Cisco Local Interface ARP Denial of Service Vulnerability

IOS is the Internetwork Operating System, distributed by Cisco Systems.

A problem in the operating system has been discovered that could lead to a user on a system local to the router denying service all network users. The problem is in the handling of multiple ARP requests. When multiple ARP requests are received by the router, it makes an entry for it's own MAC address as the received address. It discontinues all other ARP entries afterwards.

This makes it possible for a user on a network local to the router to deny service to users on all sides of the router.

This vulnerability affects the following Cisco systems:

Cisco routers in the AGS/MGS/CGS/AGS+, IGS, RSM, 800, ubr900, 1000, 1400, 1500, 1600, 1700, 2500, 2600, 3000, 3600, 3800, 4000, 4500, 4700, AS5200, AS5300, AS5800, 6400, 7000, 7200, ubr7200, 7500, and 12000 series.

Most recent versions of the LS1010 ATM switch.

The Catalyst 6000.

The Catalyst 2900XL LAN switch.

The Catalyst 1900, 2800, 2900, 3000, and 5000 series LAN switches are affected.

The Cisco DistributedDirector.


Privacy Statement
Copyright 2010, SecurityFocus