Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > March 2007 > Cisco Security Advisories

March 2007

Cisco Security Advisories

ID: 69
Ref: 011/2007
Date: 07 March 2007:17:59:58
Version: 1
Title: Cisco Security Advisories
Abstract: Description of two Cisco vulnerabilities: 1. Multiple IOS IPS Vulnerabilities 2. SIP Packets Reload IOS Devices with support for SIP - Updated - Revision 2
Vendors affected: Cisco
Operating systems affected: Cisco
Applications affected: Cisco
1. Cisco Security Advisory: Multiple IOS IPS Vulnerabilities Advisory ID: cisco-sa-20070213-iosips

The Intrusion Prevention System (IPS) feature set of Cisco IOS contains several vulnerabilities. These include:

* Fragmented IP packets may be used to evade signature inspection.
* IPS signatures utilizing the regular expression feature of the
ATOMIC.TCP signature engine may cause a router to crash resulting
in a denial of service.

There are mitigations and workarounds for these vulnerabilities. Cisco has made free software available to address these vulnerabilities for affected customers.

This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20070213-iosips.shtml.



2. Cisco Security Advisory: SIP Packets Reload IOS Devices with support for SIP Advisory ID: cisco-sa-20070131-sip

Revision 2.0, which contains new information regarding afffected products and software version

Cisco devices running an affected version of Internetwork Operating System (IOS) which supports Session Initiation Protocol (SIP) are affected by a vulnerability that may lead to a reload of the device when receiving a specific series of packets destined to port 5060.

This issue is compounded by a related bug which allows traffic to TCP 5060 and UDP port 5060 on devices not configured for SIP.

There are no known instances of intentional exploitation of this issue. However, Cisco has observed data streams that appear to be unintentionally triggering the vulnerability.

Workarounds exist to mitigate the effects of this problem on devices which do not require SIP.

This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20070131-sip.shtml.

______________________________________________________________________________

CPNI values your feedback.

1. Which of the following most reflects the value of the advisory to you?
(Place an 'X' next to your choice)

Very useful:__ Useful:__ Not useful:__

2. If you did not find it useful, why not?


3. Any other comments? How could we improve our advisories?


Thank you for your contribution.
______________________________________________________________________________

CPNI wishes to acknowledge the contributions of Cisco for the information contained in this advisory.
______________________________________________________________________________

  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |