[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UNIRAS Brief - 140/04 - Cisco Security Advisory

To: <uniras@xxxxxxxxxxxx>
Subject: UNIRAS Brief - 140/04 - Cisco Security Advisory
From: "UNIRAS \(HM Govt CERT \(HD\)\)" <uniras@xxxxxxxxxxxx>
Date: Mon, 29 Mar 2004 11:42:00 +0100
Cc: <interim@xxxxxxxxxxxxxxxxxx>
Delivered-to: mailing list interim@xxxxxxxxxxxxxxxxxx
Delivered-to: moderator for interim@xxxxxxxxxxxxxxxxxx
Delivery-date: Mon, 29 Mar 2004 13:16:05 +0200
Envelope-to: UNIRAS@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Importance: Normal
List-help: <mailto:interim-help@lists.niscc.gov.uk>
List-post: <mailto:interim@lists.niscc.gov.uk>
List-subscribe: <mailto:interim-subscribe@lists.niscc.gov.uk>
List-unsubscribe: <mailto:interim-unsubscribe@lists.niscc.gov.uk>
Mailing-list: contact interim-help@xxxxxxxxxxxxxxxxxx; run by ezmlm
Organization: Niscc
Reply-to: <uniras@xxxxxxxxxxxx>

 
-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------------------
   UNIRAS (UK Govt CERT) Briefing Notice - 140/04 dated 29.03.04  Time: 11:45  
  UNIRAS is part of NISCC (National Infrastructure Security Co-ordination Centre)
- ---------------------------------------------------------------------------------- 
  UNIRAS material is also available from its website at www.uniras.gov.uk and
         Information about NISCC is available from www.niscc.gov.uk
- ----------------------------------------------------------------------------------

Title
=====

Exploit for Multiple Cisco Vulnerabilities Released


Detail
====== 



                 ESB-2004.0234 -- Cisco Security Advisory
            Exploit for Multiple Cisco Vulnerabilities Released
                               29 March 2004

Product:                Various
Publisher:              Cisco Systems
Impact:                 Denial of Service
                        Administrator Compromise
Access Required:        Remote

Ref:                    ESB-2000.398
                        ESB-2001.362
                        ESB-2000.312
                        ESB-2001.304
                        ESB-2001.263
                        ESB-2002.242

Comment: Proof-of-concept code has been publicly released that exploits
         multiple previous vulnerabilities in various Cisco products.

- - --------------------------BEGIN INCLUDED TEXT--------------------

- - -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Proof-of-concept code has been publicly released that exploits multiple previous vulnerabilities in various Cisco products.  The following list of vulnerabilities taken verbatim from the exploit code are affected.  Included after each is a URL which may be referenced for more information regarding each vulnerability where Cisco has previously released a security advisory or response to address the issue.  Customers should take steps to ensure that they have addressed each of these either via a software upgrade or workarounds in place as appropriate in order to mitigate any risk from this new exploit code.


[1] - Cisco 677/678 Telnet Buffer Overflow Vulnerability

CBOS - Improving Resilience to Denial-of-Service Attacks http://www.cisco.com/warp/public/707/CBOS-DoS.shtml


[2] - Cisco IOS Router Denial of Service Vulnerability

Cisco IOS HTTP Server Vulnerability http://www.cisco.com/warp/public/707/ioshttpserver-pub.shtml


[3] - Cisco IOS HTTP Auth Vulnerability

IOS HTTP Authorization Vulnerability http://www.cisco.com/warp/public/707/IOS-httplevel-pub.html


[4] - Cisco IOS HTTP Configuration Arbitrary Administrative Access Vulnerability

IOS HTTP Authorization Vulnerability http://www.cisco.com/warp/public/707/IOS-httplevel-pub.html


[5] - Cisco Catalyst SSH Protocol Mismatch Denial of Service Vulnerability

Cisco Catalyst SSH Protocol Mismatch Vulnerability http://www.cisco.com/warp/public/707/catalyst-ssh-protocolmismatch-pub.shtml


[6] - Cisco 675 Web Administration Denial of Service Vulnerability

Cisco is currently researching this vulnerability further.   Mitigation
methods have been available for some time such as setting the web server to listen on a different port:

"Code Red" Worm - Customer Impact http://www.cisco.com/warp/public/707/cisco-code-red-worm-pub.shtml#workarounds

and through bugs resolved in the following advisory where the webserver under Cisco CBOS was enabled by default and listening on port 80 even 
when the web server was not configured.

