FragmentSmack vulnerability in Linux kernel affects 88 Cisco products

The company’s product list with this flaw keeps growing

Cisco has confirmed that many of its products that depend on the Linux kernel are vulnerable to a potentially dangerous denial-of-service (DoS) flaw. The vulnerability, called FragmentSmack, was revealed last August by experts in ethical hacking, mentioning that it affects the stack of IP networks in the Linux kernel, which caused several update patches to be launched for numerous distributions and Linux patches in Akamai, Amazon and Juniper Networks, among others.

The flaw can saturate CPU capacity when under a low-speed attack using fragmented IPv4 and IPV6 packets, which could cause a denial-of-service condition on the affected device.

As experts in ethical hacking noted in a report, an attacker can use the FragmentSmack vulnerability to increase CPU usage by sending fragmented IP packets that activate the kernel reassembly algorithm.

Cisco has focused its vulnerability research on products that use version 3.9 or later of the Linux kernel, since it has been confirmed that they are vulnerable to FragmentSmack failure. The company has been updating its original security notice over the past month, adding more details about the vulnerable products so far.

It has been confirmed that not only Linux-based products are vulnerable to FragmentSmack; Microsoft recently revealed that all supported versions of Windows were vulnerable to FragmentStack, and that Windows servers were the most likely target of an attack. Cisco confirmed that the vulnerability affects 88 of its products, including its Nexus switches, the Cisco IOS XE software, as well as various wireless access points.

The company points out that there may be some alternative solutions available, including the use of access control lists and other speed-limiting techniques to control the flaw of the fragmented packets that reach the affected interfaces. External firewalls can also be useful.

According to specialists in ethical hacking from the International Institute of Cyber Security, FragmentSmack, and a similar DoS vulnerability called SegmentStack, were revealed by the CERT CC in the middle of last month. At the same time, Cisco revealed a similar DoS vulnerability that affected its AsyncOS software, for the Web Security Appliances system, with which a remote attacker could deplete the memory and cause the device to stop processing new TCP connections.

Cisco’s further information is expected in upcoming days.