Affected Systems:
Cisco IOS 15.x
Cisco IOS XE 3.x
Describe:
--------------------------------------------------------------------------------
Bugtraq id:70132
CVE (CAN) id:cve-2014-3357
Cisco IOS is the internetwork operating system used on most Cisco system routers and network switches.
Cisco iOS 15.0, 15.1, 15.2, 15.4, iOS XE 3.3.xSE, 3.3.xXO, 3.5.xE, 3.11.xS a remote denial of service vulnerability exists on the implementation that could allow an attacker to exploit this vulnerability through malformed MDNS packets to cause the affected device overloads.
<* Source: Cisco
Links: Http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-mdns
*>
Suggestions:
--------------------------------------------------------------------------------
Vendor Patches:
Cisco
-----
Cisco has released a security bulletin (CISCO-SA-20140924-MDNS) for this and a corresponding patch:
Cisco-sa-20140924-mdns:multiple Vulnerabilities in Cisco IOS software multicast Domain Name System
Links: Http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-mdns
Cisco iOS and iOS XE software multiple DNS denial of service Vulnerability-China cold dragon