ISS X-Force Database: cisco-ip-option-code-execution(31725): Cisco IOS and IOS XR IP option code execution

Cisco IOS and IOS XR IP option code execution

cisco-ip-option-code-execution (31725)

High Risk

Description:

Cisco devices running certain versions of Cisco Internetwork Operating System Software (IOS) could allow a remote attacker to execute arbitrary code or cause a denial of service, caused by improper handling of certain packets containing a specially-crafted IP option. By sending an Internet Control Message Protocol (ICMP), Protocol Independent Multicast version 2 (PIMv2), Pragmatic General Multicast (PGM), or URL Rendezvous Directory (URD) packet containing a specially-crafted IP option to a physical or virtual IPv4 address on an affected device, a remote attacker could exploit this vulnerability to execute arbitrary code on the affected device or cause the device to reload, resulting in a denial of service.

Platforms Affected:

Cisco, IOS 12.0
Cisco, IOS 12.0DA
Cisco, IOS 12.0DB
Cisco, IOS 12.0DC
Cisco, IOS 12.0S
Cisco, IOS 12.0SC
Cisco, IOS 12.0SL
Cisco, IOS 12.0SP
Cisco, IOS 12.0ST
Cisco, IOS 12.0SX
Cisco, IOS 12.0SY
Cisco, IOS 12.0SZ
Cisco, IOS 12.0T
Cisco, IOS 12.0W
Cisco, IOS 12.0WC
Cisco, IOS 12.0WT
Cisco, IOS 12.0XA
Cisco, IOS 12.0XB
Cisco, IOS 12.0XC
Cisco, IOS 12.0XD
Cisco, IOS 12.0XE
Cisco, IOS 12.0XG
Cisco, IOS 12.0XH
Cisco, IOS 12.0XI
Cisco, IOS 12.0XJ
Cisco, IOS 12.0XK
Cisco, IOS 12.0XL
Cisco, IOS 12.0XM
Cisco, IOS 12.0XN
Cisco, IOS 12.0XQ
Cisco, IOS 12.0XR
Cisco, IOS 12.0XS
Cisco, IOS 12.0XV
Cisco, IOS 12.0XW
Cisco, IOS 12.1
Cisco, IOS 12.1AA
Cisco, IOS 12.1AX
Cisco, IOS 12.1AY
Cisco, IOS 12.1AZ
Cisco, IOS 12.1CX
Cisco, IOS 12.1DA
Cisco, IOS 12.1DB
Cisco, IOS 12.1DC
Cisco, IOS 12.1E
Cisco, IOS 12.1EA
Cisco, IOS 12.1EB
Cisco, IOS 12.1EC
Cisco, IOS 12.1EO
Cisco, IOS 12.1EU
Cisco, IOS 12.1EV
Cisco, IOS 12.1EW
Cisco, IOS 12.1EX
Cisco, IOS 12.1EY
Cisco, IOS 12.1EZ
Cisco, IOS 12.1T
Cisco, IOS 12.1XA
Cisco, IOS 12.1XB
Cisco, IOS 12.1XC
Cisco, IOS 12.1XD
Cisco, IOS 12.1XE
Cisco, IOS 12.1XF
Cisco, IOS 12.1XG
Cisco, IOS 12.1XI
Cisco, IOS 12.1XJ
Cisco, IOS 12.1XL
Cisco, IOS 12.1XM
Cisco, IOS 12.1XP
Cisco, IOS 12.1XQ
Cisco, IOS 12.1XR
Cisco, IOS 12.1XS
Cisco, IOS 12.1XT
Cisco, IOS 12.1XU
Cisco, IOS 12.1XV
Cisco, IOS 12.1XW
Cisco, IOS 12.1XX
Cisco, IOS 12.1XY
Cisco, IOS 12.1XZ
Cisco, IOS 12.1YA
Cisco, IOS 12.1YB
Cisco, IOS 12.1YC
Cisco, IOS 12.1YD
Cisco, IOS 12.1YE
Cisco, IOS 12.1YF
Cisco, IOS 12.1YH
Cisco, IOS 12.1YI
Cisco, IOS 12.1YJ
Cisco, IOS 12.2
Cisco, IOS 12.21XA
Cisco, IOS 12.21XB
Cisco, IOS 12.2B
Cisco, IOS 12.2BC
Cisco, IOS 12.2BW
Cisco, IOS 12.2BY
Cisco, IOS 12.2BZ
Cisco, IOS 12.2CX
Cisco, IOS 12.2CY
Cisco, IOS 12.2CZ
Cisco, IOS 12.2DA
