ISS X-Force Database: cisco-ios-nexthop-bo(35889): Cisco IOS Next Hop Resolution Protocol buffer overflow

Cisco IOS Next Hop Resolution Protocol buffer overflow

cisco-ios-nexthop-bo (35889)

High Risk

Description:

Multiple Cisco devices running versions of Cisco IOS with the Next Hop Resolution Protocol enabled are vulnerable to a buffer overflow. By sending specially-crafted data, a remote attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system or cause the device to restart.

Platforms Affected:

Cisco, IOS 12.0
Cisco, IOS 12.0DC
Cisco, IOS 12.0S
Cisco, IOS 12.0SC
Cisco, IOS 12.0SL
Cisco, IOS 12.0SP
Cisco, IOS 12.0ST
Cisco, IOS 12.0SX
Cisco, IOS 12.0SY
Cisco, IOS 12.0SZ
Cisco, IOS 12.0T
Cisco, IOS 12.0XA
Cisco, IOS 12.0XC
Cisco, IOS 12.0XD
Cisco, IOS 12.0XE
Cisco, IOS 12.0XG
Cisco, IOS 12.0XH
Cisco, IOS 12.0XI
Cisco, IOS 12.0XJ
Cisco, IOS 12.0XK
Cisco, IOS 12.0XL
Cisco, IOS 12.0XN
Cisco, IOS 12.0XQ
Cisco, IOS 12.0XR
Cisco, IOS 12.1
Cisco, IOS 12.1AA
Cisco, IOS 12.1CX
Cisco, IOS 12.1DA
Cisco, IOS 12.1DC
Cisco, IOS 12.1E
Cisco, IOS 12.1EC
Cisco, IOS 12.1EU
Cisco, IOS 12.1EW
Cisco, IOS 12.1EX
Cisco, IOS 12.1EZ
Cisco, IOS 12.1GA
Cisco, IOS 12.1GB
Cisco, IOS 12.1T
Cisco, IOS 12.1XA
Cisco, IOS 12.1XC
Cisco, IOS 12.1XD
Cisco, IOS 12.1XG
Cisco, IOS 12.1XH
Cisco, IOS 12.1XI
Cisco, IOS 12.1XJ
Cisco, IOS 12.1XL
Cisco, IOS 12.1XM
Cisco, IOS 12.1XP
Cisco, IOS 12.1XQ
Cisco, IOS 12.1XR
Cisco, IOS 12.1XS
Cisco, IOS 12.1XT
Cisco, IOS 12.1XV
Cisco, IOS 12.1XW
Cisco, IOS 12.1XX
Cisco, IOS 12.1XY
Cisco, IOS 12.1XZ
Cisco, IOS 12.1YA
Cisco, IOS 12.1YB
Cisco, IOS 12.1YD
Cisco, IOS 12.1YE
Cisco, IOS 12.1YF
Cisco, IOS 12.1YI
Cisco, IOS 12.2
Cisco, IOS 12.2B
Cisco, IOS 12.2BC
Cisco, IOS 12.2BW
Cisco, IOS 12.2BY
Cisco, IOS 12.2BZ
Cisco, IOS 12.2CX
Cisco, IOS 12.2CY
Cisco, IOS 12.2DA
Cisco, IOS 12.2DD
Cisco, IOS 12.2DX
Cisco, IOS 12.2EU
Cisco, IOS 12.2EW
Cisco, IOS 12.2EWA
Cisco, IOS 12.2MB
Cisco, IOS 12.2MC
Cisco, IOS 12.2S
Cisco, IOS 12.2SB
Cisco, IOS 12.2SBC
Cisco, IOS 12.2SG
Cisco, IOS 12.2SGA
Cisco, IOS 12.2SM
Cisco, IOS 12.2SU
Cisco, IOS 12.2SV
Cisco, IOS 12.2SW
Cisco, IOS 12.2SX
Cisco, IOS 12.2SXA
Cisco, IOS 12.2SXB
Cisco, IOS 12.2SXD
Cisco, IOS 12.2SXE
Cisco, IOS 12.2SY
Cisco, IOS 12.2SZ
Cisco, IOS 12.2T
Cisco, IOS 12.2TPC
Cisco, IOS 12.2UZ
Cisco, IOS 12.2VZ
Cisco, IOS 12.2XA
Cisco, IOS 12.2XB
Cisco, IOS 12.2XC
Cisco, IOS 12.2XD
Cisco, IOS 12.2XF
Cisco, IOS 12.2XG
Cisco, IOS 12.2XH
Cisco, IOS 12.2XJ
Cisco, IOS 12.2XK
Cisco, IOS 12.2XL
Cisco, IOS 12.2XM
Cisco, IOS 12.2XN
Cisco, IOS 12.2XQ
Cisco, IOS 12.2XR
Cisco, IOS 12.2XS
Cisco, IOS 12.2XT
Cisco, IOS 12.2XU
Cisco, IOS 12.2XV
Cisco, IOS 12.2XW
Cisco, IOS 12.2YA
Cisco, IOS 12.2YB
Cisco, IOS 12.2YC
Cisco, IOS 12.2YD
Cisco, IOS 12.2YE
Cisco, IOS 12.2YF
Cisco, IOS 12.2YH
Cisco, IOS 12.2YJ
Cisco, IOS 12.2YL
Cisco, IOS 12.2YM
Cisco, IOS 12.2YN
Cisco, IOS 12.2YP
Cisco, IOS 12.2YQ
Cisco, IOS 12.2YR
Cisco, IOS 12.2YT
Cisco, IOS 12.2YU
Cisco, IOS 12.2YV
Cisco, IOS 12.2YW
Cisco, IOS 12.2YX
Cisco, IOS 12.2YY
Cisco, IOS 12.2YZ
Cisco, IOS 12.2ZA
Cisco, IOS 12.2ZB
Cisco, IOS 12.2ZC
Cisco, IOS 12.2ZE
Cisco, IOS 12.2ZF
Cisco, IOS 12.2ZG
Cisco, IOS 12.2ZH
Cisco, IOS 12.2ZJ
Cisco, IOS 12.2ZL
Cisco, IOS 12.2ZR
Cisco, IOS 12.3
Cisco, IOS 12.3B
Cisco, IOS 12.3BC
Cisco, IOS 12.3BW
Cisco, IOS 12.3T
Cisco, IOS 12.3TPC
Cisco, IOS 12.3XA
Cisco, IOS 12.3XB
Cisco, IOS 12.3XC
Cisco, IOS 12.3XD
Cisco, IOS 12.3XE
Cisco, IOS 12.3XF
Cisco, IOS 12.3XG
Cisco, IOS 12.3XH
Cisco, IOS 12.3XI
Cisco, IOS 12.3XJ
Cisco, IOS 12.3XK
Cisco, IOS 12.3XQ
Cisco, IOS 12.3XR
Cisco, IOS 12.3XS
Cisco, IOS 12.3XU
Cisco, IOS 12.3XW
Cisco, IOS 12.3YA
Cisco, IOS 12.3YD
Cisco, IOS 12.3YF
Cisco, IOS 12.3YG
Cisco, IOS 12.3YH
Cisco, IOS 12.3YI
Cisco, IOS 12.3YJ
Cisco, IOS 12.3YK
Cisco, IOS 12.3YM
Cisco, IOS 12.3YQ
Cisco, IOS 12.3YS
Cisco, IOS 12.3YT
Cisco, IOS 12.3YU
Cisco, IOS 12.3YX
Cisco, IOS 12.3YZ
Cisco, IOS 12.4
Cisco, IOS 12.4MR
Cisco, IOS 12.4T
Cisco, IOS 12.4XB

Remedy:

Refer to cisco-sa-20070808-nhrp for upgrade or suggested workaround information. See References.

Consequences:

Gain Access

References:

cisco-sa-20070808-nhrp, Cisco Security Advisory: Cisco IOS Next Hop Resolution Protocol Vulnerability at http://www.cisco.com/warp/public/707/cisco-sa-20070808-nhrp.shtml.
BID-25238: CISCO IOS NHRP Remote Buffer Overflow Vulnerability
CVE-2007-4286: Buffer overflow in the Next Hop Resolution Protocol (NHRP) functionality in Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (restart) and execute arbitrary code via a crafted NHRP packet.
SA26360: Cisco IOS Next Hop Resolution Protocol Buffer Overflow
SECTRACK ID: 1018535: Cisco IOS Next Hop Resolution Protocol (NHRP) Bug Lets Remote Users Deny Service or Execute Arbitrary Code
US-CERT VU#201984: Cisco IOS fails to properly handle Next Hop Resolution Protocol packets
VUPEN/ADV-2007-2818: Cisco IOS Next Hop Resolution Protocol Remote Code Execution Vulnerability

Reported:

Aug 08, 2007

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page