Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2001.263 -- Cisco Security Advisory
IOS HTTP authorization vulnerability
28 June 2001
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: HTTP Server
Vendor: Cisco Systems
Operating System: Cisco IOS versions 11.3 and later
Impact: Administrator Compromise
Access Required: Remote
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Security Advisory: IOS HTTP authorization vulnerability
Revision 1.0 - INTERIM
For public release 2001 June 27 08:00 (UTC -0800)
_________________________________________________________________
Summary
When HTTP server is enabled and local authorization is used, it is
possible, under some circumstances, to bypass the authentication and
execute any command on the device. It that case, the user will be able
to exercise complete control over the device. All commands will be
executed with the highest privilege (level 15).
All releases of Cisco IOSĀ® software, starting with the release 11.3
and later, are vulnerable. Virtually, all mainstream Cisco routers and
switches running Cisco IOS are affected by this vulnerability.
Products that are not running Cisco IOS software are not vulnerable.
The workaround for this vulnerability is to disable HTTP server on the
router or to use Terminal Access Controller Access Control System
(TACACS+) or Radius for authentication.
This advisory will be posted at
http://www.cisco.com/warp/public/707/IOS-httplevel-pub.html
Affected Products
Any device running Cisco IOS software, starting with the release 11.3
and later is vulnerable.
Cisco devices that may be running with affected IOS software releases
include, but are not limited to:
* Cisco routers in the AGS/MGS/CGS/AGS+, IGS, RSM, 800, ubr900,
1000, 1400, 1500, 1600, 1700, 2500, 2600, 3000, 3600, 3800, 4000,
4500, 4700, AS5200, AS5300, AS5800, 6400, 7000, 7100, 7200,
ubr7200, 7500, and 12000 series.
* Most recent versions of the LS1010 ATM switch.
* The Catalyst 6000 if it is running Cisco IOS software.
* The Catalyst 2900XL LAN switch only if it is running Cisco IOS
software.
* The Catalyst 1900, 2800, 2900, 3000, and 5000 series LAN switches
are affected.
* The Cisco Distributed Director.
For some products, the affected software releases are relatively new
and may not be available on every device listed above.
If you are not running Cisco IOS software, you are not affected by
this vulnerability.
Cisco products that do not run Cisco IOS software and are not affected
by this defect include, but are not limited to:
* 700 series dialup routers (750, 760, and 770 series).
* The Catalyst 6000 is not affected if it is not running Cisco IOS
software.
* WAN switching products in the IGX and BPX lines.
* The MGX (formerly known as the AXIS shelf).
* Host-based software.
* The Cisco PIX Firewall.
* The Cisco LocalDirector.
* The Cisco Cache Engine.
No other Cisco products are affected.
Details
By sending a crafted URL it is possible to bypass authentication and
execute any command on the router at level 15 (enable level, the most
privileged level). This will happen only if the user is using a local
database for authentication (usernames and passwords are defined on
the device itself). The same URL will not be effective against every
Cisco IOS software release and hardware combination. However, there
are only 84 different combinations to try, so it would be easy for an
attacker to test them all in a short period of time.
The URL in question folows this format:
http://<device_addres>/level/xx/exec/....
Where xx is a number between 16 and 99.
This vulnerability is documented as Cisco Bug ID CSCdt93862.
Impact
An attacker can exercise complete control over the device. By
exploiting this vulnerability, the attacker can see and change
configuration of the device.
Software Versions and Fixes
Each row of the table describes a release train and the platforms or
products for which it is intended. If a given release train is
vulnerable, then the earliest possible releases that contain the fix
and the anticipated date of availability for each are listed in the
"Rebuild", "Interim", and "Maintenance" columns. A device running any
release in the given train that is earlier than the release in a
specific column (less than the earliest fixed release) is known to be
vulnerable, and it should be upgraded at least to the indicated
release or a later version (greater than the earliest fixed release
label).
When selecting a release, keep in mind the following definitions:
Maintenance
Most heavily tested and highly recommended release of any
label in a given row of the table.
Rebuild
Constructed from the previous maintenance or major
release in the same train, it contains the fix for a
specific defect. Although it receives less testing, it
contains only the minimal changes necessary to effect the
repair.
Interim
Built at regular intervals between maintenance releases
and receives less testing. Interims should be selected
only if there is no other suitable release that addresses
the vulnerability, and interim images should be upgraded
to the next available maintenance release as soon as
possible. Interim releases are not available via
manufacturing, and usually they are not available for
customer download from CCO without prior arrangement with
the Cisco TAC.
In all cases, customers should exercise caution to be certain the
devices to be upgraded contain sufficient memory and that current
hardware and software configurations will continue to be supported
properly by the new release. If the information is not clear, contact
the Cisco TAC for assistance as shown in the following section.
More information on IOS release names and abbreviations is available
at http://www.cisco.com/warp/public/620/1.html.
+---------------+----------------+-----------------------------------------+
| | Description of | |
| Train | Image or | Availability of Fixed Releases* |
| | Platform | |
+---------------+----------------+-------------+------------+--------------+
|11.0-based Releases and Earlier | Rebuild | Interim** | Maintenance |
+---------------+----------------+-------------+------------+--------------+
| |Multiple | |
| 10.3 |releases and |Not affected |
| |platforms | |
+---------------+----------------+-----------------------------------------+
| |Multiple | |
| 11.0 |releases and |Not affected |
| |platforms | |
+---------------+----------------+-------------+------------+--------------+
| 11.1-based Releases | Rebuild | Interim** | Maintenance |
+---------------+----------------+-------------+------------+--------------+
| |Major release | |
| 11.1 |for all |Not affected |
| |platforms | |
+---------------+----------------+-------------+------------+--------------+
| 11.2-based Releases | Rebuild | Interim** | Maintenance |
+---------------+----------------+-------------+------------+--------------+
| |Major release |End of Engineering |
| 11.2 |for all +-----------------------------------------+
| |platforms |Not affected |
+---------------+----------------+-------------+------------+--------------+
| 11.3-based Releases | Rebuild | Interim** | Maintenance |
+---------------+----------------+-------------+------------+--------------+
| |Major release |End of Engineering |
| 11.3 |for all +-----------------------------------------+
| |platforms |Upgrade recommended to 12.0(18) |
+---------------+----------------+-----------------------------------------+
| |ED for dial | |
| |platforms and |Not Scheduled |
| 11.3AA |access servers +-----------------------------------------+
| |5800, 5200, |Upgrade recommended to 12.1(9) |
| |5300, 7200 | |
+---------------+----------------+-----------------------------------------+
| |Early deployment|End of Engineering |
| 11.3DA |train for ISP | |
| |DSLAM 6200 +-----------------------------------------+
| |platform |Upgrade recommended to 12.1DA |
+---------------+----------------+-----------------------------------------+
| |Early deployment| |
| |train for |End of Engineering |
| |ISP/Telco/PTT | |
| 11.3DB |xDSL broadband +-----------------------------------------+
| |concentrator | |
| |platform, (NRP) |Upgrade recommended to 12.1DB |
| |for 6400 | |
+---------------+----------------+-----------------------------------------+
| |Short-lived ED |End of Engineering |
| 11.3HA |release for ISR | |
| |3300 (SONET/SDH +-----------------------------------------+
| |router) |Upgrade recommended to 12.0(18) |
+---------------+----------------+-----------------------------------------+
| |MC3810 |End of Engineering |
| 11.3MA |functionality +-----------------------------------------+
| |only |Upgrade recommended to 12.1(9) |
+---------------+----------------+-----------------------------------------+
| |Voice over IP, | |
| |media |End of Engineering |
| 11.3NA |convergence, +-----------------------------------------+
| |various |Upgrade recommended to 12.1(9) |
| |platforms | |
+---------------+----------------+-----------------------------------------+
