On Wed, 23 Sep 2009, Cisco Systems Product Security Incident Response Team
wrote:
Cisco IOS Software and configured for Generic Routing Encapsulation
(GRE), IPinIP, Generic Packet Tunneling in IPv6 or IPv6 over IP
tunnels with Cisco Express Forwarding enabled. The Cisco IOS Point to
Point Tunneling Protocol (PPTP) feature creates GRE tunnels that are
transparent to the user. Therefore systems configured for PPTP are
also vulnerable.
The Cisco multicast Virtual Private Network (MVPN) feature also
creates GRE tunnels that are transparent to the user, however MVPN
configurations are not vulnerable, unless there are other tunnels
that are configured explicitly.
PIM Register-encapsulation/decapsulation creates TunnelX-interfaces
dynamically and transparently and it's essentially IP-in-IP. I'd
appreciate a clarification whether routers running as PIM DR or PIM RP
are affected.
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
