Reported November 10, 2004, by Cisco

VERSIONS AFFECTED

  • Cisco 7200, 7300, 7500 platforms
  • Cisco 2650, 2651, 2650XM, 2651XM Multiservice platform
  • Cisco ONS15530, ONS15540
  • Cisco Catalyst 4000, Sup2plus, Sup3, Sup4, and Sup5 modules
  • Cisco Catalyst 4500, Sup2Plus TS
  • Cisco Catalyst 4948, 2970, 3560, and 3750
  • Cisco Catalyst 6000, Sup2/MSFC2, and Sup720/MSFC3
  • Cisco 7600 Sup2/MSFC2 and Sup720/MSFC3

DESCRIPTION
A Denial of Service (DoS) vulnerability exists in Cisco IOS devices running branches of IOS version 12.2S that have DHCP server or relay agent enabled. Certain crafted DHCP packets might be undeliverable but will remain in the queue instead of being dropped. If so many packets are sent that they equal the size of the input queue, no more traffic will be accepted on that interface, resulting in a DoS condition.
 

VENDOR RESPONSE
Cisco Systems has released Cisco Security Advisory Cisco IOS DHCP Blocked Interface Denial-of-Service to address this vulnerability.

CREDIT
Discovered by Cisco.