which could be exploited by remote attackers to cause a denial of service or compromise an affected device.
The first issue is due to an error when handling Internet Control
Message Protocol (ICMP) packets, Protocol Independent Multicast version
2 (PIMv2) packets, Pragmatic General Multicast (PGM) packets, or URL
Rendezvous Directory (URD) packets with a header containing a specially
crafted IP option, which could be exploited by remote attackers to
reload a vulnerable device or execute arbitrary commands.
The second vulnerability is due to a memory leak in the Transmission
Control Protocol (TCP) listener when processing specially crafted
packets sent to an IPv4 address assigned to a physical or virtual
interface on a device, which could be exploited by attackers to exhaust
all available memory resources, creating a denial of service condition.
The third issue is due to an error when processing specially crafted
IPv6 Type 0 Routing headers, which could be exploited by attackers to
crash a vulnerable device
Affected Products
Cisco IOS versions 9.x
Cisco IOS versions 10.x
Cisco IOS versions 11.x
Cisco IOS versions 12.x
Cisco IOS XR versions 2.0.x
Cisco IOS XR versions 3.0.x
Cisco IOS XR versions 3.2.x
Solution
Upgrade to a fixed version :
http://www.cisco.com/warp/public/707/cisco-sa-20070124-bundle.shtml
