Cisco Wednesday 'celebrated' its first six-monthly patch schedule for IOS by delivering five separate security alerts. The 
alerts affect Cisco IOS Multicast VPN (MPVN); IOS with OSPF, MPLS VPN, and Supervisor 32, Supervisor 720, or Router Switch Processor 720; IOS user datagram protocol delivery; and IOS' Data-link Switching feature.
Cisco warned that its MVPN could be exploited to allow a malicious user to create extra multicast states on the core routers or receive multicast traffic from other MPLS-based VPNs by sending specially crafted messages. Patches and workarounds are available for this vulnerability.
Certain Cisco Catalyst 6500 Series and Cisco 7600 Router devices that run branches of Cisco IOS based on version 12.2 could be open to a denial-of-service attack, preventing any traffic from entering an affected interface, according to Cisco. Devices are vulnerable if they are configured for Open Shortest Path First (OSPF) Sham-Link and MPLS VPN. Workaround and fixes are available for this problem.
IOS also contains multiple vulnerabilities in the DLSw feature that may result in a reload or memory leaks when processing specially crafted UDP or IP Protocol 91 packets, says Cisco. Workaround and fixes are available.
Lastly, Cisco is reporting of two vulnerabilities in the virtual private dial-up network (VPDN) when Point-to-Point Tunneling Protocol (PPTP) is used in certain Cisco IOS releases prior to 12.3. The first vulnerability is a memory leak that occurs as a result of PPTP session termination. The second vulnerability may consume all interface descriptor blocks on the affected device because those devices will not reuse virtual access interfaces, says Cisco. If these vulnerabilities are repeatedly exploited, the memory and/or interface resources of the attacked device may be depleted. Workaround and fixes are available.
More from Cisco Subnet:
* Cisco slams independent 11n tests as 'flawed'
* Video killed the radio star: Managing IP-based video apps on your network
* Cisco updates its employee blogging policy - no more anonymity
* Vyatta 514 appliance targets Cisco SMB and branch office space
* When do CCNPs actually get their hands on routers, switches?
* March Giveaways: Win access to Tech 2000's CCNA Lab Simulator; win a copy of Cisco Networking Simplified, 2nd EditionGo to Cisco Subnet for more Cisco news, blogs, discussion forums, security alerts, book giveaways, and more.
20 useful sites for Cisco networking professionals
Cisco Subnet's Top 20 Cisco Press books: How do you rate them?
Network World's IT Buyer's Guide: Cisco products
Subscribe to Network World's Cisco Alert, which includes a weekly digest of all Cisco Subnet items
The Cisco Subnet blog is the official blog of the Network World Cisco Subnet community, managed by Editor Linda Leung. Cisco Subnet is the independent voice of Cisco customers and is your gateway to daily Cisco news, blogs, opinion, books, prize giveaways and more. Visit the Cisco Subnet home page daily and while you are there, subscribe to the Cisco Alert e-mail newsletter, which includes news and views generated by the Cisco Subnet community as well as Cisco-related stories on Network World and elsewhere on the Web.
(WAN community)|
|
