Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2012.0924
Cisco IOS Software vulnerabilities
27 September 2012
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Cisco IOS
Cisco IOS XE
Publisher: Cisco Systems
Operating System: Cisco
Impact/Access: Denial of Service -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2012-4623 CVE-2012-4622 CVE-2012-4621
CVE-2012-4620 CVE-2012-4619 CVE-2012-4618
CVE-2012-4617 CVE-2012-3950 CVE-2012-3949
Reference: ESB-2012.0923
Original Bulletin:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-dhcp
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-dhcpv6
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-ios-ips
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-bgp
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-nat
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-sip
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-c10k-tunnels
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-ecc
Comment: This bulletin contains eight (8) Cisco Systems security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco IOS Software DHCP Denial of Service Vulnerability
Advisory ID: cisco-sa-20120926-dhcp
Revision 1.0
For Public Release 2012 September 26 16:00 UTC (GMT)
+---------------------------------------------------------------------
Summary
=======
Cisco IOS Software contains a vulnerability that could allow an
unauthenticated, remote attacker to cause a denial of service (DoS)
condition. An attacker could exploit this vulnerability by sending a
single DHCP packet to or through an affected device, causing the
device to reload.
Cisco has released free software updates that address this
vulnerability. A workaround that mitigates this vulnerability is
available. This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-dhcp
Note: The September 26, 2012, Cisco IOS Software Security Advisory
bundled publication includes 9 Cisco Security Advisories. Eight of the
advisories address vulnerabilities in Cisco IOS Software, and one
advisory addresses a vulnerability in Cisco Unified Communications
Manager. Each Cisco IOS Software Security Advisory lists the Cisco IOS
Software releases that correct the vulnerability or vulnerabilities
detailed in the advisory as well as the Cisco IOS Software releases
that correct all Cisco IOS Software vulnerabilities in the September
2012 bundled publication.
Individual publication links are in "Cisco Event Response: Semi-Annual
Cisco IOS Software Security Advisory Bundled Publication" at the
following link:
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep12.html
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org
iF4EAREIAAYFAlBgeD4ACgkQUddfH3/BbTrJBgD8D/YGAbTV2hF3i3v0Gg8nFc2x
jVoS/mVfTMurWAYQflIA/0HU8TpFR6A9Oegidg2Cjc27Vyx2RbAqah6Y57BceTco
=WgD1
- -----END PGP SIGNATURE-----
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco IOS Software DHCP Version 6 Server Denial of Service Vulnerability
Advisory ID: cisco-sa-20120926-dhcpv6
Revision 1.0
For Public Release 2012 September 26 16:00 UTC (GMT)
+---------------------------------------------------------------------
Summary
=======
Cisco IOS Software and Cisco IOS XE Software contain a vulnerability
that could allow an unauthenticated, remote attacker to cause a denial
of service (DoS) condition. An attacker could exploit this
vulnerability by sending a crafted request to an affected device that
has the DHCP version 6 (DHCPv6) server feature enabled, causing a
reload.
Cisco has released free software updates that address this
vulnerability. This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-dhcpv6
Note: The September 26, 2012, Cisco IOS Software Security Advisory
bundled publication includes 9 Cisco Security Advisories. Eight of the
advisories address vulnerabilities in Cisco IOS Software, and one
advisory addresses a vulnerability in Cisco Unified Communications
Manager. Each Cisco IOS Software Security Advisory lists the Cisco IOS
Software releases that correct the vulnerability or vulnerabilities
detailed in the advisory as well as the Cisco IOS Software releases
that correct all Cisco IOS Software vulnerabilities in the September
2012 bundled publication.
Individual publication links are in "Cisco Event Response: Semi-Annual
Cisco IOS Software Security Advisory Bundled Publication" at the
following link:
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep12.html
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org
iF4EAREIAAYFAlBgeD4ACgkQUddfH3/BbTpTmwD/aWSNsmnurhMHzokzSTJUI4/B
428bYcAKinMffKT+bgIA/20BRb6rR7qCoIK0ynVDnbtYiNjwCMy+EQFEUrDWhpl1
=kAhj
- -----END PGP SIGNATURE-----
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco IOS Software Intrusion Prevention System Denial of Service Vulnerability
Advisory ID: cisco-sa-20120926-ios-ips
Revision 1.0
For Public Release 2012 September 26 16:00 UTC (GMT)
+---------------------------------------------------------------------
Summary
=======
Cisco IOS Software contains a vulnerability in the Intrusion
Prevention System (IPS) feature that could allow an unauthenticated,
remote attacker to cause a reload of an affected device if specific
Cisco IOS IPS configurations exist.
