{"id":3519,"date":"2005-07-29T18:31:37","date_gmt":"2005-07-29T18:31:37","guid":{"rendered":"http:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/e-commerce\/cisco-ipv6-vulnerability.html"},"modified":"2005-07-29T18:31:37","modified_gmt":"2005-07-29T18:31:37","slug":"cisco-ipv6-vulnerability","status":"publish","type":"post","link":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/e-commerce\/cisco-ipv6-vulnerability.html","title":{"rendered":"Cisco IPv6 Vulnerability"},"content":{"rendered":"<p class=\"MsoNormal\" style=\"MARGIN: 0in 0in 0pt\"><span style=\"FONT-SIZE: 10pt\">I thought this alert was worth passing along. It seems by turning off IPv6 you minimize exposure to this attack.<\/p>\n<p><span style=\"mso-spacerun: yes\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>National Cyber Alert System<\/p>\n<p><span style=\"mso-spacerun: yes\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>Technical Cyber Security Alert TA05-210A<\/p>\n<p>Cisco IOS IPv6 Vulnerability<\/p>\n<p><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>Original release date: July 29, 2005<br \/><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>Last revised: &#8212;<br \/><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>Source: US-CERT<\/p>\n<p>Systems Affected<\/p>\n<p><span style=\"mso-spacerun: yes\">\u00a0\u00a0\u00a0\u00a0 <\/span>* Cisco IOS devices with IPv6 enabled<\/p>\n<p><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>For specific information, please see the Cisco Advisory.<\/p>\n<p>Overview<\/p>\n<p><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>Cisco IOS IPv6 processing functionality contains a vulnerability that<br \/><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>could allow an unauthenticated, remote attacker to execute arbitrary<br \/><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>code or cause a denial of service.<\/p>\n<p><place w:st=\"on\" \/>I.<\/place \/> Description<\/p>\n<p><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>Cisco IOS contains a vulnerability in the way IPv6 packets are<br \/><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>processed. US-CERT has not confirmed further technical details.<\/p>\n<p><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>According to the Cisco Advisory, this vulnerability could be exploited<br \/><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>by an attacker on the same IP subnet:<\/p>\n<p><span style=\"mso-spacerun: yes\">\u00a0\u00a0\u00a0\u00a0 <\/span>Crafted packets from the local segment received on logical<br \/><span style=\"mso-spacerun: yes\">\u00a0\u00a0\u00a0\u00a0 <\/span>interfaces (that is, tunnels including 6to4 tunnels) as well as<br \/><span style=\"mso-spacerun: yes\">\u00a0\u00a0\u00a0\u00a0 <\/span>physical interfaces can trigger this vulnerability. Crafted packets<br \/><span style=\"mso-spacerun: yes\">\u00a0\u00a0\u00a0\u00a0 <\/span>can not traverse a 6to4 tunnel and attack a box across the tunnel.<\/p>\n<p><span style=\"mso-spacerun: yes\">\u00a0\u00a0\u00a0\u00a0 <\/span>The crafted packet must be sent from a local network segment to<br \/><span style=\"mso-spacerun: yes\">\u00a0\u00a0\u00a0\u00a0 <\/span>trigger the attack. This vulnerability can not be exploited one or<br \/><span style=\"mso-spacerun: yes\">\u00a0\u00a0\u00a0\u00a0 <\/span>more hops from the IOS device. <\/p>\n<p><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>US-CERT strongly recommends that sites running Cisco IOS devices<br \/><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>review the Cisco Advisory and upgrade as appropriate. We are tracking<br \/><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>this vulnerability as VU#930892.<\/p>\n<p>II. Impact<\/p>\n<p><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>This vulnerability could allow an unauthenticated, remote attacker on<br \/><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>the same IP subnet to execute arbitrary code or cause a denial of<br \/><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>service. The attacker may be able to take control of a vulnerable<br \/><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>device.<\/p>\n<p>III. Solutions<\/p>\n<p>Upgrade<\/p>\n<p><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>Upgrade to a fixed version of IOS. Please see the Software Versions<br \/><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>and Fixes section of the Cisco Advisory for details.<\/p>\n<p>Disable IPv6<\/p>\n<p><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>From the Cisco Advisory:<\/p>\n<p><span style=\"mso-spacerun: yes\">\u00a0\u00a0\u00a0\u00a0 <\/span>In networks where IPv6 is not needed, disabling IPv6 processing on<br \/><span style=\"mso-spacerun: yes\">\u00a0\u00a0\u00a0\u00a0 <\/span>an IOS device will eliminate exposure to this vulnerability. On a<br \/><span style=\"mso-spacerun: yes\">\u00a0\u00a0\u00a0\u00a0 <\/span>router which supports IPv6, this must be done by issuing the<br \/><span style=\"mso-spacerun: yes\">\u00a0\u00a0\u00a0\u00a0 <\/span>command &quot;no ipv6 enable&quot; and &quot;no ipv6 address&quot; on each interface. <\/p>\n<p>Appendix A. Vendor Information<\/p>\n<p>Cisco Systems, Inc.