Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

S-262: Cisco IOS Multicast Virtual Private Network (MVPN) Data Leak

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) S-262: Cisco IOS Multicast Virtual Private Network (MVPN) Data Leak
# 1  
Old 04-10-2008
S-262: Cisco IOS Multicast Virtual Private Network (MVPN) Data Leak
A vulnerability in the Cisco implementation of Multicast Virtual Private Network (MVPN) is subject to exploitation that can allow a malicious user to create extra multicast states on the core routers or receive multicast traffic from other Multiprotocol Label Switching (MPLS) based Virtual Private Networks (VPN) by sending specially crafted messages. The risk is LOW. Successful exploitation of the vulnerability can result in the creation of extra multicast states on the core routers or the leaking of multicast traffic from one MPLS VPN to another.


More...
Login or Register to Ask a Question

Previous Thread | Next Thread

4 More Discussions You Might Find Interesting

1. Solaris

Cisco IOS VPN server IKE

How do I tell if Cisco IOS VPN server IKE is running on my solaris 10 system (1 Reply)
Discussion started by: pgsanders
1 Replies

2. Shell Programming and Scripting

Need help on ssh login script to cisco ios

I'm trying to write a login script to ssh into a cisco switch that will run some command remotely. Similar to this expect script located here: SSH login expect shell script to supply username and password However, that script does not work with cisco ios. Anyway know what the best way to... (1 Reply)
Discussion started by: streetfighter2
1 Replies

3. Linux

How to multicast on different IP network

On Linux, I have configured two different IP address for two network device eth0 ,eth1 , in my program, I want to multicast differently on these two network, I know it must add route for single network and I try to config another route for second network,but it can not work correctly, how to config... (0 Replies)
Discussion started by: Frank2004
0 Replies

4. IP Networking

private network to private network gateway

i have one private network with one ip address, and i have a seperate network on a seperate ip address. now, each network is behind a firewall/router. now what i want to do is be able to access one server on the second network from a computer on the first., but with the private ip address, (this... (2 Replies)
Discussion started by: norsk hedensk
2 Replies
Login or Register to Ask a Question

LEARN ABOUT DEBIAN

mld

MLD(4)							   BSD Kernel Interfaces Manual 						    MLD(4)

NAME

     mld -- Multicast Listener Discovery Protocol

SYNOPSIS

     #include <sys/types.h>
     #include <sys/socket.h>
     #include <netinet/in.h>
     #include <netinet/in_systm.h>
     #include <netinet/ip6.h>
     #include <netinet/icmp6.h>
     #include <netinet6/mld6.h>

     int
     socket(AF_INET6, SOCK_RAW, IPPROTO_ICMPV6);

DESCRIPTION

     MLD is a control plane protocol used by IPv6 hosts and routers to propagate multicast group membership information.  Normally this protocol
     is not used directly, except by the kernel itself, in response to multicast membership requests by user applications.  Multicast routing pro-
     tocol daemons may open a raw socket to directly interact with mld and receive membership reports.

     As of FreeBSD 8.0, MLD version 2 is implemented.  This adds support for Source-Specific Multicast (SSM), whereby applications may communicate
     to upstream multicast routers that they are only interested in receiving multicast streams from particular sources.  The retransmission of
     state-change reports adds some robustness to the protocol.

SYSCTL VARIABLES

     net.inet6.mld.stats
	     This opaque read-only variable exposes the stack-wide MLDv2 protocol statistics to netstat(1).

     net.inet6.mld.ifinfo
	     This opaque read-only variable exposes the per-link MLDv2 status to ifmcstat(8).

     net.inet6.mld.gsrdelay
	     This variable specifies the time threshold, in seconds, for processing Group-and-Source Specific Queries (GSR).  As GSR query pro-
	     cessing requires maintaining state on the host, it may cause memory to be allocated, and is therefore a potential attack point for
	     Denial-of-Service (DoS).  If more than one GSR query is received within this threshold, it will be dropped, to mitigate the potential
	     for DoS.

     net.inet6.mld.v1enable
	     If this variable is non-zero, then MLDv1 membership queries (and host reports) will be processed by this host, and backwards compati-
	     bility will be enabled until the v1 'Older Version Querier Present' timer expires.  This sysctl is normally enabled by default.

SEE ALSO

     ifmcstat(8), inet(4), multicast(4), netstat(1), sourcefilter(3)

HISTORY

     The mld manual page appeared in FreeBSD 8.0.

BSD
								   May 27, 2009 							       BSD