CBOS Web-based Configuration Utility Vulnerability http://www.cisco.com/warp/public/707/cisco-cbos-webserver-pub.shtml


[7] - Cisco Catalyst 3500 XL Remote Arbitrary Command Vulnerability

Catalyst 3500 Issue
Report: http://www.securityfocus.com/archive/1/141471
Cisco Response: http://www.securityfocus.com/archive/1/144655


[8] - Cisco IOS Software HTTP Request Denial of Service Vulnerability

Cisco IOS HTTP Server Query Vulnerability http://www.cisco.com/warp/public/707/ioshttpserverquery-pub.shtml


[9] - Cisco 514 UDP Flood Denial of Service Vulnerability

A Vulnerability in IOS Firewall Feature Set http://www.cisco.com/warp/public/707/IOS-cbac-dynacl-pub.shtml



This issue regarding the publication of new exploit code was first 
reported to Cisco by the NCC/Telecom-ISAC who also contributed to the 
content of this notice.




- ----------------------------------------------------------------------------------

For additional information or assistance, please contact the HELP Desk by 
telephone or Not Protectively Marked information may be sent via 
EMail to: uniras@xxxxxxxxxxxx

Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 20 7821 1330 Ext 4511
Fax: +44 (0) 20 7821 1686

Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 20 7821 1330 and follow the prompts

- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Cisco for the information 
contained in this Briefing. 
- ----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some 
of the information may have changed since it was released. If the vulnerability 
affects you, it may be prudent to retrieve the advisory from the canonical site 
to ensure that you receive the most current information concerning that problem.

Reference to any specific commercial product, process, or service by trade 
name, trademark manufacturer, or otherwise, does not constitute or imply 
its endorsement, recommendation, or favouring by UNIRAS or NISCC.  The views 
and opinions of authors expressed within this notice shall not be used for 
advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors 
or omissions contained within this briefing notice. In particular, they shall 
not be liable for any loss or damage whatsoever, arising from or in connection 
with the usage of information contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST) 
and has contacts with other international Incident Response Teams (IRTs) in 
order to foster cooperation and coordination in incident prevention, to prompt 
rapid reaction to incidents, and to promote information sharing amongst its 
members and the community at large. 
- ----------------------------------------------------------------------------------
<End of UNIRAS Briefing>

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQCVAwUBQGf9d4pao72zK539AQHT/gQAobf7KCTZveFLn58oKiiMR1QEzkgMRI9G
ylcDUuM561U0PRxXUut109ykN4BIVLj2Sv0Mpn93K54P0tNvF7BFsQSpql9chXnq
KwSxKYVDzEbpBBlHKjrbH6a5k4Cb1qh4pY1HBimfZOlxdh4Om5MI+olNPmFNt6bk
03hGwXhEpeM=
=y0df
-----END PGP SIGNATURE-----

Prev by Date: UNIRAS ALERT - 15/04 - Malicous Software Report W.32/Bagel.U
Next by Date: UNIRAS Brief - 141/04 - Sun(sm) Alert Notification - Sun Alert ID: 57524
Previous by thread: UNIRAS ALERT - 15/04 - Malicous Software Report W.32/Bagel.U
Next by thread: UNIRAS Brief - 141/04 - Sun(sm) Alert Notification - Sun Alert ID: 57524
Index(es):
- Date
- Thread