21 C
London
Thursday, August 17, 2017
Home Tags Unicast

Tag: Unicast

Multiple Cisco products are affected by a vulnerability involving the Open Shortest Path First (OSPF) Routing Protocol Link State Advertisement (LSA) database.

This vulnerability could allow an unauthenticated, remote attacker to t...
mDNSResponder contains multiple memory-based vulnerabilities Original Release date: 20 Jun 2016 | Last revised: 20 Jun 2016 Overview mDNSResponder provides unicast and multicast mDNS services on UNIX-like operating systems such as OS X. mDNSResponder version 379.27 and above prior to version 625.41.2 is vulnerable to several buffer overflow vulnerabilities, as well as a null pointer dereference. Description CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') - CVE-2015-7987 Improper bounds checking in "GetValueForIPv4Addr()", "GetValueForMACAddr()", "rfc3110_import()", and "CopyNSEC3ResourceRecord()" functions may allow an attacker to read or write memory.CWE-476: NULL Pointer Dereference - CVE-2015-7988Improper input validation in "handle_regservice_request()" may allow an attacker to execute arbitrary code or cause a denial of service.Apple has also issued a security advisory for these issues.mDNSResponder-379.27 and later before mDNSResponder-625.41.2 are vulnerable to both issues.

The CVSS score below is based on CVE-2015-7987. Impact A remote attacker may be able to execute arbitrary code or cause a denial of service on the system running mDNSResponder. Solution Apply an updatemDNSResponder 625.41.2 has been released to address these issues.

Affected users should update as soon as possible. Vendor Information (Learn More) Vendor Status Date Notified Date Updated Android Open Source Project Affected 03 Nov 2015 27 Jan 2016 Apple Affected 16 Oct 2015 23 Oct 2015 Arista Networks, Inc. Not Affected 22 Jan 2016 15 Feb 2016 CoreOS Not Affected 22 Jan 2016 25 Jan 2016 Debian GNU/Linux Not Affected 23 Oct 2015 23 Oct 2015 Fedora Project Not Affected 23 Oct 2015 22 Jan 2016 Infoblox Not Affected 22 Jan 2016 25 Jan 2016 Intel Corporation Not Affected 22 Jan 2016 25 Jan 2016 Red Hat, Inc. Not Affected 23 Oct 2015 22 Jan 2016 ACCESS Unknown 21 Mar 2016 21 Mar 2016 Alcatel-Lucent Unknown 21 Mar 2016 21 Mar 2016 Arch Linux Unknown 23 Oct 2015 23 Oct 2015 Aruba Networks Unknown 21 Mar 2016 21 Mar 2016 AT&T Unknown 21 Mar 2016 21 Mar 2016 Avaya, Inc. Unknown 22 Jan 2016 22 Jan 2016 If you are a vendor and your product is affected, let us know.View More »CVSS Metrics (Learn More) Group Score Vector Base 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Temporal 5.3 E:POC/RL:OF/RC:C Environmental 4.0 CDP:ND/TD:M/CR:ND/IR:ND/AR:ND References Credit Thanks to Apple for reporting this issue to us and working with us to coordinate the fix with vendors. This document was written by Garret Wassermann. Other Information CVE IDs: CVE-2015-7987 CVE-2015-7988 Date Public: 20 Jun 2016 Date First Published: 20 Jun 2016 Date Last Updated: 20 Jun 2016 Document Revision: 82 Feedback If you have feedback, comments, or additional information about this vulnerability, please send us email.
Cisco has confirmed that Cisco IOS XR Software, Cisco IOS Software, Cisco IOS XE Software, Cisco NX-OS Software, Cisco ASA Software, and Cisco StarOS Software are affected by the vulnerability described in this advisory.Note: Affected devices that are configured with a global IPv6 address on at least one interface and are processing traffic can be exploited by a remote attacker.