Cisco has released free software updates that address this
vulnerability.
Workarounds that mitigate this vulnerability are available.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-ios-ips
Note: The September 26, 2012, Cisco IOS Software Security Advisory
bundled publication includes 9 Cisco Security Advisories. Eight of the
advisories address vulnerabilities in Cisco IOS Software, and one
advisory addresses a vulnerability in Cisco Unified Communications
Manager. Each Cisco IOS Software Security Advisory lists the Cisco IOS
Software releases that correct the vulnerability or vulnerabilities
detailed in the advisory as well as the Cisco IOS Software releases
that correct all Cisco IOS Software vulnerabilities in the September
2012 bundled publication.
Individual publication links are in "Cisco Event Response: Semi-Annual
Cisco IOS Software Security Advisory Bundled Publication" at the
following link:
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep12.html
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org
iF4EAREIAAYFAlBgeD8ACgkQUddfH3/BbTpJqQD+IN51ZWVrBuSFzCEOb3hRHC+o
i093jjXqPMmZ90pvT8wA/2LNuyuDuc7hat0gxy02+ZQbwKfDwaFFsJQ7UnV3WQf/
=QlOw
- -----END PGP SIGNATURE-----
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco IOS Software Malformed Border Gateway Protocol Attribute Vulnerability
Advisory ID: cisco-sa-20120926-bgp
Revision 1.0
For Public Release 2012 September 26 16:00 UTC (GMT)
+---------------------------------------------------------------------
Summary
=======
Cisco IOS Software contains a vulnerability in the Border Gateway
Protocol (BGP) routing protocol feature.
The vulnerability can be triggered when the router receives a
malformed attribute from a peer on an existing BGP session.
Successful exploitation of this vulnerability can cause all BGP
sessions to reset. Repeated exploitation may result in an inability
to route packets to BGP neighbors during reconvergence times.
Cisco has released free software updates that address this
vulnerability. There are no workarounds for this vulnerability. This
advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-bgp
Note: The September 26, 2012, Cisco IOS Software Security Advisory
bundled publication includes 9 Cisco Security Advisories. Eight of the
advisories address vulnerabilities in Cisco IOS Software, and one
advisory addresses a vulnerability in Cisco Unified Communications
Manager. Each Cisco IOS Software Security Advisory lists the Cisco IOS
Software releases that correct the vulnerability or vulnerabilities
detailed in the advisory as well as the Cisco IOS Software releases
that correct all Cisco IOS Software vulnerabilities in the September
2012 bundled publication.
Individual publication links are in "Cisco Event Response: Semi-Annual
Cisco IOS Software Security Advisory Bundled Publication" at the
following link:
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep12.html
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org
iF4EAREIAAYFAlBgeD0ACgkQUddfH3/BbTpwbwD+IkJ8uofSPxpZwUFgVu8dVRWq
6OpD4B6w1i+wGN5IOEQA/1o7VdakD9PFvIZODdfcptJSRK4k4SbeAf46KMFAiSYM
=/DrE
- -----END PGP SIGNATURE-----
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco IOS Software Network Address Translation Vulnerabilities
Advisory ID: cisco-sa-20120926-nat
Revision 1.0
For Public Release 2012 September 26 16:00 UTC (GMT)
+---------------------------------------------------------------------
Summary
=======
The Cisco IOS Software Network Address Translation (NAT) feature
contains two denial of service (DoS) vulnerabilities in the
translation of IP packets.
The vulnerabilities are caused when packets in transit on the
vulnerable device require translation.
Cisco has released free software updates that address these
vulnerabilities. This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-nat
Note: The September 26, 2012, Cisco IOS Software Security Advisory
bundled publication includes 9 Cisco Security Advisories. Eight of the
advisories address vulnerabilities in Cisco IOS Software, and one
advisory addresses a vulnerability in Cisco Unified Communications
Manager. Each Cisco IOS Software Security Advisory lists the Cisco IOS
Software releases that correct the vulnerability or vulnerabilities
detailed in the advisory as well as the Cisco IOS Software releases
that correct all Cisco IOS Software vulnerabilities in the September
2012 bundled publication.
Individual publication links are in "Cisco Event Response: Semi-Annual
Cisco IOS Software Security Advisory Bundled Publication" at the
following link:
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep12.html
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org
iF4EAREIAAYFAlBgeD8ACgkQUddfH3/BbTrGtwD8CaC1pyjW+b1ltiGIsvX+jMfG
jEEqlzr6VT/F1vjvaDgA/2pAjCs0T5rcGdJUhyKRlQH+PjVLBRVQaQTp/kk5T4+i
=q0VJ
- -----END PGP SIGNATURE-----
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability
Advisory ID: cisco-sa-20120926-sip
Revision 1.0
For Public Release 2012 September 26 16:00 UTC (GMT)
+---------------------------------------------------------------------
Summary
=======
A vulnerability exists in the Session Initiation Protocol (SIP)
implementation in Cisco IOS Software and Cisco IOS XE Software that
could allow an unauthenticated, remote attacker to cause an affected
device to reload. Affected devices must be configured to process SIP
messages and for pass-through of Session Description Protocol (SDP)
for this vulnerability to be exploitable.
Cisco has released free software updates that address this
vulnerability. There are no workarounds for devices that must run SIP;
however, mitigations are available to limit exposure to the
vulnerability.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-sip
Note: The September 26, 2012, Cisco IOS Software Security Advisory
bundled publication includes 9 Cisco Security Advisories. Eight of the
advisories address vulnerabilities in Cisco IOS Software, and one
advisory addresses a vulnerability in Cisco Unified Communications
Manager. Each Cisco IOS Software Security Advisory lists the Cisco IOS
Software releases that correct the vulnerability or vulnerabilities
detailed in the advisory as well as the Cisco IOS Software releases
that correct all Cisco IOS Software vulnerabilities in the September
2012 bundled publication.
Individual publication links are in "Cisco Event Response: Semi-Annual
Cisco IOS Software Security Advisory Bundled Publication" at the
following link:
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep12.html
Cisco Unified Communications Manager is affected by the vulnerability
described in this advisory. A separate Cisco Security Advisory has
been published to disclose the vulnerability that affects the Cisco
Unified Communications Manager at the following location:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-cucm
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org
iF4EAREIAAYFAlBgeEAACgkQUddfH3/BbTob/wD/Qp0Y5YKNdLu4RUcBgkHojBc+
EQQQyJVSQTrHNG6GJcoA/jXiO1Lic8HzNUQdmusjvD+dIdKjQd8GrMOwAhKOQWpU
=vIHn
- -----END PGP SIGNATURE-----
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco IOS Software Tunneled Traffic Queue Wedge Vulnerability
Advisory ID: cisco-sa-20120926-c10k-tunnels
Revision 1.0
For Public Release 2012 September 26 16:00 UTC (GMT)
+---------------------------------------------------------------------
Summary
=======
Cisco IOS Software contains a queue wedge vulnerability that can be
triggered when processing IP tunneled packets. Only Cisco IOS
Software running on the Cisco 10000 Series router has been
demonstrated to be affected.
Successful exploitation of this vulnerability may prevent traffic from
transiting the affected interfaces.
Cisco has released free software updates that addresses this
vulnerability. There are no workarounds for this vulnerability. This
advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-c10k-tunnels
Note: The September 26, 2012, Cisco IOS Software Security Advisory
bundled publication includes 9 Cisco Security Advisories. Eight of the
advisories address vulnerabilities in Cisco IOS Software, and one
advisory addresses a vulnerability in Cisco Unified Communications
Manager. Each Cisco IOS Software Security Advisory lists the Cisco IOS
Software releases that correct the vulnerability or vulnerabilities
detailed in the advisory as well as the Cisco IOS Software releases
that correct all Cisco IOS Software vulnerabilities in the September
2012 bundled publication.
