Uočen je sigurnosni propust vezan uz Cisco Nexus 1000V. Radi se o preklopniku koji isporučuje mrežne usluge koje prepoznaju virtualna računala, ubrzava implementaciju virtualizacije poslužitelja i pojednostavnjuje upravljanje, itd. Propust je posljedica pogreške koja se očituje prilikom obrade paketa označenih oznakom 802.1Q. Napadač ga može iskoristiti za izvođenje DoS napada, kada virtualni stroj pošalje paket na vEthernet priključak (eng. port). Korisnicima se savjetuje prelazak na ispravljenu inačicu.
Cisco Nexus 1000V Virtual Switch 802.1Q Tagged Packet Denial of Service
Secunia Advisory SA43084
Release Date 2011-02-08
Criticality level Less criticalLess critical
Impact DoS
Where From local network
Authentication level Available in Customer Area
Report reliability Available in Customer Area
Solution Status Vendor Patch
Systems affected Available in Customer Area
Approve distribution Available in Customer Area
Software:
Cisco Nexus 1000V 4.x
Secunia CVSS Score Available in Customer Area
CVE Reference(s) CVE-2011-0355 CVSS available in Customer Area
Description
A vulnerability has been reported in Cisco Nexus 1000V, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an error when processing 802.1Q tagged packets. This can be exploited to cause a crash when a virtual machine sends a packet on a vEthernet port.
The vulnerability is reported in the following products:
* Cisco Nexus 1000V Virtual Ethernet Module Release 4.0(4) SV1(3b)
* Cisco Nexus 1000V Virtual Ethernet Module Release 4.0(4) SV1(3a)
* Cisco Nexus 1000V Virtual Ethernet Module Release 4.0(4) SV1(3)
* Cisco Nexus 1000V Virtual Ethernet Module Release 4.0(4) SV1(2)
* Cisco Nexus 1000V Virtual Ethernet Module Release 4.0(4) SV1(1)
Solution
Update to version 4.0(4) SV1(3c).
Provided and/or discovered by
Reported by the vendor.
Original Advisory
Cisco (CSCtj17451):
http://www.cisco.com/en/US/docs/switches/datacenter/nexus1000/sw/4_0_4_s_v_1_3_c/release/notes/n1000v_rn.html
Posljednje sigurnosne preporuke