You are here

U-269: Cisco IOS Intrusion Prevention System DNS Processing Bug Lets Remote Users Deny Service

September 27, 2012 - 4:07am

Addthis

PROBLEM:

Cisco IOS Intrusion Prevention System DNS Processing Bug Lets Remote Users Deny Service

PLATFORM:

Devices configured with Cisco IOS IPS are affected

ABSTRACT:

A vulnerability was reported in Cisco IOS.

reference LINKS:

SecurityTracker Alert ID:  1027580
Cisco Security Advisory
CVE-2012-3950

IMPACT ASSESSMENT:

Medium

Discussion:

A vulnerability was reported in Cisco IOS. A remote user can cause denial of service conditions. A remote user can send specially crafted (but legitimate) DNS packets through the target device to cause the device to reload.

Impact:  

A remote user can execute arbitrary code on the target system.  A remote user can obtain potentially sensitive information.

Solution:

A patch matrix is available in the vendor's advisory.

 

Addthis