Cisco, IOS 12.2DD
Cisco, IOS 12.2DX
Cisco, IOS 12.2EU
Cisco, IOS 12.2EW
Cisco, IOS 12.2EWA
Cisco, IOS 12.2EX
Cisco, IOS 12.2EY
Cisco, IOS 12.2EZ
Cisco, IOS 12.2FX
Cisco, IOS 12.2FZ
Cisco, IOS 12.2IXC
Cisco, IOS 12.2JA
Cisco, IOS 12.2JK
Cisco, IOS 12.2MB
Cisco, IOS 12.2MC
Cisco, IOS 12.2S
Cisco, IOS 12.2SB
Cisco, IOS 12.2SBC
Cisco, IOS 12.2SE
Cisco, IOS 12.2SEA
Cisco, IOS 12.2SEB
Cisco, IOS 12.2SEC
Cisco, IOS 12.2SED
Cisco, IOS 12.2SEE
Cisco, IOS 12.2SEF
Cisco, IOS 12.2SEG
Cisco, IOS 12.2SG
Cisco, IOS 12.2SGA
Cisco, IOS 12.2SO
Cisco, IOS 12.2SRA
Cisco, IOS 12.2SRB
Cisco, IOS 12.2SU
Cisco, IOS 12.2SV
Cisco, IOS 12.2SW
Cisco, IOS 12.2SX
Cisco, IOS 12.2SXA
Cisco, IOS 12.2SXB
Cisco, IOS 12.2SXD
Cisco, IOS 12.2SXE
Cisco, IOS 12.2SXF
Cisco, IOS 12.2SY
Cisco, IOS 12.2SZ
Cisco, IOS 12.2T
Cisco, IOS 12.2TPC
Cisco, IOS 12.2XA
Cisco, IOS 12.2XB
Cisco, IOS 12.2XC
Cisco, IOS 12.2XD
Cisco, IOS 12.2XE
Cisco, IOS 12.2XF
Cisco, IOS 12.2XG
Cisco, IOS 12.2XH
Cisco, IOS 12.2XI
Cisco, IOS 12.2XJ
Cisco, IOS 12.2XK
Cisco, IOS 12.2XL
Cisco, IOS 12.2XM
Cisco, IOS 12.2XN
Cisco, IOS 12.2XQ
Cisco, IOS 12.2XR
Cisco, IOS 12.2XS
Cisco, IOS 12.2XU
Cisco, IOS 12.2XV
Cisco, IOS 12.2XW
Cisco, IOS 12.2YA
Cisco, IOS 12.2YB
Cisco, IOS 12.2YC
Cisco, IOS 12.2YD
Cisco, IOS 12.2YE
Cisco, IOS 12.2YF
Cisco, IOS 12.2YG
Cisco, IOS 12.2YH
Cisco, IOS 12.2YJ
Cisco, IOS 12.2YK
Cisco, IOS 12.2YL
Cisco, IOS 12.2YM
Cisco, IOS 12.2YN
Cisco, IOS 12.2YP
Cisco, IOS 12.2YQ
Cisco, IOS 12.2YR
Cisco, IOS 12.2YS
Cisco, IOS 12.2YT
Cisco, IOS 12.2YU
Cisco, IOS 12.2YV
Cisco, IOS 12.2YW
Cisco, IOS 12.2YX
Cisco, IOS 12.2YY
Cisco, IOS 12.2YZ
Cisco, IOS 12.2ZA
Cisco, IOS 12.2ZB
Cisco, IOS 12.2ZC
Cisco, IOS 12.2ZD
Cisco, IOS 12.2ZE
Cisco, IOS 12.2ZF
Cisco, IOS 12.2ZG
Cisco, IOS 12.2ZH
Cisco, IOS 12.2ZJ
Cisco, IOS 12.2ZL
Cisco, IOS 12.2ZN
Cisco, IOS 12.2ZP
Cisco, IOS 12.3
Cisco, IOS 12.3B
Cisco, IOS 12.3BC
Cisco, IOS 12.3BW
Cisco, IOS 12.3JA
Cisco, IOS 12.3JEA
Cisco, IOS 12.3JEB
Cisco, IOS 12.3JK
Cisco, IOS 12.3T
Cisco, IOS 12.3TPC
Cisco, IOS 12.3XA
Cisco, IOS 12.3XB
Cisco, IOS 12.3XC
Cisco, IOS 12.3XD
Cisco, IOS 12.3XE
Cisco, IOS 12.3XF
Cisco, IOS 12.3XG
Cisco, IOS 12.3XH
Cisco, IOS 12.3XI
Cisco, IOS 12.3XJ
Cisco, IOS 12.3XK
Cisco, IOS 12.3XQ
Cisco, IOS 12.3XR
Cisco, IOS 12.3XS
Cisco, IOS 12.3XU
Cisco, IOS 12.3XW
Cisco, IOS 12.3XX
Cisco, IOS 12.3XY
Cisco, IOS 12.3YA
Cisco, IOS 12.3YD
Cisco, IOS 12.3YF
Cisco, IOS 12.3YG
Cisco, IOS 12.3YH
Cisco, IOS 12.3YI
Cisco, IOS 12.3YJ
Cisco, IOS 12.3YK
Cisco, IOS 12.3YM
Cisco, IOS 12.3YQ
Cisco, IOS 12.3YS
Cisco, IOS 12.3YT
Cisco, IOS 12.3YU
Cisco, IOS 12.3YX
Cisco, IOS 12.3YZ
Cisco, IOS XR 3.2.2
Cisco, IOS XR 3.2.3
Cisco, IOS XR 3.2.4
Cisco, IOS XR 3.2.6
Cisco, IOS XR 3.3
Cisco, IOS XR 3.4

