Internet Security Systems - AlertCon(TM)

Cisco IOS IPv6 Routing Header Information Leak

Posted by Tom Cross on August 10, 2007 at 2:27 PM EDT.

Earlier this week Cisco credited me with independent discovery of an information disclosure vulnerability in the IPv6 Routing Header parser of the IOS software that runs on their routers. I stumbled upon this issue while doing some analysis of another vulnerability.

The security implications are fairly minor. While the software clearly doesn't handle particular malformed packets correctly, denial of service should rarely occur. However, we felt that reporting the details to Cisco was the responsible thing to do, and it turns out that although they had already fixed the problem in most of their software trains, there were some that had not yet been updated.

Once all the updates were complete Cisco was able to put out an advisory, and they gave us some credit for working with them on the issue. Although this vulnerability is minor, we were glad to have had the opportunity to work with them on getting it cleared up.   

Comments or opinions expressed on this Weblog are the opinions of the authors alone. They are not necessarily reviewed in advance by anyone but the individual authors, and neither IBM Internet Security Systems nor any other party necessarily agrees with them. The views expressed by outside contributors and links to outside websites do not represent the views of IBM Internet Security Systems, its management or employees. All content on this Weblog has been made available on an “as-is” basis, and IBM Internet Security Systems shall not be liable for any direct or indirect damages arising out of use of this Weblog.