Bad error message handling has opened up Cisco’s IOS-XE versions prior to 3.13S to a remote denial-of-service (DoS) attack.
The company’s threat advisory hints that the exploit was brought to Cisco’s attention by an independent researcher, since it states that “functional exploit code exists; however, the code is not known to be publicly available.”
IOS XE is a Linux daemon version of the Borg’s operating system that abstracts routing functions away from platform-specific interfaces.
The problem Cisco has now patched deals with how the daemon triggers error messages for packets it can’t reassemble. “When an affected device fails to successfully perform reassembly, instead of silently dropping the fragments, the ATTN-3-SYNC_TIMEOUT error message may be triggered,” it explains.
view the full story here