[SANOG] Cisco Security Advisory: Cisco IOS and IOS XE Software DNS Forwarder Denial of Service Vulnerability

Cisco Systems Product Security Incident Response Team psirt at cisco.com
Wed Sep 28 16:23:36 UTC 2016


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Cisco Security Advisory: Cisco IOS and IOS XE Software DNS Forwarder Denial of Service Vulnerability

Advisory ID:  cisco-sa-20160928-dns

Revision: 1.0

For Public Release: 2016 September 28 16:00  GMT

+------------------------------------------------------------------------------

Summary
=======

A vulnerability in the DNS forwarder functionality of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload, corrupt the information present in the device's local DNS cache, or read part of the process memory.

The vulnerability is due to a flaw in handling crafted DNS response messages. An attacker could exploit this vulnerability by intercepting and crafting a DNS response message to a client DNS query that was forwarded from the affected device to a DNS server. A successful exploit could cause the device to reload, resulting in a denial of service (DoS) condition or corruption of the local DNS cache information.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. 

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-dns

This advisory is part of the September 28, 2016, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 10 Cisco Security Advisories that describe 11 vulnerabilities. All the vulnerabilities have a Security Impact Rating of High. For a complete list of the advisories and links to them, see Cisco Event Response: September 2016 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication.

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJX6vssAAoJEK89gD3EAJB5XWkP/itLASjeD40VVxzeX2jqUoV2
mk3NvhsP17XepKKjtLcITjTxLfVl7Dfwj3sThdqZ8AcE0bNnP01Wu611pc/+LoE9
Glp82vHWQML/0SrcD2dLzr5k9VamHzah9cb/ueF1Dh7FhS8geQp5/AqlpHwEgoS2
7HDjr5n7Sxy4+aJpt+hYkl+2A3WN8FhvEnZmRPfajOowTX7d/M5ywada+Pi/A4D2
xuV5DTRxO+ujzcCEF4mKE0X6wI5LsC51F4p8fxSgsOEugxmYAhAcw2yCTei6OmGx
Nagx4xSjlgGV39cJTxRF9Xpgeyw/fbsFPJrcsDXUzByRTHuRvlj7Z7haazn9VtRV
kx82+ajlhPW3b63PEvoZ6NyiiEkqxaEtIDANq8MHHCptfx7W3VIP9qfx8bUF2cQb
341IhmWkHBhtQHbl8h7IABrjhNSti87njPG/hopkOfqmBr9nEHPLlaPUcKpNd9AJ
7OaRh+yPiHMMGitUokwHTFS5QrmBdTUsEGqqUEZvpz6hY3I8mNTndcXJKiNZUT2n
9Jj+5hOfLej4yJo4F8z/iIo2qI55KMRMAiqsJMVnfj9xilyczkOW6IeXdvRVUXx5
S+94kX0CRhAjpY5OZPHDz+V1JCPIuOhhhWlRcw8khpBeojKhtSW7hzPsv+Pr5tvp
UlQQldBmKnA3nehuvIEF
=4+3s
-----END PGP SIGNATURE-----


More information about the sanog mailing list