The MPLS-OPS Archive[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index][Thread Index][Author Index][Subject Index] FW: Cisco Security Advisory: Cisco IOS XR MPLS Vulnerabilities
FYI: ------ Forwarded Message > From: Cisco Systems Product Security Incident Response Team <psirt@cisco.com> > Reply-To: <psirt@cisco.com> > Date: Wed, 19 Apr 2006 17:00:00 +0200 > To: <nanog@merit.edu> > Cc: <psirt@cisco.com> > Subject: Cisco Security Advisory: Cisco IOS XR MPLS Vulnerabilities > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Cisco Security Advisory: Cisco IOS XR MPLS Vulnerabilities > > Advisory ID: cisco-sa-20060419-xr > > http://www.cisco.com/warp/public/707/cisco-sa-20060419-xr.shtml > > Revision 1.0 > > For Public Release 2006 April 19 1500 UTC (GMT) > > - --------------------------------------------------------------------- > > Contents > ======== > > Summary > Affected Products > Details > Impact > Software Version and Fixes > Workarounds > Obtaining Fixed Software > Exploitation and Public Announcements > Status of this Notice: FINAL > Distribution > Revision History > Cisco Security Procedures > > - --------------------------------------------------------------------- > > Summary > ======= > > Multiple Multi Protocol Label Switching (MPLS) related > vulnerabilities exist on Cisco IOS XR. Only systems that are running > Cisco IOS XR and configured for MPLS are affected by these > vulnerabilities. > > Upon successful exploitation a Modular Services Card (MSC) on a Cisco > Carrier Routing System 1 (CRS-1) or a Line Card (LC) on a Cisco 12000 > series router may reload affecting switched traffic. > > Cisco has made free software available to address this vulnerability > for affected customers. > > This advisory is posted at > http://www.cisco.com/warp/public/707/cisco-sa-20060419-xr.shtml. > > Affected Products > ================= > > Vulnerable Products > +------------------ > > Only systems that are running Cisco IOS XR and configured for MPLS > are affected by this vulnerability. > > Systems that are running Cisco IOS XR and configured for MPLS can be > identified by the show mpls interfaces command. A sample output of > this command on a CRS-1 that is configured for MPLS is given below. > > RP/0/RP1/CPU0:crs1#show mpls interfaces > Interface LDP Tunnel Enabled > -------------------------- -------- -------- -------- > POS0/2/0/0 Yes Yes Yes > POS0/2/0/1 No Yes Yes > POS0/2/0/2 Yes No Yes > POS0/2/0/3 Yes Yes Yes > GigabitEthernet0/3/1/0 Yes No Yes > GigabitEthernet0/3/1/3 Yes No Yes > POS0/3/0/1 Yes Yes Yes > TenGigE0/6/0/0 Yes No Yes > RP/0/RP1/CPU0:crs# > > > In the above output, the fourth column labeled Enabled identifies > MPLS enabled interfaces. > > Products Confirmed Not Vulnerable > +-------------------------------- > > Cisco IOS XR only runs on CRS-1 or Cisco 12000 series routers. Other > Cisco products, including systems that run Cisco IOS are not > affected. > > Details > ======= > > Cisco IOS XR Software is a member of the Cisco IOS Software Family > that uses a microkernel based distributed operating system > infrastructure. Cisco IOS XR runs both on Cisco CRS-1 and Cisco 12000 > series routers. > > More information on Cisco IOS XR can be found at the following URL: > > http://www.cisco.com/en/US/products/ps5845/index.html > > Modular Services Cards (MSC), also called the line cards are Layer-3 > forwarding engines on Cisco CRS-1. An MSC is paired with a physical > layer interface module (PLIM) which provides layer-1 and layer-2 > services. > > More information on Cisco CRS-1 architecture can be found at the > following URL: > > http://www.cisco.com/en/US/products/ps5763/index.html > > Specific MPLS packets that are switched by a Cisco CRS-1 or a 12000 > series system will restart the NetIO process. If the NetIO process is > restarted several times consecutively, the line card will reload > causing a Denial of Service (DoS) condition for the traffic that is > being switched on that line card. > > MPLS packets will be forwarded through the MPLS network. Therefore, > packets that can trigger this vulnerability can be sent from remote > systems that are in the MPLS network. Such packets can not be > received on interfaces that are not configured for MPLS. > > This vulnerability is addressed by the following Cisco bug IDs: > > * CSCsd15970 -- MSC crash upon receipt of specific MPLS packets > This bug only affects CRS-1 and does not affect Cisco 12000 > series routers that are running Cisco IOS XR. > > * CSCsd55531 -- MPLS packet handling problems > This bug only affects CRS-1 and does not affect Cisco 12000 > series routers that are running Cisco IOS XR. > > * CSCsc77475 -- Line card crash upon receipt of specific MPLS > packets > This bug affects both CRS-1 and Cisco 12000 series routers that > are running Cisco IOS XR. > > > Impact > ====== > > Successful exploitation of the vulnerability may result in a reload > of the Modular Services Card (MSC) on a CRS-1 or the line cards on a > Cisco 12000 series router. Repeated exploitation could result in a > sustained DoS attack. > > Software Version and Fixes > ========================== > > When considering software upgrades, also consult > http://www.cisco.com/go/psirt and any subsequent advisories to > determine exposure and a complete upgrade solution. > > In all cases, customers should exercise caution to be certain the > devices to be upgraded contain sufficient memory and that current > hardware and software configurations will continue to be supported > properly by the new release. If the information is not clear, contact > the Cisco Technical Assistance Center ("TAC") or your contracted > maintenance provider for assistance. > > +---------------------------------------+ > | Cisco IOS XR | SMU ID | > | Version | | > |---------------+-----------------------| > | 3.2.0 | AA01447 | > |---------------+-----------------------| > | 3.2.1 | AA01446 | > |---------------+-----------------------| > | 3.2.2 | AA01448 | > |---------------+-----------------------| > | 3.2.3 for | AA01444 | > | CRS-1 | | > |---------------+-----------------------| > | 3.2.3 for PRP | AA01451 | > |---------------+-----------------------| > | 3.2.4 | AA01449 | > |---------------+-----------------------| > | 3.2.50 | AA01450 | > |---------------+-----------------------| > | 