-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: CERT-EU Security Advisory 2012-0093 Title: Cisco IOS SSH2 Sessions Remote Denial of Service Vulnerability [1] Version history: 09.08.2012 Initial publication Summary ======= Cisco IOS is prone to a remote denial-of-service vulnerability. Successfully exploiting this issue allows remote attackers to crash the affected device, denying service to legitimate users. CVE-2012-1367 CVSS v2 Base Score:5.0 (MEDIUM) (AV:N/AC:L/Au:N/C:N/I:N/A:P) [2,3] Vulnerable systems ================== Cisco Ios 15.1 Cisco IOS 15.0 M Cisco IOS 12.2 Cisco IOS 12.0 (33)S Original Details ================ The MallocLite implementation in Cisco IOS 12.0, 12.2, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (Route Processor crash) via a BGP UPDATE message with a modified local- preference (aka LOCAL_PREF) attribute length, aka Bug ID CSCtq06538. [2] What can you do? ================ This issue is being tracked by Cisco Bug ID CSCtq06538. Vendor updates are available [1] What to tell your users? ======================== N/A More information ================ [1]http://www.securityfocus.com/bid/54830/discuss [2]http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1367 [3]Information about CVSS: http://www.first.org/cvss/cvss-guide.html Best regards, CERT-EU Pre-configuration Team (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 Privacy Statement: http://cert.europa.eu/cert/plainedition/en/cert_privacy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBAgAGBQJQI23eAAoJEMQ9UMldbd3zNfkQAIOhKBRvEGs/S0onBAZVsPWS a3k6QcqLFA8D5xRRdM7h+Y6bzsb7UgvXgOlLg9pWnBjxKb4OvFO//n/nyaj9AS7A N3fBqTu13XsLJaONW/cCqADZNZaQfV4SUUSXebg5JsIMBtNPK6iSEbFuSpuqi7gS 03Zabv7Gi/+vxotsBI4mczP2dX5gqV58ModQnh6mIj6p0P6BB+sd9rPpEevPbNYz Q47Q6l6Bn+xyow0LT8YVEht69KfIQddewslVCX+nqtf66NfCrXcMQjTf+fEHbUH+ xCINZc4xf+XH6Jj0QWa1J0qFChaEdyTEsIvLlfNf8OVpT+pBMFL/gJxZNSX7gBps fG3Av3k9zgoYNbFC+lrwOOIYuRvxmjBgcWbV+Zb/k6Oju7g2zE8RnlfDTptQ++4F ifZLSeaz154IbHs6kj4iRtMfxal0++tsQuFfSORY4aoAZ9G9pcLKuNgtDdvY9Pqf CC4g4SShQdaEIpdz1DUyaq6B5AUau/NbKiSidWH4APO+XfOMISHWanQV0NB1Xf2p 311EmZEEfcTe8b+LS34kOE9063PJlqnYYNa+hHggh5Nvbh86EF/B3Jf8IFLJ83Br 2gYQC08Z0yoNQUWVNQuvZQHHpvefkV+eUPU5mDa4uRb0g+NM8+Ethf/ZKyFcXJUs 8L0ZA40/zoYHxp40Qgtw =m0mS -----END PGP SIGNATURE-----