Information Leakage Using IPv6 Routing Header in Cisco IOS XR (cisco-sa-20070808-IOS-IPv6-leak)

This script is (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote device is missing a vendor-supplied security patch.

Description :

Cisco IOS XR contain a vulnerability when processing specially crafted
IPv6 packets with a Type 0 Routing Header present. Exploitation of this
vulnerability can lead to information leakage on affected IOS and IOS XR
devices, and may also result in a crash of the affected IOS device.
Successful exploitation on an affected device running Cisco IOS XR will
not result in a crash of the device itself, but may result in a crash of
the IPv6 subsystem.

Cisco has made free software available to address this vulnerability for
affected customers. There are workarounds available to mitigate the
effects of the vulnerability.

See also :

http://www.nessus.org/u?b2a79cc3
http://www.nessus.org/u?d1931780

Solution :

Apply the relevant patch referenced in Cisco Security Advisory
cisco-sa-20070808-IOS-IPv6-leak.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: CISCO

Nessus Plugin ID: 71432 ()

Bugtraq ID:

CVE ID: CVE-2007-4285