Korean

<< Back VID 29121 Severity 40 Port 161 Protocol UDP Class CISCO Detailed Description The Cisco IOS, according to its version number, has a denial of service vulnerability by the crafted IPv6 packets (CISCO bug ID CSCed40933). IPv6 is the "Internet Protocol Version 6", designed by the Internet Engineering Task Force (IETF) to replace the current version Internet Protocol, IP Version 4 (IPv4). CISCO IOS versions 12.0S through 12.3YH are vulnerable to a denial of service vulnerability, caused by exception handling error in the processing of IPv6 packets. If IPv6 is enabled on the device, a remote attacker could send multiple specially-crafted IPv6 packets, which would allow the attacker to gain full control of the affected device, or cause the device to reload, even if ipv6 unicast-routing is globally disabled. * Note: This check solely relied on the version number of the remote system to assess these vulnerabilities, so this might be a false positive. Also, it requires a read access SNMP community string to collect the version number. To provide this access, add the valid community string to the check item, "snmp/guessable/r" from the Policy Editor. Products running any version of Cisco IOS that do not have IPv6 configured interfaces are not vulnerable, in this case please ignore this alert. * References: http://www.cisco.com/warp/public/707/cisco-sa-20050126-ipv6.shtml http://www.kb.cert.org/vuls/id/472582 http://www.us-cert.gov/cas/techalerts/TA05-026A.html http://securitytracker.com/alerts/2005/Jan/1013016.html * Platforms Affected: CISCO IOS versions 12.0S through 12.3YH Recommendation Upgrade to the fixed Cisco IOS version, as listed in "Software Versions and Fixes" of Cisco Security Advisory (Multiple Crafted IPv6 Packets Cause Reload) at http://www.cisco.com/warp/public/707/cisco-sa-20050126-ipv6.shtml Upgrades should be obtained through the Software Center on Cisco's worldwide web site at http://www.cisco.com Related URL CVE-2005-0195 (CVE) Related URL 12368 (SecurityFocus) Related URL 19072 (ISS)