JPCERT-AT-2007-0002
                                                             JPCERT/CC
                              January 25, 2007 (Original release date)
                                       January 25, 2007 (Last revised)

                  <<< JPCERT/CC Alert 2007-01-25 >>>

                   Multiple vulnerabilities in Cisco IOS

                 http://www.jpcert.or.jp/at/2007/at070002.txt

I. Overview

  Cisco IOS and Cisco IOS XR contain multiple vulnerabilities.
Exploitation of these vulnerabilities could allow a remote attacker
to cause a Denial of Service (DoS) condition or execute arbitrary
code. These problems can be solved by updating to the fixed versions
of IOS provided by Cisco Systems or by implementing workarounds
available from the following URLs:

**********************************************************************
(1) Crafted IP Option Vulnerability

  Cisco IOS and Cisco IOS XR contain a vulnerability in processing
certain IPv4 packets containing a crafted IP option. Successful
exploitation of this vulnerability could allow a remote attacker to
cause a Denial of Service (DoS) condition or execute arbitrary code.

    Cisco Security Advisory: Crafted IP Option Vulnerability
    Advisory ID: cisco-sa-20070124-crafted-ip-option
    http://www.cisco.com/warp/public/707/cisco-sa-20070124-crafted-ip-option.shtml

**********************************************************************
(2) Crafted TCP Packet Can Cause Denial of Service

  The Cisco IOS Transmission Control Protocol (TCP) listener is
vulnerable to a memory leak, which can potentially allow a remote
attacker to cause a Denial of Service (DoS) condition.

    Cisco Security Advisory: Crafted TCP Packet Can Cause Denial of 
      Service
    Advisory ID: cisco-sa-20070124-crafted-tcp
    http://www.cisco.com/en/US/products/products_security_advisory09186a00807cb0e4.shtml

**********************************************************************
(3) IPv6 Routing Header Vulnerability

  Cisco IOS contains a vulnerability in the processing of IPv6 Type 0
Routing headers, which can potentially allow a remote attacker to
cause a Denial of Service (DoS) condition or execute arbitrary code.

    Cisco Security Advisory: IPv6 Routing Header Vulnerability
    Advisory ID: cisco-sa-20070124-IOS-IPv6
    http://www.cisco.com/warp/public/707/cisco-sa-20070124-IOS-IPv6.shtml

**********************************************************************


II. Systems Affected

  These vulnerabilities affect many versions of Cisco IOS and Cisco
IOS XR software. For more information, refer to the advisories
released by Cisco Systems.


III. Solution

  To fix these problems, apply the patches provided by Cisco Systems,
control access, or stop services as needed. For more information,
refer to the advisories and other information released by Cisco
Systems.


IV. Reference Information

    US-CERT Technical Cyber Security Alert TA07-024A
    Cisco IOS is Affected by Multiple Vulnerabilities
    http://www.us-cert.gov/cas/techalerts/TA07-024A.html


    Cisco Security Advisory: Crafted IP Option Vulnerability
    Advisory ID: cisco-sa-20070124-crafted-ip-option
    http://www.cisco.com/warp/public/707/cisco-sa-20070124-crafted-ip-option.shtml

    US-CERT Vulnerability Note VU#341288
    Cisco IOS fails to properly process certain packets containing a
      crafted IP option
    http://www.kb.cert.org/vuls/id/341288

    Cisco Security Advisory: Crafted TCP Packet Can Cause Denial of
      Service
    Advisory ID: cisco-sa-20070124-crafted-tcp
    http://www.cisco.com/en/US/products/products_security_advisory09186a00807cb0e4.shtml

    US-CERT Vulnerability Note VU#217912
    Cisco IOS fails to properly process TCP packets
    http://www.kb.cert.org/vuls/id/217912

    Cisco Security Advisory: IPv6 Routing Header Vulnerability
    Advisory ID: cisco-sa-20070124-IOS-IPv6
    http://www.cisco.com/warp/public/707/cisco-sa-20070124-IOS-IPv6.shtml

    US-CERT Vulnerability Note VU#274760
    Cisco IOS fails to properly process specially crafted IPv6 packets
    http://www.kb.cert.org/vuls/id/274760

*** Update: Added on January 25, 2007 **********************************

    JP Vendor Status Notes JVNTA07-024A
    Cisco IOS is Affected by Multiple Vulnerabilities
    http://jvn.jp/cert/JVNTA07-024A/index.html

    JP Vendor Status Notes JVNVU#341288
    Cisco IOS fails to properly process certain packets containing a
      crafted IP option
    http://jvn.jp/cert/JVNVU%23341288/index.html

    JP Vendor Status Notes JVNVU#217912
    Cisco IOS fails to properly process TCP packets
    http://jvn.jp/cert/JVNVU%23217912/index.html

    JP Vendor Status Notes JVNVU#274760
    Cisco IOS fails to properly process specially crafted IPv6 packets
    http://jvn.jp/cert/JVNVU%23274760/index.html

**********************************************************************

  If you have any information regarding this matter, please contact
us.

__________

Revision History
January 25, 2007  Initial release
January 25, 2007  Added links to JVN sites

======================================================================
JPCERT Coordination Center (JPCERT/CC)
TEL: 03-3518-4600  FAX: 03-3518-4602
http://www.jpcert.or.jp/