Vigil@nce - Cisco IOS: denials of service
May 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use several Cisco IOS vulnerabilities, in order to
create a denial of service.
Severity: 2/4
Creation date: 03/05/2012
IMPACTED PRODUCTS
– Cisco IOS
– Cisco Router
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in Cisco IOS.
An attacker can create a denial of service during the processing
of a remote HTTP service. [severity:2/4; 24436, CSCts12249,
CVE-2011-2586]
When "set mpls experimental imposition" is enabled, an attacker
can use fragmented packets, in order to create a denial of
service. [severity:2/4; CSCtr56576, CVE-2011-4007]
When PFC3C (Policy Feature Card 3C) is used, an attacker can
create an error during the processing of an ICMPv6 ACL.
[severity:2/4; CSCtj90091, CVE-2011-4012]
An attacker can create a denial of service by sending malformed
packets to the port 465/udp. [severity:2/4; CSCts48300,
CVE-2011-4015]
When PPP L2TP and PTA (Point-to-Point Termination and Aggregation)
are used, an attacker can create a denial of service.
[severity:2/4; CSCtf71673, CVE-2011-4016]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Cisco-IOS-denials-of-service-11574