Cisco opublikowało informację o zagrożeniu dla modułu Firewall Services Module (FWSM) dla przełączników z serii Catalyst 6500 oraz routerów serii 7600. Biuletyn opisuje metodę zabezpieczenia się przed zalewem komunikatów ICMP, które skumulowane skutkują atakiem Denial Of Service. Poniżej skrót biuletynu:
The Cisco FWSM is a high-speed, integrated firewall module for Catalyst 6500 Series Switches and Cisco 7600 Series Routers. The FWSM offers firewall services with stateful packet filtering and deep packet inspection. A vulnerability exists in the Cisco FWSM Software that may cause the FWSM to stop forwarding traffic between interfaces, or stop processing traffic that is directed at the FWSM (management traffic) after multiple, crafted ICMP messages are processed by the FWSM. Any traffic that transits or is directed towards the FWSM is affected, regardless of whether ICMP inspection (inspect icmp command under Class configuration mode) is enabled. The FWSM stops processing traffic because one of the Network Processors (NPs) that is used by the FWSM to handle traffic may use all available execution threads while handling a specific type of crafted ICMP messages. This behavior limits the execution threads that are available to handle additional traffic. Administrators may be able to determine if the FWSM has been affected by this vulnerability by issuing the show np 2 stats command. If this command produces output showing various counters and their values, as shown in the example CLI output that follows, the FWSM has not been affected by the vulnerability. If the command returns a single line that reads “ERROR: np_logger_query request for FP Stats failed”, the FWSM may have been affected by the vulnerability…
Więcej informacji pod adresem: Cisco Security Advisory: Firewall Services Module Crafted ICMP Message Vulnerability
0 Comments.