-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: CERT-EU Security Advisory 2013-0072 Title: Cisco IOS XR Software Memory Exhaustion Vulnerability [1] Version history: 08.10.2013 Initial publication Summary ======= Cisco IOS XR Software version 4.3.1 contains a vulnerability that could result in complete packet memory exhaustion. Successful exploitation could render critical services on the affected device unable to allocate packets resulting in a denial of service (DoS) condition. CVE number: CVE-2013-5503 CVSS v2 Base Score:7.8 [2] Vulnerable systems ================== This vulnerability affects Cisco IOS XR Software version 4.3.1 installed on any supported hardware device. If a UDP listening service is enabled on the device, it is vulnerable. Typical configurations that use UDP services (and their default UDP port numbers) are as follows: Simple Network Management Protocol (SNMP) - UDP Ports 161 and 162 Network Time Protocol (NTP) - UDP port 123 Label Distribution Protocol (LDP) - UDP port 646 Syslog - UDP port 514 See [1] for details. Original Details [1] ================ A vulnerability in the UDP process of Cisco IOS XR Software version 4.3.1 could allow an unauthenticated, remote attacker to cause the UDP process to consume all available packet memory. The vulnerability is due to the failure of the device to release memory of allocated UDP packets when the packet queues are full. An attacker could exploit this vulnerability by potentially sending traffic to listening UDP services on the affected device. An exploit could allow the attacker to cause the device to exhaust all available memory, causing the device to be unable to allocate memory for packets sent to it. This vulnerability is triggered under certain conditions with either normal or malformed traffic directed at listening UDP services on the affected device. Transit traffic will not trigger this vulnerability. This vulnerability can be exploited using either IP version 4 (IPv4) or IP version 6 (IPv6) traffic. What can you do? ================ Cisco has released free software updates that address this vulnerability. [1] Workarounds that mitigate this vulnerability are available. [1] What to tell your users? ======================== N/A More information ================ [1] http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131002-iosxr [2] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5503 Best regards, CERT-EU Pre-configuration Team (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 Privacy Statement: http://cert.europa.eu/cert/plainedition/en/cert_privacy.html Reference: CERT-EU Security Advisory 2013-0072 Title: Cisco IOS XR Software Memory Exhaustion Vulnerability [1] Version history: 08.10.2013 Initial publication Summary ======= Cisco IOS XR Software version 4.3.1 contains a vulnerability that could result in complete packet memory exhaustion. Successful exploitation could render critical services on the affected device unable to allocate packets resulting in a denial of service (DoS) condition. CVE number: CVE-2013-5503 CVSS v2 Base Score:7.8 [2] Vulnerable systems ================== This vulnerability affects Cisco IOS XR Software version 4.3.1 installed on any supported hardware device. If a UDP listening service is enabled on the device, it is vulnerable. Typical configurations that use UDP services (and their default UDP port numbers) are as follows: Simple Network Management Protocol (SNMP) - UDP Ports 161 and 162 Network Time Protocol (NTP) - UDP port 123 Label Distribution Protocol (LDP) - UDP port 646 Syslog - UDP port 514 See [1] for details. Original Details [1] ================ A vulnerability in the UDP process of Cisco IOS XR Software version 4.3.1 could allow an unauthenticated, remote attacker to cause the UDP process to consume all available packet memory. The vulnerability is due to the failure of the device to release memory of allocated UDP packets when the packet queues are full. An attacker could exploit this vulnerability by potentially sending traffic to listening UDP services on the affected device. An exploit could allow the attacker to cause the device to exhaust all available memory, causing the device to be unable to allocate memory for packets sent to it. This vulnerability is triggered under certain conditions with either normal or malformed traffic directed at listening UDP services on the affected device. Transit traffic will not trigger this vulnerability. This vulnerability can be exploited using either IP version 4 (IPv4) or IP version 6 (IPv6) traffic. What can you do? ================ Cisco has released free software updates that address this vulnerability. [1] Workarounds that mitigate this vulnerability are available. [1] What to tell your users? ======================== N/A More information ================ [1] http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131002-iosxr [2] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5503 Best regards, CERT-EU Pre-configuration Team (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 Privacy Statement: http://cert.europa.eu/cert/plainedition/en/cert_privacy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBAgAGBQJSU9ZEAAoJEPpzpNLI8SVoKikP/0zy7nrdqU+J2ki7ZR+yNzD1 SZmX/Ek+iJzSpVkJrXO8MMD3jHvCfQu+O08TCvA4EZeR1TyfIbjERvUGEgnAgAfP N7MArv546f7tDXmcq6bcsDtLEzqYDvEYF37UBmWP9UzjFPu1AeHHLI8HmbKxl6Ec YYJWSPlH1kldv9P3LnVx8aR+iVeQlFSeyUK75SVhxSh2xgNGFy7a0i0mEs0XUe/c FbvRPQ4UVvuGBq6+qlCgnNt5d6b4VbxVGAaRrO9NNwRvpvhK4N9aDJZjctzxgAHZ yMG0IPi7AVACWrCEjD0723TXVMtmFqiGM2xldLAzRvQGe5/5JeA0I37iCsbKT24Y JQqebjzZGXoNHCy9drOtG5VXoy/MzPwhK0ftFiuJ/AstmOY8Y8rTv/AeiOF0HPdo cIpBBilh+A8FwuI924Hy37NDuwjGvwlBOo07CopN8hl5voNCZXoQ8i/7u1BgMj6/ f9f/VG3GWrU5GRtSZohGRh9D2nW6JcD9Uf/U6qGMC25CCecw3KFiexOkJSm9zSpU NVqd1q55dT+wMSgNojhmFu2NY3wEh8K3eY2qFnTOvQ698D39egc/Hp/f4WJ5QPID ptY4myAwXcjxPtXZ1JmMF1BsmCPtwOf5cNLefSSSU2m26bVG51ClsOwltqFu9ByC 9+Bf5gvH0s3ZBtDFjXdh =QIZS -----END PGP SIGNATURE-----