Individual publication links are in "Cisco Event Response: Semi-Annual
Cisco IOS Software Security Advisory Bundled Publication" at the
following link:
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep12.html
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org
iF4EAREIAAYFAlBgeD4ACgkQUddfH3/BbTpLigD/fKng67LLI/XQ0AkD8l6YyPct
/hYpJdygEEIqvm2htS8BAIGs1zHnI0iD1w9RTmKc+uaeopmfO8F7qsutxUFX4KhJ
=cGGl
- -----END PGP SIGNATURE-----
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Catalyst 4500E Series Switch with Cisco Catalyst Supervisor Engine 7L-E Denial of Service Vulnerability
Advisory ID: cisco-sa-20120926-ecc
Revision 1.0
For Public Release 2012 September 26 16:00 UTC (GMT)
+---------------------------------------------------------------------
Summary
=======
The Catalyst 4500E series switch with Supervisor Engine 7L-E contains
a denial of service (DoS) vulnerability when processing specially
crafted packets that can cause a reload of the device.
Cisco has released free software updates that address this
vulnerability.
Workarounds that mitigate this vulnerability are not available.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-ecc
Note: The September 26, 2012, Cisco IOS Software Security Advisory
bundled publication includes 9 Cisco Security Advisories. Eight of the
advisories address vulnerabilities in Cisco IOS Software, and one
advisory addresses a vulnerability in Cisco Unified Communications
Manager. Each Cisco IOS Software Security Advisory lists the Cisco IOS
Software releases that correct the vulnerability or vulnerabilities
detailed in the advisory as well as the Cisco IOS Software releases
that correct all Cisco IOS Software vulnerabilities in the September
2012 bundled publication.
Individual publication links are in "Cisco Event Response: Semi-Annual
Cisco IOS Software Security Advisory Bundled Publication" at the
following link:
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep12.html
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org
iF4EAREIAAYFAlBgeD8ACgkQUddfH3/BbTptGQD+LJo6CaOPouQRBuPy+1jpi5SB
EvY/pXj/6kA47NIeQtMA/A/K7sSoBEfEn/baeeTcOOvyJ4Yo4I9wekRMSMJFzxoz
=kR+l
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBUGPQ9+4yVqjM2NGpAQJ9dhAAk81m2zJMM0jJE8hpv3sKe3IRzInvS/W8
qfVm3y1x+6ghau9f2XdXX1jezDahkxggawkPwiKhVhfeGkuzZGkRhyX3Vcp6NdMc
if7i1GzYF7ta2xPw5gPtLrjqiOnoNo9LLbWAtVRK976ypXgCGfBlHes+MGO1sqpd
C6O+cIiX3z9pcRZ13nwyANm0b+1UZnrJI39yXwG4UEBC1YqXS5HmogIJ4uuiX/HG
CzVt+GLDXBgqSTnaNLT7OcWV8jmeuAxaGRduj1m/BeUH8nXVB/GdMbFp7+49D6Hc
/IuRtHL4n03+QB765Ufj2iKMsYBGMJkLr3VrMbWpDyLLYSwXWbV3kvJACuN5iA+0
eOssA3tiPtjCbkw174vYteenZEu6B/Y51R+BTCgmw6MozHlqhN1WpJ018XQUcCc/
y/VpUWnWzwDdUwAmsZQBJDtEbJ0pzQlqeUCb73zSfYTOnuwPFfkPlTvbtRG/SRhR
8u9d98DDEPeK8SelviaiaP3Yr4JU+UWQV9oH+sFxEeFGdTocBJHRockPseQIdlTl
l1uJXvTiXDP4AaQBl4vqaYpitxZ14btB1abERqbTYO7U2wJ6JHG3W4aQzHEI7RDT
MwnTdvPHAcGCJNqjztA38WY3VIyEmgPOFl2K780MKo4yTnxxErintlknjxEy+Yw1
ScxU5QOG3Vw=
=O37G
-----END PGP SIGNATURE-----