Cisco IOS Multicast Virtual Private Network (MVPN) information disclosure

cisco-ios-mvpm-information-disclosure (41468)

Low Risk

Description:

Cisco IOS could allow a remote attacker to obtain sensitive information, caused by an error when Multicast Virtual Private Network (MVPN) is enabled. By sending a specially-crafted Multicast Distribution Tree (MDT) Data Join message, a remote attacker could cause VPNs that are not connected to the same edge router as the attacker to leak multicast traffic when the BGP peer IP address and the multicast group address of other MPLS VPNs are known.

Platforms Affected:

• Cisco, IOS 12.0S
• Cisco, IOS 12.0SX
• Cisco, IOS 12.0SY
• Cisco, IOS 12.0SZ
• Cisco, IOS 12.2B
• Cisco, IOS 12.2BC
• Cisco, IOS 12.2BZ
• Cisco, IOS 12.2CX
• Cisco, IOS 12.2CZ
• Cisco, IOS 12.2EU
• Cisco, IOS 12.2EW
• Cisco, IOS 12.2EZ
• Cisco, IOS 12.2FZ
• Cisco, IOS 12.2IXA
• Cisco, IOS 12.2IXB
• Cisco, IOS 12.2IXC
• Cisco, IOS 12.2SBC
• Cisco, IOS 12.2SEA
• Cisco, IOS 12.2SEB
• Cisco, IOS 12.2SEC
• Cisco, IOS 12.2SED
• Cisco, IOS 12.2SO
• Cisco, IOS 12.2SU
• Cisco, IOS 12.2SX
• Cisco, IOS 12.2SXA
• Cisco, IOS 12.2SXB
• Cisco, IOS 12.2SXD
• Cisco, IOS 12.2SXE
• Cisco, IOS 12.2SY
• Cisco, IOS 12.2SZ
• Cisco, IOS 12.2T
• Cisco, IOS 12.2UZ
• Cisco, IOS 12.2YH
• Cisco, IOS 12.2YJ
• Cisco, IOS 12.2YL
• Cisco, IOS 12.2YM
• Cisco, IOS 12.2YN
• Cisco, IOS 12.2YQ
• Cisco, IOS 12.2YR
• Cisco, IOS 12.2YT
• Cisco, IOS 12.2YU
• Cisco, IOS 12.2YV
• Cisco, IOS 12.2YX
• Cisco, IOS 12.2YZ
• Cisco, IOS 12.2ZA
• Cisco, IOS 12.2ZC
• Cisco, IOS 12.2ZD
• Cisco, IOS 12.2ZE
• Cisco, IOS 12.2ZF
• Cisco, IOS 12.2ZG
• Cisco, IOS 12.2ZJ
• Cisco, IOS 12.2ZL
• Cisco, IOS 12.2ZP
• Cisco, IOS 12.2ZU
• Cisco, IOS 12.3B
• Cisco, IOS 12.3BW
• Cisco, IOS 12.3T
• Cisco, IOS 12.3VA
• Cisco, IOS 12.3XB
• Cisco, IOS 12.3XD
• Cisco, IOS 12.3XF
• Cisco, IOS 12.3XG
• Cisco, IOS 12.3XH
• Cisco, IOS 12.3XJ
• Cisco, IOS 12.3XK
• Cisco, IOS 12.3XQ
• Cisco, IOS 12.3XS
• Cisco, IOS 12.3XU
• Cisco, IOS 12.3XW
• Cisco, IOS 12.3XY
• Cisco, IOS 12.3YA
• Cisco, IOS 12.3YD
• Cisco, IOS 12.3YF
• Cisco, IOS 12.3YH
• Cisco, IOS 12.3YI
• Cisco, IOS 12.3YJ
• Cisco, IOS 12.3YQ
• Cisco, IOS 12.3YT
• Cisco, IOS 12.3YU
• Cisco, IOS 12.4XA
• Cisco, IOS 12.4XF
• Cisco, IOS 12.4XK

Remedy:

Refer to cisco-sa-20080326-mvpn for patch, upgrade or suggested workaround information. See References.

Consequences:

Obtain Information

References:

• cisco-sa-20080326-mvpn, Cisco Security Advisory: Cisco IOS Multicast Virtual Private Network (MVPN) Data Leak at http://www.cisco.com/warp/public/707/cisco-sa-20080326-mvpn.shtml.
• BID-28464: Cisco IOS Multicast Virtual Private Network MDT Data Join Handling Vulnerability
• CVE-2008-1156: Unspecified vulnerability in the Multicast Virtual Private Network (MVPN) implementation in Cisco IOS 12.0, 12.2, 12.3, and 12.4 allows remote attackers to create extra multicast states on the core routers via a crafted Multicast Distribution Tree (MDT) Data Join message.
• FrSIRT/ADV-2008-1006: Cisco IOS Denial of Service and Information Disclosure Vulnerabilities
• SA29507: Cisco IOS Multiple Vulnerabilities
• SECTRACK ID: 1019715: Cisco IOS Multicast Virtual Private Network (MVPN) Data Leak Lets Remote Users Obtain VPN Traffic

Reported:

Mar 26, 2008

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.

For corrections or additions please email xforce@iss.net

Return to the main page