| VID |
29142 |
| Severity |
30 |
| Port |
161 |
| Protocol |
UDP |
| Class |
CISCO |
| Detailed Description |
The remote Cisco IOS device has an information leak vulnerability. A bug in the MallocLite implementation can result in a crash when processing a specially crafted BGP update message.
* Note: This check solely relied on the version number of the remote system to assess these vulnerabilities, so this might be a false positive. Also, it requires a read access SNMP community string to collect the version number. To provide this access, add the valid community string to the check item, "snmp/guessable/r" from the Policy Editor. And also, if SGBP is disabled, please ignore this alert.
* References:
http://www.cisco.com/en/US/docs/ios/12_2sr/release/notes/122SRcavs1.html
* Platforms Affected:
Cisco IOS versions 12.2(33)SRE5
Cisco IOS versions 12.2(33)SRE4
Cisco IOS versions 12.2(33)SRE3
Cisco IOS versions 12.2(33)SRE2
Cisco IOS versions 12.2(33)SRE1
Cisco IOS versions 12.2(33)SRE0a |
| Recommendation |
Upgrade to the fixed Cisco IOS version, as listed in Cisco Security Advisory (The RP crashes due to bad chunk in MallocLite: CSCtq06538) at http://www.cisco.com/en/US/docs/ios/12_2sr/release/notes/122SRcavs1.html
Upgrades should be obtained through the Software Center on Cisco's worldwide web site at http://www.cisco.com |
| Related URL |
CVE-2012-1367 (CVE) |
| Related URL |
54830 (SecurityFocus) |
| Related URL |
(ISS) |
|
