Denial of Service in Cisco IOS PPTP

Reported July 12, 2001, by Cisco Systems.

VERSIONS AFFECTED

·         All Cisco Systems products using the Internetwork Operating System (IOS) releases that allow the Point to Point Tunneling Protocol (PPTP)

 

DESCRIPTION
A Denial of Service (DoS) vulnerability exists in Cisco’s IOS that can let a potential attacker crash the router by sending a malformed or crafted PPTP packet to port 1723. Although the router will crash after receiving just one packet, the attacker can cause the DOS by repeatedly sending packets.

 

VENDOR RESPONSE

Cisco has issued a notice regarding this vulnerability. A workaround is to disable PPTP on the router. This vulnerability doesn't affect routers with PPTP disabled (as is the default). The company recommends that users obtain a firmware upgrade through the Software Center on Cisco's Web site or through Cisco's distribution channels.

 

CREDIT
Discovered by Cisco Systems.

 

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish