FrSIRT - Cisco Catalyst 6500 and Cisco 7600 Series Loopback Address Security Bypass / Exploit
Cisco Catalyst 6500と7600シリーズで127.0.0.0/8のアドレスを使ってフィルタを回避する脆弱性が存在するそうです。
127.0.0.0/8はスーパーバイザーエンジンが使うそうです。
A weakness has been reported in Cisco Catalyst 6500 and Cisco 7600 series devices, which can be exploited by malicious people to bypass certain security restrictions.
The problem is that packets destined for the 127.0.0.0/8 network may be received and processed by e.g. the Supervisor module or Multilayer Switch Feature Card (MSFC). This can be exploited to e.g. bypass existing access control lists.
Successful exploitation requires that systems are running Hybrid Mode (Catalyst OS (CatOS) software on the Supervisor Engine and IOS Software on the MSFC) or Native Mode (IOS Software on both the Supervisor Engine and the MSFC).