Cisco Security Advisory: Cisco IOS Software and IOS XE Software TCP Packet Memory Leak Vulnerability
Cisco Systems Product Security Incident Response Team
psirt at cisco.com
Wed Mar 25 16:04:40 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Cisco IOS Software and IOS XE Software TCP Packet Memory Leak Vulnerability
Advisory ID: cisco-sa-20150325-tcpleak
For Public Release 2015 March 25 16:00 UTC (GMT)
A vulnerability in the TCP input module of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak and eventual reload of the affected device.
The vulnerability is due to improper handling of certain crafted packet sequences used in establishing a TCP three-way handshake. An attacker could exploit this vulnerability by sending a crafted sequence of TCP packets while establishing a three-way handshake. A successful exploit could allow the attacker to cause a memory leak and eventual reload of the affected device.
Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.
This advisory is available at the following link:
Note: The March 25, 2015, Cisco IOS & XE Software Security Advisory bundled publication includes seven Cisco Security Advisories. The advisories address vulnerabilities in Cisco IOS Software and Cisco IOS XE Software. Individual publication links are in Cisco Event Response: Semiannual Cisco IOS & XE Software Security Advisory Bundled Publication at the following link:
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
-----END PGP SIGNATURE-----
More information about the NANOG