Information Leakage Using IPv6 Routing Header in Cisco IOS and Cisco IOS XR - Cisco Systems

This script is (C) 2010-2014 Tenable Network Security, Inc.


Synopsis :

The remote device is missing a vendor-supplied security patch.

Description :

Cisco IOS and Cisco IOS XR contain a vulnerability when processing
specially crafted IPv6 packets with a Type 0 Routing Header present.
Exploitation of this vulnerability can lead to information leakage on
affected IOS and IOS XR devices, and may also result in a crash of the
affected IOS device. Successful exploitation on an affected device
running Cisco IOS XR will not result in a crash of the device itself,
but may result in a crash of the IPv6 subsystem.
Cisco has made free software available to address this vulnerability
for affected customers. There are workarounds available to mitigate the
effects of the vulnerability.

See also :

http://www.nessus.org/u?b2a79cc3
http://www.nessus.org/u?d1931780

Solution :

Apply the relevant patch referenced in Cisco Security Advisory
cisco-sa-20070808-IOS-IPv6-leak.

Risk factor :

High / CVSS Base Score : 9.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:C)

Family: CISCO

Nessus Plugin ID: 49006 (cisco-sa-20070808-IOS-IPv6-leak.nasl)

Bugtraq ID:

CVE ID: CVE-2007-4285