安全研究
安全漏洞
Cisco IOS IGMPv3报文处理拒绝服务漏洞
发布日期:2010-09-23
更新日期:2010-09-26
受影响系统:
Cisco IOS 15.0描述:
Cisco IOS 12.4
Cisco IOS 12.3
Cisco IOS 12.2
Cisco IOS XE 2.5.x
CVE ID: CVE-2010-2830
Cisco IOS是Cisco网络设备上所使用的互联网操作系统。
畸形的IGMP报文可能导致有漏洞的设备重载。仅在启用了IGMP 3和PIM的接口上接收到了畸形IGMP报文的情况下才可以利用这个漏洞。畸形的IGMP报文目标地址可以为单播、多播或广播,可发给有漏洞设备上的任意IP地址,包括回环地址。
如果要利用这个漏洞,必须在有漏洞设备上接收到畸形报文,但可发送给设备上的任意地址。
中间通讯无法触发这个漏洞。
<*来源:Cisco
链接:http://secunia.com/advisories/41551/
http://www.cisco.com/warp/public/707/cisco-sa-20100922-igmp.shtml
*>
建议:
临时解决方法:
* 不需要SSM功能的客户可使用IGMP v2作为临时解决方案。
interface GigabitEthernet0/0
ip address 192.168.0.1 255.255.255.0
ip pim sparse-mode
ip igmp version 2
* 应用以下控制面整形
!
!-- The following access list is used
!-- to determine what traffic needs to be dropped by a control plane
!-- policy (the CoPP feature.) If the access list matches (permit),
!-- then traffic will be dropped. If the access list does not
!-- match (deny), then traffic will be processed by the router.
!-- all IGMP packets with ttl different from 1 will be selected
!-- by this acl and the "drop" action will be applied in the
!-- corresponding CoPP polisy
!
ip access-list extended IGMP-ACL
permit igmp any any ttl neq 1
!
!-- Permit (Police or Drop)/Deny (Allow) all other Layer3 and Layer4
!-- traffic in accordance with existing security policies and
!-- configurations for traffic that is authorized to be sent
!-- to infrastructure devices.
!-- Create a class map for traffic that will be policed by
!-- the CoPP feature.
!
class-map match-all drop-IGMP-class
match access-group name IGMP-ACL
!
!-- Create a policy map that will be applied to the
!-- Control Plane of the device, and add the "drop-tcp-traffic"
!-- class map.
!
policy-map CoPP-policy
class drop-IGMP-class
drop
!
!-- Apply the policy map to the control plane of the
!-- device.
!
control-plane
service-policy input CoPP-policy
厂商补丁:
Cisco
-----
Cisco已经为此发布了一个安全公告(cisco-sa-20100922-igmp)以及相应补丁:
cisco-sa-20100922-igmp:Cisco IOS Software Internet Group Management Protocol Denial of Service Vulnerability
链接:http://www.cisco.com/warp/public/707/cisco-sa-20100922-igmp.shtml
浏览次数:2541
严重程度:0(网友投票)
绿盟科技给您安全的保障
