Cisco IOS Cisco Express Forwarding Session Information Leakage Vulnerability

IOS is the Internet Operating System, used on Cisco routers. It is distributed and maintained by Cisco.

Under some circumstances, Cisco IOS may leak information from previously routed packets that are still in memory. When a packet sent to a router has a MAC layer packet length shorter than that specified in the IP layer length, the packet is padded by the router before being routed. The data used to pad the packet is taken from other packets previously routed that are still in the router's memory. It should be noted that this problem occurs only when Cisco Express Forwarding is enabled.


Privacy Statement
Copyright 2010, SecurityFocus