| |Early deployment|End of Engineering |
| 11.3T |major release, | |
| |feature-rich for+-----------------------------------------+
| |early adopters |Upgrade recommended to 12.0(18) |
+---------------+----------------+-----------------------------------------+
| | |End of Engineering |
| 11.3XA |Introduction of +-----------------------------------------+
| |ubr7246 and 2600|Upgrade recommended to 12.0(18) |
+---------------+----------------+-----------------------------------------+
| | |End of Engineering |
| 11.3WA4 |LightStream 1010+-----------------------------------------+
| | |Upgrade to be determined |
+---------------+----------------+-------------+------------+--------------+
| 12.0-based Releases | Rebuild | Interim** | Maintenance |
+---------------+----------------+-------------+------------+--------------+
| |General | | | |
| 12.0 |Deployment | | |12.0(18) |
| |release for all | | | |
| |platforms | | | |
+---------------+----------------+-------------+------------+--------------+
| | |Not Scheduled |
| 12.0DA |xDSL support +-----------------------------------------+
| |6100, 6200 |Upgrade recommended to 12.1(7)DA2 |
+---------------+----------------+-----------------------------------------+
| |Early Deployment| |
| |(ED) release, | |
| |which delivers |Not Scheduled |
| |support for the | |
| 12.0DB |Cisco 6400 +-----------------------------------------+
| |Universal Access| |
| |Concentrator | |
| |(UAC) for Node |Upgrade recommended to 12.1(5)DB2 |
| |Switch Processor| |
| |(NSP). | |
+---------------+----------------+-----------------------------------------+
| |Early Deployment| |
| |(ED) release, | |
| |which delivers |Not Scheduled |
| |support for the | |
| 12.0DC |Cisco 6400 +-----------------------------------------+
| |Universal Access| |
| |Concentrator | |
| |(UAC) for Node |Upgrade recommended to 12.1DC |
| |Switch Processor| |
| |(NSP). | |
+---------------+----------------+-------------+------------+--------------+
| |Core/ISP | | |12.0(18)S |
| 12.0S |support GSR, | | |Available |
| |RSP, c7200 | | |2001-July |
+---------------+----------------+-------------+------------+--------------+
| 12.0SC |Cable/broadband | | |12.0(16)SC |
| |ISP ubr7200 | | | |
+---------------+----------------+-------------+------------+--------------+
| 12.0SL |10000 ESR c10k | | | |
+---------------+----------------+-------------+------------+--------------+
| |Cisco IOS | | | |
| |software | | | |
| |Release12.0ST is| | | |
| |an early | | | |
| |deployment (ED) | | | |
| |release for the | | | |
| 12.0ST |Cisco 7200, | | | |
| |7500/7000RSP and| | | |
| |12000 (GSR) | | | |
| |series routers | | | |
| |for Service | | | |
| |Providers | | | |
| |(ISPs). | | | |
+---------------+----------------+-------------+------------+--------------+
| |Early | |
| |Deployment(ED) |Not Scheduled |
| 12.0T |VPN, Distributed| |
| |Director, +-----------------------------------------+
| |various |Upgrade recommended to 12.1(9) |
| |platforms | |
+---------------+----------------+-----------------------------------------+
| |Catalyst | |
| |switches | |
| |cat8510c, | |
|12.0(13)W5(19c)|cat8540c, c6msm,|Not vulnerable |
| |ls1010, | |
| |cat8510m, | |
| |cat8540m | |
+---------------+----------------+-------------+------------+--------------+
| |Catalyst | | | |
|12.0(10)W5(18g)|switches | | |12.0(18)W5(22a)
| |cat2948g, | | |2001-August-23|
| |cat4232 | | | |
+---------------+----------------+-------------+------------+--------------+
| |Catalyst | | | |
|12.0(14)W5(20) |switches | | |12.0(18)W5(22)|
| |cat5000ATM | | |2001-August-03|
+---------------+----------------+-------------+------------+--------------+
| | |Not Scheduled |
| 12.0WC | +-----------------------------------------+
| | |Upgrade to be determined |
+---------------+----------------+-----------------------------------------+
| | |Not Scheduled |
| 12.0WT |cat4840g +-----------------------------------------+
| | |Upgrade to be determined |
+---------------+----------------+-----------------------------------------+
| |Early Deployment|Not Scheduled |
| 12.0XA |(ED) limited +-----------------------------------------+
