[security-alerts] FW: [SA19740] Cisco IOS XR MPLS Denial of Service Vulnerabilities

["Kazennov, Vladimir" <Vladimir.Kazennov@xxxxxxxxxx>]

> 
> 
> TITLE:
> Cisco IOS XR MPLS Denial of Service Vulnerabilities
> 
> SECUNIA ADVISORY ID:
> SA19740
> 
> VERIFY ADVISORY:
> http://secunia.com/advisories/19740/
> 
> CRITICAL:
> Less critical
> 
> IMPACT:
> DoS
> 
> WHERE:
> From local network
> 
> OPERATING SYSTEM:
> Cisco IOS XR 3.x
> http://secunia.com/product/4907/
> 
> DESCRIPTION:
> Three vulnerabilities have been reported in Cisco IOS XR, which can
> be exploited by malicious people to cause a DoS (Denial of Service).
> 
> All three vulnerabilities are caused due to unspecified errors within
> the processing of MPLS (Multi Protocol Label Switching) packets. This
> can be exploited via specially crafted MPLS packets to restart the
> NetIO process, which causes a Modular Services Card on a Cisco
> Carrier Routing System 1 (CRS-1) or a Line Card on a Cisco 12000
> series router to reload.
> 
> Successful exploitation requires that MPLS has been configured on the
> network device.
> 
> SOLUTION:
> Apply patches (see patch matrix in vendor advisory).
> 
> PROVIDED AND/OR DISCOVERED BY:
> Reported by the vendor.
> 
> ORIGINAL ADVISORY:
> Cisco:
> http://www.cisco.com/warp/public/707/cisco-sa-20060419-xr.shtml
>