Cisco IOS User Datagram Protocol Delivery Issue For IPv4/IPv6 Dual-stack Routers - Cisco Systems

This script is (C) 2010-2014 Tenable Network Security, Inc.


Synopsis :

The remote device is missing a vendor-supplied security patch.

Description :

A device running Cisco IOS software that has Internet Protocol version
6 (IPv6) enabled may be subject to a denial of service (DoS) attack.
For the device to be affected by this vulnerability the device also has
to have certain Internet Protocol version 4 (IPv4) User Datagram
Protocol (UDP) services enabled. To exploit this vulnerability an
offending IPv6 packet must be targeted to the device. Packets that are
routed throughout the router can not trigger this vulnerability.
Successful exploitation will prevent the interface from receiving any
additional traffic. The only exception is Resource Reservation Protocol
(RSVP) service, which if exploited, will cause the device to crash.
Only the interface on which the vulnerability was exploited will be
affected.
Cisco is providing fixed software to address this issue. There are
workarounds available to mitigate the effects of the vulnerability.

See also :

http://www.nessus.org/u?0b8ebe50
http://www.nessus.org/u?9d6cae77

Solution :

Apply the relevant patch referenced in Cisco Security Advisory
cisco-sa-20080326-IPv4IPv6.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 5.8
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: CISCO

Nessus Plugin ID: 49011 (cisco-sa-20080326-IPv4IPv6http.nasl)

Bugtraq ID: 28461

CVE ID: CVE-2008-1153