From: Sean C (upp_and_upp@hotmail.com)
Date: Fri Aug 10 2007 - 08:33:27 ART
Just curious. Received this IPv6 vulnerability report:
http://www.cisco.com/en/US/products/products_security_advisory09186a008089964
7.shtml
Cisco Security Advisory: Information Leakage Using IPv6 Routing Header in
Cisco IOS and Cisco IOS-XR
Summary: Cisco IOS and Cisco IOS XR contain a vulnerability when processing
specially crafted IPv6 packets with a Type 0 Routing Header present.
Exploitation of this vulnerability can lead to information leakage on affected
IOS and IOS XR devices...
Details: Successful exploitation of the vulnerability described in this
document may result in swapping memory between the destination IPv6 address in
the IPv6 packet header and 16 bytes from the packet buffer memory. Memory that
can be accessed through this vulnerability can not be further than 1500 bytes
from the packet header start
Impact: Successful exploitation of this vulnerability may result in the
swapping of memory between the destination IPv6 address field and packet
buffer memory. This can lead to the leakage of data from the buffer memory in
the form of an IPv6 destination address
So.... understanding that this could cause the packet to not be routed outside
the local network, and that: "Successful repeated exploitation of this
vulnerability may lead to a sustained denial of service (DoS) of all upper
layer services that use IPv6 as the transport protocol but not the whole
device."
What I'm trying to understand is what would be in the v6 packet after the
'swap' happened. Could the packet just have whatever was in the packet buffer
memory at that time? Would the info be in hex?
Just curious & thanks,
Sean
This archive was generated by hypermail 2.1.4 : Sat Sep 01 2007 - 11:32:10 ART