{"vuid":"VU#810062","idnumber":"810062","name":"Cisco 6000/6500/7600 series systems fail to properly process layer 2 frames","keywords":["Cisco","MSFC2","layer 2 frames","layer 3 packets","FlexWAN","Optical Services Module","OSM","DoS","denial of service","CSCdy15598","CSCeb56052"],"overview":"Cisco 6000/6500/7600 series systems with Multilayer Switch Feature Card 2 (MSFC2) fail to properly process layer 2 frames.","clean_desc":"Cisco 6000/6500/7600 series systems with MSFC2 contain a vulnerability in the way layer 2 frames are processed in software. By sending a specially crafted layer 2 frame that is inconsistent with the length of the encapsulated layer 3 packet, an attacker could cause the system to freeze or reset. This vulnerability only affects systems with specific hardware/software configurations. According to the Cisco Advisory, the following systems are affected: Cisco 6000/6500/7600 series systems with MSFC2 and a FlexWAN or OSM module Cisco 6000/6500/7600 series systems with MSFC2 that are running 12.1(8b)E14 are affected even if they do not have a FlexWAN or OSM module. Note: Cisco 6000/6500/7600 series systems with a Supervisor 720 are not affected by this vulnerability. The Cisco Advisory also mentions that affected systems may be running native or hybrid code. Hybrid is a term used to refer to a configuration where CatOS is running on the Supervisor Engine and Cisco IOS is running on the MSFC. Native code is a term used to refer to a configuration where a single IOS image runs on both the Supervisor and the MSFC.","impact":"Exploitation of this vulnerability could cause a vulnerable system to freeze or reset resulting in a denial-of-service condition. In order to restore functionality, the system would have to be reset.","resolution":"Upgrade\nCisco has released an advisory \"Cisco 6000/6500/7600 Crafted Layer 2 Frame Vulnerability\" to address this issue. For information on upgrading, please refer to the \"Software Versions and Fixes\" section of the Cisco Advisory.","workarounds":"","sysaffected":"","thanks":"This vulnerability was reported by \nthe Cisco Systems Product Security Incident Response Team (\nPSIRT","author":"This document was written by Damon Morda.","public":["http://www.cisco.com/warp/public/707/cisco-sa-20040203-cat6k.shtml","http://www.cisco.com/en/US/products/hw/switches/ps708/index.html","http://www.cisco.com/en/US/products/hw/routers/ps368/index.html","http://www.cisco.com/warp/public/cc/pd/si/casi/ca6000/prodlit/msfc2_ds.htm","http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/introint.htm#xtocid5","http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a008015bfa6.shtml#subtopic1A","http://www.securityfocus.com/bid/9562","http://xforce.iss.net/xforce/xfdb/15013","http://www.secunia.com/advisories/10780/"],"cveids":["CVE-2004-0244"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2004-02-03T20:42:58Z","publicdate":"2004-02-03T00:00:00Z","datefirstpublished":"2004-03-30T17:07:14Z","dateupdated":"2004-04-05T20:41:56Z","revision":32,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"18","cam_population":"15","cam_impact":"8","cam_easeofexploitation":"14","cam_attackeraccessrequired":"6","cam_scorecurrent":"6.237","cam_scorecurrentwidelyknown":"7.182","cam_scorecurrentwidelyknownexploited":"10.962","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":6.237,"vulnote":null}