| |platforms |Upgrade recommended to 12.1(9) |
+---------------+----------------+-----------------------------------------+
| |Short-lived |Not Scheduled |
| 12.0XB |early deployment+-----------------------------------------+
| |release |Upgrade recommended to 12.1(9) |
+---------------+----------------+-----------------------------------------+
| |Early Deployment|Not Scheduled |
| 12.0XC |(ED) limited +-----------------------------------------+
| |platforms |Upgrade recommended to 12.1(9) |
+---------------+----------------+-----------------------------------------+
| |Early Deployment|Not Scheduled |
| 12.0XD |(ED) limited +-----------------------------------------+
| |platforms |Upgrade recommended to 12.1(9) |
+---------------+----------------+-----------------------------------------+
| |Early Deployment|Not Scheduled |
| 12.0XE |(ED) limited +-----------------------------------------+
| |platforms |Upgrade recommended to 12.1(8a)E |
+---------------+----------------+-----------------------------------------+
| |Early Deployment|Not Scheduled |
| 12.0XF |(ED) limited +-----------------------------------------+
| |platforms |Upgrade recommended to 12.1(9) |
+---------------+----------------+-----------------------------------------+
| |Early Deployment|Not Scheduled |
| 12.0XG |(ED) limited +-----------------------------------------+
| |platforms |Upgrade recommended to 12.1(9) |
+---------------+----------------+-----------------------------------------+
| |Early Deployment|Not Scheduled |
| 12.0XH |(ED) limited +-----------------------------------------+
| |platforms |Upgrade recommended to 12.1(9) |
+---------------+----------------+-----------------------------------------+
| |Early Deployment|Not Scheduled |
| 12.0XI |(ED) limited +-----------------------------------------+
| |platforms |Upgrade recommended to 12.1(9) |
+---------------+----------------+-----------------------------------------+
| |Early Deployment|Not Scheduled |
| 12.0XJ |(ED) limited +-----------------------------------------+
| |platforms |Upgrade recommended to 12.1(9) |
+---------------+----------------+-----------------------------------------+
| |Early Deployment|Not Scheduled |
| 12.0(5)XK |(ED) limited +-----------------------------------------+
| |platforms |Upgrade recommended to 12.1(9) |
+---------------+----------------+-----------------------------------------+
| |Early Deployment|Not Scheduled |
| 12.0(7)XK |(ED) limited +-----------------------------------------+
| |platforms |Upgrade recommended to 12.2 |
+---------------+----------------+-----------------------------------------+
| |Early Deployment|Not Scheduled |
| 12.0XL |(ED) limited +-----------------------------------------+
| |platforms |Upgrade recommended to 12.1(9) |
+---------------+----------------+-----------------------------------------+
| |Early Deployment|Not Scheduled |
| 12.0XM |(ED) limited +-----------------------------------------+
| |platforms |Upgrade recommended to 12.0(4)XM1 |
| | |Availability date to be determined |
+---------------+----------------+-----------------------------------------+
| |Early Deployment|Not Scheduled |
| 12.0XN |(ED) limited +-----------------------------------------+
| |platforms |Upgrade recommended to 12.1(9) |
+---------------+----------------+-----------------------------------------+
| |Early Deployment|Not Scheduled |
| 12.0XP |(ED) limited +-----------------------------------------+
| |platforms |Upgrade to be determined |
+---------------+----------------+-----------------------------------------+
| |Early Deployment|Not Scheduled |
| 12.0XQ |(ED) limited +-----------------------------------------+
| |platforms |Upgrade recommended to 12.1(9) |
+---------------+----------------+-----------------------------------------+
| |Early Deployment|Not Scheduled |
| 12.0XR |(ED) limited +-----------------------------------------+
| |platforms |Upgrade recommended to 12.2(1b) |
+---------------+----------------+-----------------------------------------+
| |Early Deployment|End of Engineering |
| 12.0XS |(ED) limited +-----------------------------------------+
