msdp
Revision: 1.0
For Public Release: 2016 September 28 16:00 GMT
+------------------------------------------------------------------------------
Summary
=======
Multiple vulnerabilities in the multicast subsystem of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition. The issues are in IPv4 Multicast Source Discovery Protocol (MSDP) and IPv6 Protocol Independent Multicast (PIM).
The first vulnerability (Cisco bug ID CSCud36767) is due to insufficient checking of MSDP Source-Active (SA) messages received from a configured MSDP peer. An attacker who can send traffic to the IPv4 address of a device could exploit this vulnerability by sending a packet designed to trigger the issue to the affected device. A successful exploit could cause the affected device to restart.
The second vulnerability (Cisco bug ID CSCuy16399) is due to insufficient checking of packets encapsulated in a PIM register message. An attacker who can send a malformed IPv6 PIM register packet to a PIM rendezvous point (RP) could exploit the vulnerability. A successful exploit could cause the affected device to restart.
Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-msdp
This advisory is part of the September 28, 2016, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 10 Cisco Security Advisories that describe 11 vulnerabilities. All the vulnerabilities have a Security Impact Rating of High. For a complete list of the advisories and links to them, see Cisco Event Response: September 2016 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication.
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJX6vstAAoJEK89gD3EAJB561YQAJOjzfSJejNp1gjlewhIWplx
q16B1gGQVWYLquXpaVrvVvelMZ7pk3JD0zrH2MVh1s/TUNEqtm7oJutt+KWAqoNU
Z7m0+uo/wE8S8AOmZXR1tu9KY+z8sFQp7Te1UetXA+S1F6pz0vy9OhkuwTcZNj/M
SEr30EodtSLpQMC/MktE5gnTB8Bw6hSNYdDg9Q9gLpL9tc8466rSCJ0iM0L+wEYD
7eno/yufeV6KpuabR1tCSVgvEdU/Z5SSWspbaRQbFdgnQyN+Kux7sZ5b4rkhGd0G
SW0GjTkD03ITVlwoiVhIdI0VwA6A8MVgfKRTEqWeNGvwQOOrPUsI5t1u/OW2quqe
oCihEzcVIthTpz1GiKoetpC3mtzxvn3kPRrCNZ4ah4AygUSMGvq4hmwxFvX81i9s
iFecwbSszNLHeEFhyOt8yaPiYpB5w4wmSYGztr4KVWs4pPWKVgrMhpqwqDd4nzmI
5g4sh/AJdQysHznUe5DAFCfPDulJkylZN4MgVQ+pd1RYWvrjTrg5EeRfVhAryiWh
F5mTAGLuESO8QIsk/Vyk2bDcw/sfBcwcbGY6yb+7a7E7KMCllqLzJhI+XncbEyxk
xaJYIbWbofJ46hWqGTz6RHDMjeWUdojruymZmvR+a20cHHT+qCAA5Air7JTlatr9
Oj07cuVQbR2OI4RUrH+p
=fO6P
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists