ISS X-Force Database: cisco-ips-ethernetframes-dos(43166): Cisco Intrusion Prevention System (IPS) Ethernet frames denial of service

Cisco Intrusion Prevention System (IPS) Ethernet frames denial of service

cisco-ips-ethernetframes-dos (43166)

Low Risk

Description:

Multiple Cisco IDS/IPS devices running certain versions of Cisco Intrusion Prevention System (IPS) software are vulnerable to a denial of service attack, caused by the improper handling of jumbo Ethernet frames. By injecting a certain series of jumbo Ethernet frames to an Intel-based gigabit network interface that is in inline mode, a remote attacker could cause a kernel panic resulting in the complete collapse of the platform and creating a denial of service condition.

Platforms Affected:

Cisco, IDS 4235
Cisco, IDS 4250-SX
Cisco, IDS 4250-TX
Cisco, IDS 4250-XL
Cisco, Intrusion Prevention System 5.1(1)
Cisco, Intrusion Prevention System 5.1(8)
Cisco, Intrusion Prevention System 6.0
Cisco, Intrusion Prevention System 6.0(5)
Cisco, Intrusion Prevention System 4240
Cisco, Intrusion Prevention System 4250
Cisco, Intrusion Prevention System 4255
Cisco, Intrusion Prevention System 4260
Cisco, Intrusion Prevention System 4270

Remedy:

Refer to cisco-sa-20080618-ips for patch, upgrade or suggested workaround information. See References.

Consequences:

Denial of Service

References:

cisco-sa-20080618-ips, Cisco Security Advisory: Cisco Intrusion Prevention System Jumbo Frame Denial of Service at http://www.cisco.com/warp/public/707/cisco-sa-20080618-ips.shtml.
BID-29791: Cisco Intrustion Prevention System (IPS) Platforms Inline Mode Denial of Service Vulnerability
CVE-2008-2060: Unspecified vulnerability in Cisco Intrusion Prevention System (IPS) 5.x before 5.1(8)E2 and 6.x before 6.0(5)E2, when inline mode and jumbo Ethernet support are enabled, allows remote attackers to cause a denial of service (panic), and possibly bypass intended restrictions on network traffic, via a specific series of jumbo Ethernet frames.
SA30767: Cisco Intrusion Prevention System Jumbo Frames Denial of Service
SECTRACK ID: 1020326: Cisco Intrusion Prevention System Can Be Crashed By Remote Users Sending Jumbo Ethernet Packets
VUPEN/ADV-2008-1872: Cisco Intrusion Prevention System Jumbo Frame Vulnerability

Reported:

Jun 18, 2008

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page