| |platforms |Upgrade recommended to 12.1(8a)E |
+---------------+----------------+-----------------------------------------+
| |Early Deployment|Not Scheduled |
| 12.0XU |(ED) limited +-----------------------------------------+
| |platforms |Upgrade to be determined |
+---------------+----------------+-----------------------------------------+
| |Early Deployment|Not Scheduled |
| 12.0XV |(ED) limited +-----------------------------------------+
| |platforms |Upgrade to be determined |
+---------------+----------------+-------------+------------+--------------+
| 12.1-based Releases | Rebuild | Interim** | Maintenance |
+---------------+----------------+-------------+------------+--------------+
| |General | | | |
| 12.1 |deployment | | |12.1(9) |
| |release for all | | | |
| |platforms | | | |
+---------------+----------------+-------------+------------+--------------+
| 12.1AA |Dial support | | | |
+---------------+----------------+-------------+------------+--------------+
| |Core/ISP | | | |
| 12.1CX |support GSR, | | | |
| |RSP, c7200 | | | |
+---------------+----------------+-------------+------------+--------------+
| 12.1DA |xDSL support |12.1(7)DA2 | | |
| |6100, 6200 |2001-Jun-18 | | |
+---------------+----------------+-------------+------------+--------------+
| |Cisco IOS | | | |
| |Software Release| | | |
| |12.1(1)DB | | | |
| 12.1DB |supports Cisco's| | | |
| |6400 Universal | | | |
| |Access | | | |
| |Concentrator | | | |
+---------------+----------------+-------------+------------+--------------+
| |Cisco IOS | | | |
| |Software Release| | | |
| |12.1(1)DC | | | |
| 12.1DC |supports Cisco's| | | |
| |6400 Universal | | | |
| |Access | | | |
| |Concentrator | | | |
+---------------+----------------+-------------+------------+--------------+
| |Core/ISP | | | |
| 12.1E |support GSR, | | |12.1(8a)E |
| |RSP, c7200 | | |2001-Jul-09 |
+---------------+----------------+-------------+------------+--------------+
| |12.1EC is being | | | |
| |offered to allow| | | |
| |early support of| | | |
| |new features on | | | |
| |the uBR7200 | | | |
| 12.1EC |platform, as | |12.1(6.5)EC3| |
| |well as future | | | |
| |support for new | | | |
| |Universal | | | |
| |Broadband Router| | | |
| |headend | | | |
| |platforms. | | | |
+---------------+----------------+-------------+------------+--------------+
| 12.1EX |Catalyst 6000 | | |12.1(8a)E |
| |support | | |2001-Jul-09 |
+---------------+----------------+-------------+------------+--------------+
| |Cat8510c, | | | |
| 12.1EY |Cat8510m, | | |12.1(6)EY |
| |Cat8540c, | | | |
| |Cat8540m, LS1010| | | |
+---------------+----------------+-------------+------------+--------------+
| |Early Deployment| | | |
| 12.1EZ |(ED) special |12.1(6)EZ1 | | |
| |image | | | |
+---------------+----------------+-------------+------------+--------------+
| |Early | |
| |Deployment(ED) |Not Scheduled |
| 12.1T |VPN, Distributed| |
| |Director, +-----------------------------------------+
| |various |Upgrade recommended to 12.2(1b) |
| |platforms | |
+---------------+----------------+-------------+------------+--------------+
| |Early Deployment| | | |
| 12.1XA |(ED) limited | | | |
| |platforms | | | |
+---------------+----------------+-------------+------------+--------------+
| |Early Deployment| | | |
| 12.1XB |(ED) limited | | | |
| |platforms | | | |
+---------------+----------------+-------------+------------+--------------+
| |Early Deployment| | | |
| 12.1XC |(ED) limited | | | |
| |platforms | | | |
+---------------+----------------+-------------+------------+--------------+
| |Early Deployment|Not Scheduled |
| 12.1XD |(ED) limited +-----------------------------------------+
| |platforms |Upgrade recommended to 12.2(1b) |
+---------------+----------------+-------------+------------+--------------+
| |Early Deployment| | | |
| 12.1XE |(ED) limited | | | |
| |platforms | | | |
+---------------+----------------+-------------+------------+--------------+
| |Early Deployment| | | |
| 12.1XF |(ED) 811 and |12.1(2)XF4 | | |
| |813 (c800 |2001-July-09 | | |
| |images) | | | |
+---------------+----------------+-------------+------------+--------------+
