detonate.net - Another Cisco Router flaw

I'm sure all our heavy net hitters here read /., but just in case: this is stolen from there:

CERT has released an advisory regarding a serious flaw in all Cisco routers and switches which run IOS and process IPv4 packets (i.e. pretty much everything), which causes the device to stop processing inbound packets, and so: 'The device must be rebooted to clear the input queue on the interface, and will not reload without user intervention.' There are apparently no known exploits (yet), and Cisco have an advisory with a workaround and available fixes.

CERT says: By sending specially crafted IPv4 packets to an interface on a vulnerable device, an intruder can cause the device to stop processing packets destined to that interface. Quoting from Cisco's advisory:

"A device receiving these specifically crafted IPv4 packets will force the inbound interface to stop processing traffic. The device may stop processing packets destined to the router, including routing protocol packets and ARP packets. No alarms will be triggered, nor will the router reload to correct itself. This issue can affect all Cisco devices running Cisco IOS software. This vulnerability may be exercised repeatedly resulting in loss of availability until a workaround has been applied or the device has been upgraded to a fixed version of code."

CERT writeup here; Cisco advisory here.