Cisco IOS DHCP Denial of Service vulnerability

Latest News
Airline: New Virus Infections- WARNING Microsoft Warns of Word attack Backup Your Information! Daylight Saving Howto & Warning Storm Virus Provide Spammers New Exploited PC

Popular
Installing Skype on Ubuntu Linux MarshallS/TJ Max Security Breach Secure Hard Disk Erasing Terms and Conditions Reseting the TCP/IP stack on an MS XP with NETSH command

Cisco IOS contains a denial of service vulnerability that can
be triggered by a series of specially crafted DHCP packets. The DHCP packets
may be directed to any of the router's interface IP addresses. A successful
attack will cause the router to stop processing traffic on the targeted
interface(s). Further, after a period of 4 hours, the router may be unable
to route any traffic as the router's ARP cache will be cleared. The problem
arises because the crafted DHCP packets remain in the router's "input" queue,
and the router stops processing traffic on any interface when the input
queue gets full. A hard reboot is required to bring the router back to
normalcy. Note that Cisco routers process DHCP packets by default. No
technical details regarding how to craft the packets that will trigger
this vulnerability have been posted.

Status: Cisco has released corrected versions of IOS. A workaround is to
configure "no service DHCP" on the routers that do not require DHCP service.
Affected: Cisco devices running any of the following IOS versions - 12.2(14)SZ
12.2(18)EW, EWA, S, SE, SV, SW and higher

References:
Qualys
Cisco Security Advisory
CERT Advisory
SecurityFocus BID