Affected devices that are configured with only a link-local address on interfaces and are processing IPv6 traffic can be exploited with crafted packets only by a Layer 2 adjacent attacker.For information about which software releases are affected, see the "Fixed Software" section of this advisory.Cisco IOS XR SoftwareThe following Cisco products are affected by this vulnerability if they are running an affected release of Cisco IOS XR Software and IPv6 is enabled on one or more interfaces:Cisco 12000 Series Routers Cisco ASR 9000 Series Aggregation Services Routers Cisco Carrier Routing System Cisco Network Convergence System 4000 Series Cisco Network Convergence System 6000 Series Routers All types of line cards on those platforms are affected by this vulnerability.If a device is running an affected release of Cisco IOS XR Software and IPv6 is enabled, administrators can identify interfaces that have assigned IPv6 addresses by using the show ipv6 interface brief command in the command-line interface (CLI).

The following example shows the output of the command on a device that is running Cisco IOS XR Software with IPv6 enabled: RP/0/RP0/CPU0:router# show ipv6 interface brief<!output omitted> GigabitEthernet0/2/0/0 [Up/Up]fe80::212:daff:fe62:c150 202::1 In addition, if IPv6 is enabled, the ipv6 enable interface configuration command is present in the configuration.

The following example shows the output of a vulnerable configuration: RP/0/RP0/CPU0:router(config)# interface GigabitEthernet0/2/0/0 RP/0/RP0/CPU0:router(config-if)# ipv6 enable If IPv6 is not supported by the Cisco IOS XR Software release that is running on a device, use of the show ipv6 interface brief command produces an error message.
If IPv6 is not enabled on the device, use of the show ipv6 interface brief command does not show any interfaces with IPv6 addresses.
In either scenario, the device is not affected by this vulnerability.Cisco IOS Software Cisco products are affected by this vulnerability if they are running an affected release of Cisco IOS Software and IPv6 is enabled on one or more interfaces. By default, IPv6 is not enabled.To determine whether IPv6 is enabled on one or more interfaces, administrators can use the show running-config | include ipv6.(enable|address) privileged EXEC command in the CLI.
If IPv6 is enabled, ipv6 enable and ipv6 address appear in the output of the command.The following example shows the output of the show running-config | include ipv6.(enable|address) command on a device that is running Cisco IOS XE Software with IPv6 configured: Router# show running-config | include ipv6.(enable|address) ipv6 enable ipv6 address dhcp rapid-commitipv6 address autoconfig ipv6 address MANAGEMENT ::1FFF:0:0:0:3560/128ipv6 address 2001:DB8::1/64 Cisco IOS XE SoftwareThe following Cisco products are affected by this vulnerability if they are running an affected release of Cisco IOS XE Software and IPv6 is enabled on one or more interfaces that process traffic:Cisco 4300 Series Integrated Services Routers Cisco 4400 Series Integrated Services Routers Cisco ASR 900 Series Aggregation Services Routers Cisco ASR 1000 Series Aggregation Services Routers Cisco Cloud Services Router 1000V Series Switches running Cisco IOS XE Software By default, IPv6 is not enabled.This vulnerability does not depend on any specific combination of Embedded Services Processor (ESP) and Route Processor (RP) installations on the chassis.

Any combination of ESP and RP chassis installations is affected by this vulnerability.To determine whether IPv6 is enabled on one or more interfaces, administrators can use the show running-config | include ipv6.(enable|address) privileged EXEC command in the CLI.
If IPv6 is enabled, ipv6 enable or ipv6 address appear in the output of the command.The following example shows the output of the show running-config | include ipv6.(enable|address) command on a device that is running Cisco IOS XE Software with IPv6 configured: Router# show running-config | include ipv6.(enable|address) ipv6 enable ipv6 address dhcp rapid-commitipv6 address autoconfig ipv6 address MANAGEMENT ::1FFF:0:0:0:3560/128ipv6 address 2001:DB8::1/64 Cisco NX-OS SoftwareAll Cisco products running Cisco NX-OS Software are affected by this vulnerability if IPv6 is enabled on one or more interfaces that process traffic.

