Also:
http://www.securityfocus.com/news/11264
From CERT:
US-CERT Technical Cyber Security Alert TA05-210A -- Cisco IOS IPv6
Vulnerability
From:
US-CERT <technical-alerts@us-cert.gov>
Reply-To:
technical-alerts-owner@us-cert.gov
Date:
Friday 29 July 2005 05:38:52 pm
Groups:
comp.security.announce
no references
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA05-210A
Cisco IOS IPv6 Vulnerability
Original release date: July 29, 2005
Last revised: --
Source: US-CERT
Systems Affected
* Cisco IOS devices with IPv6 enabled
For specific information, please see the Cisco Advisory.
Overview
Cisco IOS IPv6 processing functionality contains a vulnerability that
could allow an unauthenticated, remote attacker to execute arbitrary
code or cause a denial of service.
I. Description
Cisco IOS contains a vulnerability in the way IPv6 packets are
processed. US-CERT has not confirmed further technical details.
According to the Cisco Advisory, this vulnerability could be exploited
by an attacker on the same IP subnet:
Crafted packets from the local segment received on logical
interfaces (that is, tunnels including 6to4 tunnels) as well as
physical interfaces can trigger this vulnerability. Crafted packets
can not traverse a 6to4 tunnel and attack a box across the tunnel.
The crafted packet must be sent from a local network segment to
trigger the attack. This vulnerability can not be exploited one or
more hops from the IOS device.
US-CERT strongly recommends that sites running Cisco IOS devices
review the Cisco Advisory and upgrade as appropriate. We are tracking
this vulnerability as VU#930892.
II. Impact
This vulnerability could allow an unauthenticated, remote attacker on
the same IP subnet to execute arbitrary code or cause a denial of
service. The attacker may be able to take control of a vulnerable
device.
III. Solutions
Upgrade
Upgrade to a fixed version of IOS. Please see the Software Versions
and Fixes section of the Cisco Advisory for details.
Disable IPv6
From the Cisco Advisory:
In networks where IPv6 is not needed, disabling IPv6 processing on
an IOS device will eliminate exposure to this vulnerability. On a
router which supports IPv6, this must be done by issuing the
command "no ipv6 enable" and "no ipv6 address" on each interface.
Appendix A. Vendor Information
Cisco Systems, Inc.
Cisco Systems, Inc. has released a security advisory regarding a
vulnerability which was disclosed on July 27, 2005 at the Black Hat
security conference. Security advisory is available at:
http://www.cisco.com/warp/public/707...729-ipv6.shtml
For up-to-date information on security vulnerabilities in Cisco
Systems, Inc. products, visit
http://www.cisco.com/go/psirt.
Appendix B. References
* US-CERT Vulnerability Note VU#930892 -
<http://www.kb.cert.org/vuls/id/930892>
* Cisco Security Advisory: IPv6 Crafted Packet Vulnerability -
<
http://www.cisco.com/en/US/products/...ty_advisory091
86a00804d82c9.shtml>
__________________________________________________ _______________
Information regarding this vulnerability was primarily provided by
Cisco Systems, who in turn acknowledge the disclosure of this
vulnerability at the Black Hat USA 2005 Briefings.
__________________________________________________ _______________
Feedback can be directed to US-CERT Technical Staff. Send mail to
<cert@cert.org> with "TA05-210A feedback VU#930892" in the subject.
__________________________________________________ _______________
The most recent version of this document is available at:
<http://www.us-cert.gov/cas/techalerts/TA05-210A.html>
__________________________________________________ _______________
Produced 2005 by US-CERT, a government organization.
__________________________________________________ _______________
Terms of use:
<http://www.us-cert.gov/legal.html>
__________________________________________________ _______________
Revision History
July 29, 2005: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBQuqgLRhoSezw4YfQAQI5iwgAkSYXPNt6Hffg7BfMeY oBaZ4Co6XFVjQ6
nWHKt1inYcYta/DXEuWJAhcjI/t8v74OH0b5sxGEr0mwtzEwV2r5pAF6nQesqyoj
q3r60OE3TZygxUZPrGNmmkSpkhoNap9cSVs97Xt6Fd4evOmp0V Z6pqMdJtQ/r5xk
d67LicCM9NLNoC0LPoen2/7ICu7jqxZnoF4oHDkZS8b2g2mx7vfz3Htj44Nd5/eD
tWe8HqF8ReSyLEiOj8z8vrjcfz+BIwSLXnyr6DDxSvFmhy0Cun GFkCQq074CwbVE
GZjAJSn2r/A2Pp3HBP/RxQ9BNv8rHrSF7DkG9gADc5PV8WpaLCHP0Q==
=4jtB
-----END PGP SIGNATURE-----
Cisco IPv6 Vulnerability 
Linear Mode
