U radu programske podrške Cisco IOS XR za određene usmjerivače uočen je sigurnosni nedostatak. Zlonamjerni ga korisnici mogu iskoristiti za izvođenje DoS napada.
Paket:
Cisco IOS XR 3.x, Cisco IOS XR 4.x
Operacijski sustavi:
Cisco IOS XR 3.x, Cisco IOS XR 4.x
Problem:
pogreška u programskoj komponenti
Iskorištavanje:
lokalno/udaljeno
Posljedica:
uskraćivanje usluga (DoS)
Rješenje:
programska zakrpa proizvođača
Izvorni ID preporuke:
cisco-sa-20120530-iosxr
Izvor:
Cisco
Problem:
Nedostatak je posljedica neodgovarajućeg rukovanja posebno oblikovanim paketima, a može onesposobiti procesor usmjeravanja za daljnje slanje paketa. Ranjivi su sljedeći procesori: Cisco 9000 Series Aggregation Services Routers (ASR) Route Switch Processor (RSP-4G and RSP-8G), Route Switch Processor 440 (RSP440) i Cisco Carrier Routing System (CRS) Performance Route Processor (PRP).
Posljedica:
Napadačima omogućuje izvođenje DoS (eng. Denial of Service) napada.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco IOS XR Software Route Processor Denial of Service Vulnerability
Advisory ID: cisco-sa-20120530-iosxr
Revision 2.0
For Public Release 2012 August 15 16:00 UTC (GMT)
+---------------------------------------------------------------------
Summary
=======
Cisco IOS XR Software contains a vulnerability when handling crafted
packets that may result in a denial of service condition. The
vulnerability only exists on Cisco 9000 Series Aggregation Services
Routers (ASR) Route Switch Processor (RSP-4G and RSP-8G), Route Switch
Processor 440 (RSP440), and Cisco Carrier Routing System (CRS)
Performance Route Processor (PRP). The vulnerability is a result of
improper handling of crafted packets and could cause the route
processor, which processes the packets, to be unable to transmit
packets to the fabric.
Cisco has released free software updates that address this vulnerability.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120530-iosxr
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org
iF4EAREIAAYFAlArqykACgkQUddfH3/BbTp9qQD+JykExH3Qj2xaR74o4PomFAL4
vpajwSl1+1b6CtV5cQoA/0kwCOTFnjS4Te31QjkSx5+uhDpEPs5qjTb8F6EXiapD
=Yc2a
-----END PGP SIGNATURE-----
_______________________________________________
cust-security-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
To unsubscribe, send the command "unsubscribe" in the subject of your message to
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
Posljednje sigurnosne preporuke