Vigil@nce - Cisco IOS XR: denial of service via UDP Service
October 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can send several UDP packets to a service listening on
Cisco IOS XR version 4.3.1, in order to trigger a denial of
service.
Impacted products: Cisco ASR, IOS XR
Severity: 2/4
Creation date: 02/10/2013
DESCRIPTION OF THE VULNERABILITY
An UDP service can be configured on Cisco IOS XR:
– SNMP : 161/udp, 162/udp
– NTP : 123/udp
– LDP : 646/udp
– Syslog : 514/udp
However, when the queue of packets for an UDP service is full, the
memory is never freed.
An attacker can therefore send several UDP packets to a service
listening on Cisco IOS XR version 4.3.1, in order to trigger a
denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Cisco-IOS-XR-denial-of-service-via-UDP-Service-13515