Посылаю в развитие/продолжение поста ЗАРАЗА
Обратите внимание на
http://www.cisco.com/warp/public/707/cisco-sa-20070124-bundle.shtml
Там удобно смотреть, кому и до какой версии надо обновиться, чтобы защититься
от всех уязвимостей из 3 бюллетеней.
>
> ----------------------------------------------------------------------
>
> TITLE:
> Cisco IOS Multiple Vulnerabilities
>
> SECUNIA ADVISORY ID:
> SA23867
>
> VERIFY ADVISORY:
> http://secunia.com/advisories/23867/
>
> CRITICAL:
> Highly critical
>
> IMPACT:
> DoS, System access
>
> WHERE:
> From remote
>
> OPERATING SYSTEM:
> Cisco IOS XR 3.x
> http://secunia.com/product/4907/
> Cisco IOS R12.x
> http://secunia.com/product/50/
> Cisco IOS R11.x
> http://secunia.com/product/53/
> Cisco IOS 12.x
> http://secunia.com/product/182/
> Cisco IOS 11.x
> http://secunia.com/product/183/
> Cisco IOS 10.x
> http://secunia.com/product/184/
>
> DESCRIPTION:
> Some vulnerabilities have been reported in Cisco IOS, which can be
> exploited by malicious people to cause a DoS (Denial of Service) and
> potentially compromise a vulnerable system.
>
> 1) An error exists in the processing of IP options in various IP
> packets (including some ICMP requests, PIMv2, PGM, and URD requests).
> This can be exploited to restart the device or ipv4_io process or
> potentially execute arbitrary code via a specially crafted IP Option
> field in a packet sent to a physical or virtual IPv4 address
> configured on the device.
>
> 2) A memory leak error in the processing of TCP packets can be
> exploited to cause the device to consume a large amount of memory
> over time and may lead to a degraded service via a specially crafted
> packet sent to a physical or virtual IPv4 address configured on the
> device.
>
> 3) An error in the processing of IPv6 Type 0 Routing headers can be
> exploited to crash the device via a specially crafted packet sent to
> an IPv6 address defined on the device.
>
> Successful exploitation of this vulnerability requires that IPv6 is
> enabled.
>
> SOLUTION:
> Update to the latest version (please see the vendor's advisory for
> details).
>
> PROVIDED AND/OR DISCOVERED BY:
> 1) Reported by the vendor.
> 2) Reported by the vendor.
> 3) Arnaud Ebalard, EADS Corporate Research Center.
>
> ORIGINAL ADVISORY:
> Cisco Systems:
> http://www.cisco.com/warp/public/707/cisco-sa-20070124-bundle.shtml
> http://www.cisco.com/warp/public/707/cisco-sa-20070124-crafted
> -ip-option.shtml
> http://www.cisco.com/warp/public/707/cisco-sa-20070124-crafted
> -tcp.shtml
> http://www.cisco.com/warp/public/707/cisco-sa-20070124-IOS-IPv6.shtml
>