====================================================================


                             CERT-Renater

                 Note d'Information No. 2018/VULN227
_____________________________________________________________________

DATE                : 12/07/2018

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Cisco StarOS versions prior to N5.1.11 (21.6.5),
                              21.3.15, 21.5.7, 21.6.4.

=====================================================================
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180711-staros-dos
_____________________________________________________________________

Cisco Security Advisory: Cisco StarOS IPv4 Fragmentation Denial of
Service Vulnerability

Advisory ID: cisco-sa-20180711-staros-dos

Revision: 1.0

For Public Release: 2018 July 11 16:00 GMT

Last Updated: 2018 July 11 16:00 GMT

CVE ID(s): CVE-2018-0369

CVSS Score v(3): 8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

+---------------------------------------------------------------------

Summary

=======

A vulnerability in the reassembly logic for fragmented IPv4 packets of
Cisco StarOS running on virtual platforms could allow an
unauthenticated, remote attacker to trigger a reload of the npusim
process, resulting in a denial of service (DoS) condition. There are
four instances of the npusim process running per Service Function (SF)
instance, each handling a subset of all traffic flowing across the
device. It is possible to trigger a reload of all four instances of the
npusim process around the same time.

The vulnerability is due to improper handling of fragmented IPv4 packets
containing options. An attacker could exploit this vulnerability by
sending a malicious IPv4 packet across an affected device. An exploit
could allow the attacker to trigger a restart of the npusim process,
which will result in all traffic queued toward this instance of the
npusim process to be dropped while the process is restarting. The npusim
process typically restarts within less than a second.

Cisco has released software updates that address this vulnerability.
There are no workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180711-staros-dos
["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180711-staros-dos"]

=========================================================
+ CERT-RENATER        | tel : 01-53-94-20-44            +
+ 23/25 Rue Daviel    | fax : 01-53-94-20-41            +
+ 75013 Paris         | email:cert@support.renater.fr   +
=========================================================