发布时间 :2002-12-31 00:00:00
修订时间 :2008-09-05 16:32:54

[原文]Cisco IOS 11.2.x and 12.0.x does not limit the size of its redirect table, which allows remote attackers to cause a denial of service (memory consumption) via spoofed ICMP redirect packets to the router.

[CNNVD]Cisco IOS ICMP重定向服务拒绝漏洞(CNNVD-200212-654)

        Cisco IOS 11.2.x和12.0.x不限制重定向表的大小。远程攻击者借助欺骗的ICMP重定向数据包到路由器导致服务拒绝(内存消耗)。

- CVSS (基础分值)

CVSS分值: 7.8 [严重(HIGH)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:cisco:ios:11.3Cisco IOS 11.3
cpe:/o:cisco:ios:11.0Cisco IOS 11.0
cpe:/o:cisco:ios:12.0Cisco IOS 12.0
cpe:/o:cisco:ios:11.1Cisco IOS 11.1

- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  BID  4786
(UNKNOWN)  XF  cisco-ios-icmp-redirect-dos(9129)
(UNKNOWN)  BUGTRAQ  20020521 Cisco IOS ICMP redirect DoS - Cisco's response
(UNKNOWN)  BUGTRAQ  20020521 Cisco IOS ICMP redirect DoS

- 漏洞信息

Cisco IOS ICMP重定向服务拒绝漏洞
高危 其他
2002-12-31 00:00:00 2002-12-31 00:00:00
        Cisco IOS 11.2.x和12.0.x不限制重定向表的大小。远程攻击者借助欺骗的ICMP重定向数据包到路由器导致服务拒绝(内存消耗)。

- 公告与补丁

        The vendor has stated that fixes are forthcoming.

- 漏洞信息 (21465)

Cisco IOS 11.x/12.0 ICMP Redirect Denial Of Service Vulnerability (EDBID:21465)
hardware dos
2002-05-21 Verified
0 FX
N/A [点击下载]

IOS is the Internet Operating System, used on Cisco routers. It is distributed and maintained by Cisco.

It has been reported that it is possible to cause a denial of service in some Cisco routers by sending a large amount of spoofed ICMP redirect messages.

This vulnerability has been assigned Cisco bug ID CSCdx32056.

The following products are known to be affected:

Cisco 1005 running IOS 11.0(18)
Cisco 1603 running IOS 11.3(11b)
Cisco 1603 running IOS 12.0(3)
Cisco 2503 running IOS 11.0(22a)
Cisco 2503 running IOS 11.1(24a) 

To generate random ICMP redirect messages, a sender tool is available
at, which has to be
linked with the IRPAS packet library.

linuxbox# cd /where/irpas/is
linuxbox# make libpackets.a
linuxbox# gcc -o icmp_redflod -I. -L. icmp_redflod.c -lpackets
linuxbox# ./icmp_redflod -i eth0 -D <destination_ip> -G <fake_gateway>

On high bandwidth networks, the command line switch -w0 can be used to increase the sending rate. 		

- 漏洞信息

Cisco IOS Spoofed ICMP Redirect Packet Remote DoS
Remote / Network Access Denial of Service
Loss of Availability
Vendor Verified

- 漏洞描述

- 时间线

2002-05-21 Unknow
Unknow Unknow

- 解决方案


Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete