漏洞类别:Cisco
漏洞等级: 
漏洞信息
Multiple vulnerabilities in the multicast subsystem of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition. The issues are in IPv4 Multicast Source Discovery Protocol (MSDP) and IPv6 Protocol Independent Multicast (PIM).
The first vulnerability is due to insufficient checking of MSDP Source-Active (SA) messages received from a configured MSDP peer. (CVE-2016-6382)
The second vulnerability is due to insufficient checking of packets encapsulated in a PIM register message. (CVE-2016-6392)
漏洞危害
An attacker who can send traffic to the IPv4 address of a device could exploit this vulnerability by sending a packet designed to trigger the issue to the affected device. A successful exploit could cause the affected device to restart.(CVE-2016-6382)
An attacker who can send a malformed IPv6 PIM register packet to a PIM rendezvous point (RP) could exploit the vulnerability. A successful exploit could cause the affected device to restart. (CVE-2016-6392)
解决方案
Refer to Cisco advisory cisco-sa-20160928-msdp for updates and patch information.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论