Cisco Security Advisory: Cisco IOS Software and IOS XE Software TCP Packet Memory Leak Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco IOS Software and IOS XE Software TCP Packet Memory Leak Vulnerability Advisory ID: cisco-sa-20150325-tcpleak Revision 1.0 For Public Release 2015 March 25 16:00 UTC (GMT) Summary ======= A vulnerability in the TCP input module of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak and eventual reload of the affected device. The vulnerability is due to improper handling of certain crafted packet sequences used in establishing a TCP three-way handshake. An attacker could exploit this vulnerability by sending a crafted sequence of TCP packets while establishing a three-way handshake. A successful exploit could allow the attacker to cause a memory leak and eventual reload of the affected device. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-s... Note: The March 25, 2015, Cisco IOS & XE Software Security Advisory bundled publication includes seven Cisco Security Advisories. The advisories address vulnerabilities in Cisco IOS Software and Cisco IOS XE Software. Individual publication links are in Cisco Event Response: Semiannual Cisco IOS & XE Software Security Advisory Bundled Publication at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar15.html -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJVEg3FAAoJEIpI1I6i1Mx3s7EP/35lG2sxSOAqj5WWow1L0VbB eCYn6sQTavKyg5pXtFKUyUfF8AUHPrySGpcjy77+s+4uDNswIAXplYQrr8r8OifE xJ8OzuvCXOgvyQEAc8H6l7zLLYOkBv6cFAyYPepl0tPac15iOqX6Xv8l2+gnvi6p puKJYc/81bYmqeE0qRvPDzT9rWiccp1pbWUqUu1ZX31zJ86e/mERHFWOTOBA/qC3 Xd/36ljl4sTR8IPOE7Zoq8jfedlc9Bg3cz7aBrFgx8M9jB/V47MPe6eyfLKHHAEI oXPUu8uJBQsrnYa9/MbN3/wmI9weq3mGhaaStmV9JL0oYn/4gsgY+r4f9euXDMqW b/kIkHxtYHrShckox708oHCjCCTdKiTJcGy+GgTagq49c+A7UCzc8XEwgCOyFFbL 5E2AZ6PJUyUEfbPWhPlCj9H/t3G8mfcmH/FZLpwbEGTtfBCb5b1WRdXd0ARqJqD3 ZXy7M9gKGlifenvs9s9rElO+GuIVvmaAZ2anHgH7aLXCxoc7mIQfTxcjV9whXfD2 TBwHhsR7FMrgtqWbBokq/aNrs/ull9RXsubVFLSToj1BAuJlZpyvjbzQw10bPm5b ZL80JvOffzmf2711jIJCoOiVHGdO/jvb518JMY4XoPyBBKSxtTYpKdKXfBQjQgIv L3q5mEH18S0YiHC8yQAz =W7nK -----END PGP SIGNATURE-----
participants (1)
-
Cisco Systems Product Security Incident Response Team