Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Exploits-HackingTools
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[NEWS] Cisco Intrusion Prevention System Malformed Packet Denial of Serv

from [SecuriTeam] Network Security [Permanent Link]
Subject: [NEWS] Cisco Intrusion Prevention System Malformed Packet Denial of Service
Date: 16 Jul 2006 12:51:54 +0200 
The following security advisory is sent to the securiteam mailing list, and can 
be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html 

- - - - - - - - -



  Cisco Intrusion Prevention System Malformed Packet Denial of Service
------------------------------------------------------------------------


SUMMARY

Successful exploitation of the vulnerability may result in the failure of 
an IPS device to operate as expected. Affected devices will become 
inaccessible remotely or via the console and stop processing packets. If 
deployed as an inline device, an IPS device will stop forwarding packets, 
including devices configured to use the auto-bypass feature. This may 
result in a network outage. A power reset is required to recover the IPS 
device.

DETAILS

Vulnerable Systems:
 * IDS-4235
 * IPS-4240
 * IDS-4250-SX
 * IDS-4250-TX
 * IDS-4250-XL (4250 with XL accelerator card)
 * IPS-4255

Immune Systems:
 * NM-CIDS
 * IDSM-2
 * ASA-SSM-AIP-10
 * ASA-SSM-AIP-20
 * IDS-4210
 * IDS-4215
 * IDS-4220
 * IDS-4230

Cisco Intrusion Prevention Systems (IPS) are a family of network security 
devices that provide network based threat prevention services. A 
vulnerability exists in the custom device driver for Intel-based gigabit 
network adapters used to process packets received by the sensing 
interfaces of certain IPS devices. A malformed IP packet received on an 
Intel-based gigabit network adapter configured for use as a sensing 
interface may result in the IPS device experiencing a kernel panic. 
Affected IPS devices will cease processing packets, producing alerts, 
performing automated actions such as logging, and become inaccessible 
remotely or via the console.

If deployed as an inline device, the IPS will also stop forwarding packets 
between interfaces and may cause a network outage. IPS devices configured 
to use the auto-bypass feature will also fail to forward packets. 
Attackers may use this vulnerability to disable an IPS device to hide 
malicious activity. This vulnerability only affects certain IPS devices 
configured to use Intel-based gigabit network adapters as sensing 
interfaces. IPS devices configured to use an Intel-based gigabit network 
adapter as a management interface are not affected by this vulnerability. 
A power reset is required to recover the IPS device.


ADDITIONAL INFORMATION

The information has been provided by  <mailto:psirt@cisco.com> Cisco 
Security.
The original article can be found at:  
<http://www.cisco.com/warp/public/707/cisco-sa-20060712-ips.shtml> 
http://www.cisco.com/warp/public/707/cisco-sa-20060712-ips.shtml



======================================== 


This bulletin is sent to members of the SecuriTeam mailing list. 
To unsubscribe from the list, send mail with an empty subject line and body to: 
list-unsubscribe@securiteam.com 
In order to subscribe to the mailing list, simply forward this email to: 
list-subscribe@securiteam.com 


==================== 
==================== 

DISCLAIMER: 
The information in this bulletin is provided "AS IS" without warranty of any 
kind. 
In no event shall we be liable for any damages whatsoever including direct, 
indirect, incidental, consequential, loss of business profits or special 
damages.
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [NEWS] Cisco Intrusion Prevention System Malformed Packet Denial of Service, SecuriTeam <=
Previous by Date:  [NT] Microsoft Excel Array Index Error Remote Code Execution (MS06-037), SecuriTeam
Next by Date:  [NEWS] McAfee ePolicy Orchestrator Remote Compromise, SecuriTeam
Previous by Thread:  [NT] Microsoft Excel Array Index Error Remote Code Execution (MS06-037), SecuriTeam
Next by Thread:  [NEWS] McAfee ePolicy Orchestrator Remote Compromise, SecuriTeam
Indexes:  [Date] [Thread] [Top] [All Lists]