Denial of Service in Cisco IOS - 17 Jul 2003

Reported July 16, 2003, by Cisco Systems.


All Cisco products that run IOS and IPv4


Cisco reported a Denial of Service (DoS) condition in its IOS software that occurs when the software is configured to use IP version 4 (IPv4). A sequence of specially crafted IPv4 packets can cause the input interface to stop processing traffic when the input queue is full, thereby causing the router to stop processing inbound traffic.

One Ethernet interfaces the Address Resolution Protocol (ARP) times out after a certain period, which is 4 hours by default. A malicious user can conduct an attack against all interfaces, at which point the router becomes remotely inaccessible. Rebooting the router can clear the problem; however, user intervention is necessary.


Cisco has made new IOS software code available. The company said, "Customers with contracts should obtain upgraded software free of charge through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on the Cisco worldwide Web site at

"Customers whose Cisco products are provided or maintained through prior or existing agreement with third-party support organizations such as Cisco Partners, authorized resellers, or service providers should contact that support organization for assistance with obtaining the free software upgrade(s).

"Customers who purchase directly from Cisco but who don't hold a Cisco service contract and customers who purchase through third-party vendors but are unsuccessful at obtaining fixed software through their point of sale should get their upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are 408-526-7209, 800-553-2447, or [email protected]

"Please have your product serial number available and give the URL of this notice as evidence of your entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC.

"Please do not contact either "[email protected]" or "[email protected]" for software upgrades.

"See for additional TAC contact information, including special localized telephone numbers, instructions, and email addresses for use in various languages."

More information is available, including workaround information, in the bulletin at Cisco's Web site.


Discovered by Cisco Systems.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.