FWSM vulnerability question

Unanswered Question
Jan 16th, 2010
User Badges:

Hi all


i have faced an issue with FWSM that it was stop forwarding traffic suddenly when making a capture for icmp traffic on a new created interface and it was must to reload the module.

Before reloading the module , an error was appeared when trying to apply any command in the firewall module :

np_wr_fp_interface_stats failed
np_wr_fp_interface_stats failed Interface stats query failed.


i tried to search about that error and found that A vulnerability exists in the Cisco Firewall Services Module (FWSM) for the Catalyst 6500 Series Switches and Cisco 7600 Series Routers. The vulnerability may cause the FWSM to stop forwarding traffic and may be triggered while processing multiple, crafted ICMP messages.

http://www.cisco.com/warp/public/707/cisco-sa-20090819-fwsm.shtml


i need to know what is meant by crafted ICMP message????


regards

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Panos Kampanakis Sat, 01/16/2010 - 13:38
User Badges:
  • Cisco Employee,

Crafted icmp messages means icmp packets that have a specific pattern in them. It is a very rare ocassion.


Your symptoms do not clearly point to that defect.


There could be multiple issues that could relate with the problem and if you don't have more data it is hard to track.


The "np_wr_fp_interface_stats" errors do not correlate with the defect you mentioned though. A reset of the blade should make these logs disappear.


I hope it helps.


PK

Actions

This Discussion