Remedy:

Refer to cisco-sa-20070124-crafted-ip-option for upgrade or suggested workaround information. See References.

Consequences:

Gain Access

References:

Cisco Applied Intelligence Response: Document ID: 77839, Identifying and Mitigating Exploitation of the Crafted IP Option Vulnerability at http://www.cisco.com/en/US/products/products_security_response09186a00807cb0da.html.
cisco-sa-20070124-crafted-ip-option, Cisco Security Advisory: Crafted IP Option Vulnerability at http://www.cisco.com/warp/public/707/cisco-sa-20070124-crafted-ip-option.shtml.
BID-22211: Cisco Multiple Devices Crafted IP Option Multiple Remote Code Execution Vulnerability
CVE-2007-0480: Cisco IOS 9.x, 10.x, 11.x, and 12.x and IOS XR 2.0.x, 3.0.x, and 3.2.x allows remote attackers to cause a denial of service or execute arbitrary code via a crafted IP option in the IP header in a (1) ICMP, (2) PIMv2, (3) PGM, or (4) URD packet.
SA23867: Cisco IOS Multiple Vulnerabilities
SECTRACK ID: 1017555: Cisco IOS ICMP, PIMv2, PGM, and URD IP Option Bug May Let Remote Users Execute Arbitrary Code
US-CERT VU#341288: Cisco IOS fails to properly process certain packets containing a crafted IP option
VUPEN/ADV-2007-0329: Cisco IOS Packets Handling Remote Code Execution and Denial of Service Vulnerabilities

Reported:

Jan 24, 2007

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page