Cisco IOS fingerprint recognition ICMPv6 responds to request information leakage Vulnerability

Release date: 2011-10-27
Updated on: 2011-10-27

Affected Systems:
Cisco IOS 15.x
Unaffected system:
Cisco IOS 15.1 (4) M1.3
Description:
--------------------------------------------------------------------------------
Bugtraq id: 50379
Cve id: CVE-2011-2059

Cisco's Internet Operating System (IOS) is a complex operating system optimized for Internet interconnection. The data stream interaction function (DLSw) enables the transmission of ibm sna and network BIOS traffic over an IP network.

The Cisco IOS implementation has the information leakage vulnerability. The ICMPv6 Echo request packet contains the PadN option data in the HBH extension header 0x0c01050c, the IPv6 component in Cisco IOS allows remote attackers to perform fingerprint recognition attacks and obtain system sensitive information.

<* Source: Cisco

Link: http://blogs.cisco.com/security/1999tcp-redux-the-ipv6-flavor
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

Cisco
-----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://www.cisco.com/warp/public/707/advisory.html