[nsp-sec] FYI - Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerability
John Kristoff
jtk at depaul.edu
Sat Aug 29 15:31:32 EDT 2020
On Sat, 29 Aug 2020 03:36:32 +0000
"Dario Ciccarone (dciccaro)" <dciccaro at cisco.com> wrote:
> New advisory just published minutes ago -
> https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-dvmrp-memexh-dSmpdvfz
Hi Dario,
I think some people will see DVMRP and skim past this. To clarify,
this problem does not require one run DVMRP per se, this is really an
issuing stemming from the underlying IGMP protocol within which DVMRP
is encapsulated. Probably most routers will support some level of IGMP
functionality, so nets with vulnerable gear shouldn't skim past this so
quickly. Fair assessment?
John
More information about the nsp-security
mailing list