Multiple vulnerabilities have cropped up in Cisco IOS that may necessitate an upgrade to IOS version 15.0(1)XA5. The vulnerabilities were reported in both Secunia and Help Net Security.
According to both, they are...
- An error when processing certain IRC traffic can be exploited to cause a device reload by accessing an IRC channel within 36 hours of a reload;
- An error in the Communication Manager Express (CME) component when handling a SNR number change menu from an extension mobility phone can be exploited to crash the device;
- A memory leak when processing UDP SIP REGISTER packets can be exploited to exhaust memory resources via a specially crafted SIP packet;
- An error in the PKI implementation does not clear the public key cache for the peers when the certificate map is changed. This can be exploited to reconnect and bypass the certificate ban;
- A memory fragmentation error in the CME component when handling SIP TRUNK traffic can be exploited to exhaust memory resources via specially crafted SIP packets;
- An error when handling multiple IPv6 router advertisements can be exploited to cause a device to reload by flooding it with random IPv6 router advertisements.
Both Web sites recommend updating to IOS version 15.0(1)XA5 as a solution. We could not locate a security advisory on these vulnerabilities on the Cisco site but Secunia cites this Cisco document as its source. Cisco does not release IOS security advisories until the fourth Wednesday of March and September of each calendar year.
More from Cisco Subnet:
Cisco's LineSider buy big for IT prize
Verizon 2010 Data Breach Report Is Eye Opening
What's at the core of Cisco's plight?
Cisco sends up a warning flare
TSHOOT Practice Questions - The Answers!
Cisco's 3QCY10 Global Threat Report Results
The Smart-Fat and Smart-Thin Edge of the Network
Upgrade Your Cisco Cert to an HP Cert
Win a five-book library from Cisco Press
Follow all Cisco Subnet bloggers on Twitter.Jim Duffy on TwitterFollow