By default, IPv6 is not enabled.To determine whether IPv6 is enabled on one or more interfaces, administrators can use the show running-config | include ipv6.address privileged EXEC command in the CLI.
If IPv6 is enabled, ipv6 address appears in the output of the command.The following example shows the output of the show running-config | include ipv6.address command on a device that is running Cisco NX-OS Software with IPv6 enabled: Router# show running-config | include ipv6.address ipv6 address 2001:DB8::1/64 Cisco ASA SoftwareIPv6 is not enabled by default.

To enable IPv6 on a Cisco ASA or Cisco ASASM, at a minimum a link-local address needs to be configured for IPv6 to operate correctly.
If a global address is configured, a link-local address is automatically configured on each interface. To verify that the Cisco ASA or Cisco ASASM has IPv6 enabled, administrators can use the show ipv6 interface command in the CLI and confirm that the command returns output.

The following example shows a Cisco ASA that has two interfaces (inside and outside) configured and IPv6 enabled: ciscoasa# show ipv6 interface outside is up, line protocol is up IPv6 is enabled, link-local address is fe80::219:2fff:fe83:4f42 No global unicast address is configured Joined group address(es): ff02::1 ff02::1:ff83:4f42 ICMP error messages limited to one every 100 milliseconds ICMP redirects are enabled ND DAD is enabled, number of DAD attempts: 1 ND reachable time is 30000 milliseconds ND advertised retransmit interval is 1000 milliseconds Hosts use stateless autoconfig for addresses. inside is up, line protocol is up IPv6 is enabled, link-local address is fe80::219:2fff:fe83:4f43 No global unicast address is configured Joined group address(es): ff02::1 ff02::1:ff83:4f43 ICMP error messages limited to one every 100 milliseconds ICMP redirects are enabled ND DAD is enabled, number of DAD attempts: 1 ND reachable time is 30000 milliseconds ND advertised retransmit interval is 1000 milliseconds Hosts use stateless autoconfig for addresses. Cisco StarOS SoftwareCisco ASR 5000 Series devices running Cisco StarOS Software are affected by this vulnerability if IPv6 is enabled on one or more interfaces that process traffic.

By default, IPv6 is not enabled.To determine whether IPv6 is enabled on one or more interfaces, administrators can use the show ipv6 interface summary privileged EXEC command in the CLI.
If IPv6 is enabled, an IPv6 address appears in the output of the command.The following example shows the output of the show ipv6 interface summary command on a device that is running Cisco StarOS Software with IPv6 enabled: [local]router# show ipv6 interface summary Friday February 21 09:00:07 UTC 2014Interface Name Address/Mask Port Status============================== =================== ================== ======int1_test_v6 2001:db8::1/64 20/1 vlan 122 UPint2_test_v6 2001:db8::2/64 21/1 vlan 122 UPint3_test_v6 2001:db8::3/64 22/1 vlan 122 UPint4_test_v6 2001:db8::4/64 23/1 vlan 130 UP Determining the Cisco IOS XR Software ReleaseTo determine which Cisco IOS XR Software release is running on a device and the name of the device on which it is running, administrators can log in to the device and use the show version command in the CLI.
If the device is running Cisco IOS XR Software, Cisco IOS XR Software or similar text appears in the system banner.

The location and name of the system image file that is currently running on the device appears next to the System image file is text.

The name of the hardware product appears on the line after the name of the system image file.The following example shows the output of the show version command on a device that is running Cisco IOS XR Software Release 4.1.0 with an installed image name of mbihfr-rp.vm: RP/0/RP0/CPU0:router# show version Mon May 31 02:14:12.722 DSTCisco IOS XR Software, Version 4.1.0Copyright (c) 2010 by Cisco Systems, Inc.ROM: System Bootstrap, Version 2.100(20100129:213223) [CRS-1 ROMMON], router uptime is 1 week, 6 days, 4 hours, 22 minutesSystem image file is "bootflash:disk0/hfr-os-mbi-4.1.0/mbihfr-rp.vm"cisco CRS-8/S (7457) processor with 4194304K bytes of memory.7457 processor at 1197Mhz, Revision 1.2 Determining the Cisco IOS Software ReleaseTo determine which Cisco IOS Software release is running on a Cisco product, administrators can log in to the device, use the show version command in the CLI, and then refer to the system banner that appears.
If the device is running Cisco IOS Software, the system banner displays text similar to Cisco Internetwork Operating System Software or Cisco IOS Software.

