Protocol Independent Multicast Denial of Service Vulnerability
Multicast routing is a bandwidth-conserving
technology that reduces traffic by simultaneously delivering a single
stream of information to multiple recipients.
Protocol Independent Multicast (PIM) is a multicast
routing protocol that is independent of any IP routing
protocol. PIM can leverage any unicast routing
protocols that are in use, including
Exterior Gateway Routing Protocol (EIGRP), Open Shortest Path First (OSPF), Border Gateway Protocol (BGP), or static routes, to populate the unicast routing table. PIM uses this unicast routing
information to perform the multicast forwarding function, and is IP
protocol-independent. Although PIM is called a multicast routing
protocol, it actually uses the unicast routing table to perform the Reverse Path Forwarding (RPF) check function instead of building a
completely independent multicast routing table. PIM does not send or
receive multicast routing updates between routers as do other routing
A vulnerability exists in the way PIM is implemented that may cause affected devices to reload
during the processing of a PIM message when multicast routing is
enabled. The vulnerability is due to improper handling of PIM messages. An attacker could exploit this vulnerability by sending a crafted PIM message to the affected system.
This vulnerability is documented in Cisco bug ID CSCtu97367 (registered customers only), and has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2012-0356.