3.3 | Cisco IOS XR 3.3 is | > | | not vulnerable | > +---------------------------------------+ > > Workarounds > =========== > > There is no workaround to mitigate the effects of these > vulnerabilities. > > Obtaining Fixed Software > ======================== > > Cisco will make free software available to address this vulnerability > for affected customers. This advisory will be updated as fixed > software becomes available. Prior to deploying software, customers > should consult their maintenance provider or check the software for > feature set compatibility and known issues specific to their > environment. > > Customers may only install and expect support for the feature sets > they have purchased. By installing, downloading, accessing or > otherwise using such software upgrades, customers agree to be bound > by the terms of Cisco's software license terms found at > http://www.cisco.com/public/sw-license-agreement.html , or as otherwise > set forth at Cisco.com Downloads at > http://www.cisco.com/public/sw-center/sw-usingswc.shtml. > > Do not contact either "psirt@cisco.com" or "security-alert@cisco.com" > for software upgrades. > > Customers with Service Contracts > +------------------------------- > > Customers with contracts should obtain upgraded software through > their regular update channels. For most customers, this means that > upgrades should be obtained through the Software Center on Cisco's > worldwide website at http://www.cisco.com . > > Customers using Third Party Support Organizations > +------------------------------------------------ > > Customers whose Cisco products are provided or maintained through > prior or existing agreement with third-party support organizations > such as Cisco Partners, authorized resellers, or service providers > should contact that support organization for guidance and assistance > with the appropriate course of action in regards to this advisory. > > The effectiveness of any workaround or fix is dependent on specific > customer situations such as product mix, network topology, traffic > behavior, and organizational mission. Due to the variety of affected > products and releases, customers should consult with their service > provider or support organization to ensure any applied workaround or > fix is the most appropriate for use in the intended network before it > is deployed. > > Customers without Service Contracts > +---------------------------------- > > Customers who purchase direct from Cisco but who do not hold a Cisco > service contract and customers who purchase through third-party > vendors but are unsuccessful at obtaining fixed software through > their point of sale should get their upgrades by contacting the Cisco > Technical Assistance Center (TAC). TAC contacts are as follows. > > * +1 800 553 2447 (toll free from within North America) > * +1 408 526 7209 (toll call from anywhere in the world) > * e-mail: tac@cisco.com > > Have your product serial number available and give the URL of this > notice as evidence of your entitlement to a free upgrade. Free > upgrades for non-contract customers must be requested through the > TAC. > > Refer to http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml > for additional TAC contact information, including special localized > telephone numbers and instructions and e-mail addresses for use in > various languages. > > Exploitation and Public Announcements > ===================================== > > The Cisco PSIRT is not aware of any public announcements or malicious > use of the vulnerability described in this advisory. > > This vulnerability was reported to Cisco by a customer. > > Status of this Notice: FINAL > ============================ > > THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY > KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF > MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE > INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS > AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS > DOCUMENT AT ANY TIME. > > A stand-alone copy or Paraphrase of the text of this document that > omits the distribution URL in the following section is an > uncontrolled copy, and may lack important information or contain > factual errors. > > Distribution > ============ > > This advisory is posted on Cisco's worldwide website at : > > http://www.cisco.com/warp/public/707/cisco-sa-20060419-xr.shtml > > In addition to worldwide web posting, a text version of this notice > is clear-signed with the Cisco PSIRT PGP key and is posted to the > following e-mail and Usenet news recipients. > > * cust-security-announce@cisco.com > * first-teams@first.org > * bugtraq@securityfocus.com > * vulnwatch@vulnwatch.org > * cisco@spot.colorado.edu > * cisco-nsp@puck.nether.net > * full-disclosure@lists.grok.org.uk > * comp.dcom.sys.cisco@newsgate.cisco.com > > Future updates of this advisory, if any, will be placed on Cisco's > worldwide website, but may or may not be actively announced on > mailing lists or newsgroups. Users concerned about this problem are > encouraged to check the above URL for any updates. > > Revision History > ================ > > +---------------------------------------+ > | Revision | | Initial | > | 1.0 | 2006-April-19 | public | > | | | release. | > +---------------------------------------+ > > Cisco Security Procedures > ========================= > > Complete information on reporting security vulnerabilities in Cisco > products, obtaining assistance with security incidents, and > registering to receive security information from Cisco, is available > on Cisco's worldwide website at > http://www.cisco.com/en/US/products/products_security_vulnerability_policy.htm > l. > This includes instructions for press inquiries regarding Cisco > security notices. All Cisco security advisories are available at > http://www.cisco.com/go/psirt. > > - --------------------------------------------------------------------- > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.2.2 (GNU/Linux) > > iD8DBQFERlGr8NUAbBmDaxQRAppAAJ42LNGn372gHS9SfYlEN6jpBbmzGgCggNEj > PP87m68j7oZ0Lf+Hk8aYM7k= > =WdI4 > -----END PGP SIGNATURE----- ------ End of Forwarded Message ------- The MPLS-OPS Mailing List Subscribe/Unsubscribe: http://www.mplsrc.com/mplsops.shtml Archive: http://www.mplsrc.com/mpls-ops_archive.shtml |
|