The image name appears in parentheses followed by the Cisco IOS Software release number and release name.
Some Cisco devices do not support the show version command or may provide different output.The following example identifies a Cisco product that is running Cisco IOS Software Release 15.5(2)T1 with an installed image name of C2951-UNIVERSALK9-M: Router> show version Cisco IOS Software, C2951 Software (C2951-UNIVERSALK9-M), Version 15.5(2)T1, RELEASE SOFTWARE (fc1)Technical Support: http://www.cisco.com/techsupportCopyright (c) 1986-2015 by Cisco Systems, Inc.Compiled Mon 22-Jun-15 09:32 by prod_rel_team... Determining the Cisco IOS XE Software ReleaseTo determine which Cisco IOS XE Software release is running on a device, administrators can log in to the device and use the show version command in the CLI.
If the device is running Cisco IOS XE Software, Cisco IOS XE Software or similar text appears in the system banner. The following example shows the output of the show version command on a device that is running Cisco IOS XE Software Release 3.6.2S, which maps to Cisco IOS Software Release 15.2(2)S2:  Router# show version Cisco IOS Software, IOS-XE Software (PPC_LINUX_IOSD-ADVENTERPRISEK9-M), Version 15.2(2)S2, RELEASE SOFTWARE (fc1)Technical Support: http://www.cisco.com/techsupportCopyright (c) 1986-2012 by Cisco Systems, Inc.Compiled Tue 07-Aug-12 13:40 by mcpre Determining the Cisco NX-OS Software ReleaseTo determine which Cisco NX-OS Software release is running on a device, administrators can log in to the device and use the show version command in the CLI.
If the device is running Cisco NX-OS Software, Cisco Nexus Operating System (NX-OS) Software or similar text appears in the system banner.The following example shows the output of the show version command for a Cisco Nexus 5000 Series Switch running Cisco NX-OS Software Release 7.1(1)N1(1):  # show versionCisco Nexus Operating System (NX-OS) SoftwareTAC support: http://www.cisco.com/tacDocuments: http://www.cisco.com/en/US/products/ps9372/tsd_products_support_series_home.htmlCopyright (c) 2002-2012, Cisco Systems, Inc.

All rights reserved.The copyrights to certain works contained herein are owned byother third parties and are used and distributed under license.Some parts of this software are covered under the GNU PublicLicense.

A copy of the license is available athttp://www.gnu.org/licenses/gpl.html.SoftwareBIOS: version 3.6.0loader: version N/Akickstart: version 7.1(1)N1(1)system: version 7.1(1)N1(1) Determining the Cisco ASA Software ReleaseTo determine whether a vulnerable version of Cisco ASA Software is running on an appliance, administrators can issue the show version command.

The following example shows a device running Cisco ASA Software Release 8.4(1): ciscoasa#show version | include VersionCisco Adaptive Security Appliance Software Version 8.4(1) Device Manager Version 6.4(1) Customers who use Cisco ASDM to manage devices can locate the software release in the table that appears in the login window or the upper-left corner of the Cisco ASDM window.Determining the Cisco StarOS Software ReleaseTo determine which Cisco StarOS Software release is running on a Cisco product, administrators can log in to the device, use the show version command in the CLI, and then refer to the system banner that appears. Each software image can be identified by its release version and its corresponding build number. The following example identifies a Cisco product that is running Cisco StarOS Software Release 15.0 (49328): [local<host_name># show versionActive Software:Image Version: 15.0 (49328)Image Branch Version: 015.000(001)Image Description: Production_BuildImage Date: Tue Apr 23 00:45:12 EDT 2013Boot Image: Unknown
Multiple Cisco products are affected by a vulnerability involving the Open Shortest Path First (OSPF) Routing Protocol Link State Advertisement (LSA) database.

This vulnerability could allow an unauthenticated attacker to take full...