Cisco: Linux kernel FragmentSmack bug now affects 88 of our products

Cisco's list of products with a Linux kernel denial-of-service flaw is growing.

Cisco has confirmed that more of its products that rely on the Linux kernel is vulnerable to a potentially dangerous denial-of-service flaw.

The bug, dubbed FragmentSmack, was in August revealed to affect the IP networking stack in the Linux kernel, prompting a round of patches for numerous Linux distributions and patches at Akamai, Amazon, and Juniper Networks, and more.

The bug can saturate a CPU's capacity when under a low-speed attack using fragmented IPv4 and IPv6 packets, which could cause a denial-of-service condition on the affected device.

As RedHat noted in its write-up, an attacker can use FragmentSmack to drive up CPU usage by sending fragmented IP packets that trigger the kernel's 'time and calculation expensive' reassembly algorithm.

Cisco has focused its search for the vulnerability in products that use the Linux kernel version 3.9 or later, which have been confirmed to be vulnerable to FragmentSmack.

The company has been updating its initial advisory over the past month with details about products confirmed to be vulnerable and those that are not.

Linux-based products aren't exclusively affected. Microsoft this week also revealed that all supported versions of Windows were vulnerable to FragmentStack, with Windows servers the more likely target of an attack.

Cisco has now confirmed that the flaw affects 88 products, including its Nexus switches, Cisco IOS XE software, and equipment from its lines of Unified Computing and Unified Communications brands, several TelePresence products, and a handful of wireless access points.

Cisco notes that there may be some workarounds available, including using access-control lists and other rate-limiting techniques to control the flaw of fragmented packets that reach affected interfaces. External firewalls may also do the trick and minimize the impact on downstream devices.

It's currently investigating whether the Cisco Application Policy Infrastructure Controller (APIC) Enterprise module is affected.

FragmentSmack, and a similar DoS bug called SegmentStack were disclosed by the Vulnerability Coordination team of the National Cyber Security Centre of Finland (NCSC-FI) and CERT Coordination Center (CERT/CC) in mid-August.

The bugs were discovered by Juha-Matti Tilli, of the Aalto University Department of Communications and Networking, and Nokia Bell Labs.

Cisco in August disclosed a DoS bug with a similar impact affecting its AsyncOS Software for Web Security Appliances, which a remote attacker could use to exhaust memory and cause the device to stop processing new TCP connections.


SOURCE: