Cisco 802-IDSL - 802 Router Manual de usuario descargar pdf (Pagina 12)

Release Notes for Cisco 802 IDSL and 804 IDSL Routers for Cisco IOS Release

78-10388-01

Important Notes

Cisco IOS Syslog Failure

Certain versions of Cisco IOS software may fail or hang when they receive invalid User Datagram

Protocol (UDP) packets sent to their syslog ports (port 514). At least one commonly used Internet

scanning tool generates packets that cause such problems. This fact has been published on public

Internet mailing lists, which are widely read both by security professionals and by security crackers.

This information should be considered in the public domain.

Attackers can cause Cisco IOS devices to repeatedly fail and reload, resulting in a completely disabled

Cisco IOS device that needs to be reconfigured by its administrator. Some Cisco IOS devices have been

observed to hang instead of failing when attacked. These devices do not recover until they are manually

restarted by reset or power cycling. An administrator must personally visit an attacked, hung device to

restart it, even if the attacker is no longer actively sending any traffic. Some devices have failed without

providing stack traces; some devices may indicate that they were “restarted by power-on,” even when

that is not the case.

Assume that any potential attacker is likely to know that existence of this problem and the ways to

exploit it. An attacker can use tools available to the public on the Internet and does not need to write

any software to exploit the vulnerability. Minimal skill is required and no special equipment is required.

Despite Cisco specifically inviting such reports, Cisco has received no actual reports of malicious

exploitation of this problem.

This vulnerability notice was posted on Cisco’s World Wide Web site:

http://www.cisco.com/warp/public/770/iossyslog-pub.shtml

This information was also sent to the following e-mail and USENET news recipients:

• first-teams@first.org (includes CERT/CC)

• first-info@first.org

• comp.dcom.sys.cisco

Affected Devices and Software Versions

Vulnerable devices and software versions are specified in Table 5, Affected and Repaired Software

Versions. Affected versions include Releases 11.3 AA, 11.3 DB, and all 12.0 versions (including 12.0

mainline, 12.0 S, 12.0 T, and any other regular released version whose number starts with 12.0), up to

the repaired releases listed in Table 5. Cisco is correcting the problem in certain special releases and

will correct it in future maintenance and interim releases. See Table 5, Affected and Repaired Software

Versions for details. Cisco intends to provide fixes for all affected IOS variants.

No particular configuration is needed to make a Cisco IOS device vulnerable. It is possible to filter out

attack traffic by using access lists. See the “Workarounds” section on page 14 for techniques. However,

except at Internet firewalls, the appropriate filters are not common in customer configurations. Carefully

evaluate your configuration before assuming that any filtering you have protects you against this attack.

1 2 ... 7 8 9 10 11 12 13 14 15 16 17 ... 25 26

Sin comentarios

Cisco 802-IDSL - 802 Router Manual de usuario Pagina 12