Information Leakage Using IPv6 Routing Header in Cisco IOS and Cisco IOS-XR

Cisco IOS and Cisco IOS XR contain a vulnerability when processing
specially crafted IPv6 packets with a Type 0 Routing Header present.
Exploitation of this vulnerability can lead to information leakage on affected
IOS and IOS XR devices, and may also result in a crash of the affected IOS
device. Successful exploitation on an affected device running Cisco IOS XR will
not result in a crash of the device itself, but may result in a crash of the
IPv6 subsystem.

Cisco has made free software available to address this vulnerability
for affected customers. There are workarounds available to mitigate the effects
of the vulnerability.

This advisory is posted at

 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20070808-IOS-IPv6-leak["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20070808-IOS-IPv6-leak"].

Note: The August 08, 2007 publication includes four Security Advisories and
one Security Response. The advisories all affect IOS, one additionally affects
Cisco Unified Communications Manager as well. Each advisory lists the releases
that correct the vulnerability described in the advisory, and the advisories
also detail the releases that correct the vulnerabilities in all four
advisories. Individual publication links are listed below:

	Cisco IOS Information Leakage Using IPv6 Routing Header

	
	  
	  https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20070808-IOS-IPv6-leak["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20070808-IOS-IPv6-leak"]

	 
  
	Cisco IOS Next Hop Resolution Protocol Vulnerability

	
	  https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20070808-nhrp["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20070808-nhrp"]

	 
  
	Cisco IOS Secure Copy Authorization Bypass Vulnerability

	
	  https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20070808-scp["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20070808-scp"]

	 
  
	Voice Vulnerabilities in Cisco IOS and Cisco Unified Communications
	  Manager

	
	  
	  https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20070808-IOS-voice["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20070808-IOS-voice"]

	 
  
	Cisco Unified MeetingPlace XSS Vulnerability

	
	  https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20070808-mp["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20070808-mp"]