<\/p>\n<p><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>Cisco Systems, Inc. has released a security advisory regarding a<br \/><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>vulnerability which was disclosed on July 27, 2005 at the Black Hat<br \/><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>security conference. Security advisory is available at:<\/p>\n<p><span style=\"mso-spacerun: yes\">\u00a0\u00a0\u00a0\u00a0 <\/span><a href=\"http:\/\/www.cisco.com\/warp\/public\/707\/cisco-sa-20050729-ipv6.shtml\">http:\/\/www.cisco.com\/warp\/public\/707\/cisco-sa-20050729-ipv6.shtml<\/a><\/p>\n<p><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>For up-to-date information on security vulnerabilities in Cisco<br \/><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>Systems, Inc. products, visit <a href=\"http:\/\/www.cisco.com\/go\/psirt\">http:\/\/www.cisco.com\/go\/psirt<\/a>.<\/p>\n<p>Appendix B. References<\/p>\n<p><span style=\"mso-spacerun: yes\">\u00a0\u00a0\u00a0\u00a0 <\/span>* US-CERT Vulnerability Note VU#930892 &#8211;<br \/><span style=\"mso-spacerun: yes\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>&lt;<a href=\"http:\/\/www.kb.cert.org\/vuls\/id\/930892\">http:\/\/www.kb.cert.org\/vuls\/id\/930892<\/a>&gt;<\/p>\n<p><span style=\"mso-spacerun: yes\">\u00a0\u00a0\u00a0\u00a0 <\/span>* Cisco Security Advisory: IPv6 Crafted Packet Vulnerability &#8211;<br \/><span style=\"mso-spacerun: yes\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>&lt;<a href=\"http:\/\/www.cisco.com\/en\/US\/products\/products_security_advisory091\">http:\/\/www.cisco.com\/en\/US\/products\/products_security_advisory091<\/a><br \/><span style=\"mso-spacerun: yes\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>86a00804d82c9.shtml&gt;<\/p>\n<p><span style=\"mso-spacerun: yes\">\u00a0\u00a0\u00a0\u00a0 <\/span>_________________________________________________________________<\/p>\n<p><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>Information regarding this vulnerability was primarily provided by<br \/><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>Cisco Systems, who in turn acknowledge the disclosure of this<br \/><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>vulnerability at the Black Hat USA 2005 Briefings.<\/p>\n<p><span style=\"mso-spacerun: yes\">\u00a0\u00a0\u00a0\u00a0 <\/span>_________________________________________________________________<\/p>\n<p><span style=\"mso-spacerun: yes\">\u00a0<\/span><span style=\"mso-spacerun: yes\">\u00a0 <\/span>Feedback can be directed to US-CERT Technical Staff.<span style=\"mso-spacerun: yes\">\u00a0 <\/span>Send mail to<br \/><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>&lt;cert@cert.org&gt; with &quot;TA05-210A feedback VU#930892&quot; in the subject.<\/p>\n<p><span style=\"mso-spacerun: yes\">\u00a0\u00a0\u00a0\u00a0 <\/span>_________________________________________________________________<\/p>\n<p><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>The most recent version of this document is available at:<\/p>\n<p><span style=\"mso-spacerun: yes\">\u00a0\u00a0\u00a0\u00a0 <\/span>&lt;<a href=\"http:\/\/www.us-cert.gov\/cas\/techalerts\/TA05-210A.html\">http:\/\/www.us-cert.gov\/cas\/techalerts\/TA05-210A.html<\/a>&gt;<\/p>\n<p><span style=\"mso-spacerun: yes\">\u00a0\u00a0\u00a0\u00a0 <\/span>_________________________________________________________________<\/p>\n<p><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>Produced 2005 by US-CERT, a government organization.<br \/><span style=\"mso-spacerun: yes\">\u00a0\u00a0\u00a0\u00a0 <\/span>_________________________________________________________________<\/p>\n<p><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>Terms of use:<\/p>\n<p><span style=\"mso-spacerun: yes\">\u00a0\u00a0\u00a0\u00a0 <\/span>&lt;<a href=\"http:\/\/www.us-cert.gov\/legal.html\">http:\/\/www.us-cert.gov\/legal.html<\/a>&gt;<br \/><span style=\"mso-spacerun: yes\">\u00a0\u00a0\u00a0\u00a0 <\/span>_________________________________________________________________<\/p>\n<p>Revision History<\/p>\n<p><span style=\"mso-spacerun: yes\">\u00a0\u00a0 <\/span>July 29, 2005: Initial release<\/p>\n<p><br style=\"mso-special-character: line-break\" \/><br style=\"mso-special-character: line-break\" \/><\/span><\/p>\n<p \/>\n","protected":false},"excerpt":{"rendered":"<p>I thought this alert was worth passing along. It seems by turning off IPv6 you minimize exposure to this attack. \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 National Cyber Alert System \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Technical Cyber Security Alert TA05-210A Cisco IOS IPv6 Vulnerability \u00a0\u00a0 Original release date: July 29, 2005\u00a0\u00a0 Last revised: &#8212;\u00a0\u00a0 Source: US-CERT Systems Affected \u00a0\u00a0\u00a0\u00a0 * Cisco IOS devices with<\/p>\n","protected":false},"author":44,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-json\/wp\/v2\/posts\/3519"}],"collection":[{"href":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-json\/wp\/v2\/users\/44"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-json\/wp\/v2\/comments?post=3519"}],"version-history":[{"count":0,"href":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-json\/wp\/v2\/posts\/3519\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-json\/wp\/v2\/media?parent=3519"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-json\/wp\/v2\/categories?post=3519"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-json\/wp\/v2\/tags?post=3519"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}