| |Early Deployment| | | |
| 12.1XG |(ED) 800, 805, |12.1(5)XG5 | | |
| |820, and 1600 |2001-July-09 | | |
+---------------+----------------+-------------+------------+--------------+
| |Early Deployment|Not Scheduled |
| 12.1XH |(ED) limited +-----------------------------------------+
| |platforms |Upgrade recommended to 12.2(1b) |
+---------------+----------------+-----------------------------------------+
| |Early Deployment|Not Scheduled |
| 12.1XI |(ED) limited +-----------------------------------------+
| |platforms |Upgrade recommended to 12.2(1b) |
+---------------+----------------+-----------------------------------------+
| |Early Deployment|Not Scheduled |
| 12.1XJ |(ED) limited +-----------------------------------------+
| |platforms |Upgrade recommended to 12.1(5)YB4 |
+---------------+----------------+-------------+------------+--------------+
| |Early Deployment| | | |
| 12.1XK |(ED) limited | | | |
| |platforms | | | |
+---------------+----------------+-------------+------------+--------------+
| |Early Deployment|Not Scheduled |
| 12.1XL |(ED) limited +-----------------------------------------+
| |platforms |Upgrade recommended to 12.2(1b) |
+---------------+----------------+-------------+------------+--------------+
| |Short-lived | | | |
| 12.1XM |early deployment|12.1(4)XM4 | | |
| |release |2001-June-27 | | |
+---------------+----------------+-------------+------------+--------------+
| |Early Deployment| | | |
| 12.1XP |(ED) 1700 and |12.1(3)XP4 | | |
| |SOHO | | | |
+---------------+----------------+-------------+------------+--------------+
| |Short-lived |Not Scheduled |
| 12.1XQ |early deployment+-----------------------------------------+
| |release |Upgrade recommended to 12.2(1b) |
+---------------+----------------+-------------+------------+--------------+
| |Short-lived | | | |
| 12.1XR |early deployment|12.1(5)XR2 | | |
| |release | | | |
+---------------+----------------+-------------+------------+--------------+
| |Short-lived | | | |
| 12.1XS |early deployment| | | |
| |release | | | |
+---------------+----------------+-------------+------------+--------------+
| |Early Deployment| | | |
| 12.1XT |(ED) 1700 |12.1(3)XT3 | | |
| |series | | | |
+---------------+----------------+-------------+------------+--------------+
| |Early Deployment| | | |
| 12.1XU |(ED) limited |12.1(5)XU1 | | |
| |platforms | | | |
+---------------+----------------+-------------+------------+--------------+
| |Short-lived | | | |
| 12.1XV |early deployment|12.1(5)XV3 | | |
| |release |2001-July | | |
+---------------+----------------+-------------+------------+--------------+
| |Short-lived |Not Scheduled |
| 12.1XW |early deployment+-----------------------------------------+
| |release |Upgrade recommended to 12.2DD |
+---------------+----------------+-------------+------------+--------------+
| |Short-lived | | | |
| 12.1XX |early deployment| | |12.1(6)EZ |
| |release | | | |
+---------------+----------------+-------------+------------+--------------+
| |Short-lived | | | |
| 12.1XY |early deployment|12.1(5)XY6 | | |
| |release |2001-July | | |
+---------------+----------------+-------------+------------+--------------+
| |Short-lived | | | |
| 12.1XZ |early deployment|12.1(5)XZ4 | | |
| |release |2001-July | | |
+---------------+----------------+-------------+------------+--------------+
| |Short-lived | | | |
| 12.1YA |early deployment| | | |
| |release | | | |
+---------------+----------------+-------------+------------+--------------+
| |Short-lived | | | |
| 12.1YB |early deployment|12.1(5)YB4 | | |
| |release | | | |
+---------------+----------------+-------------+------------+--------------+
| |Short-lived | | | |
| 12.1YC |early deployment|12.1(5)YC1 | | |
| |release | | | |
+---------------+----------------+-------------+------------+--------------+
| |Short-lived | | | |
| 12.1YD |early deployment|12.1(5)YD2 | | |
| |release |2001-June-25 | | |
+---------------+----------------+-------------+------------+--------------+
| |Short-lived | | | |
| 12.1YF |early deployment|12.1(5)YF2 | | |
| |release | | | |
+---------------+----------------+-------------+------------+--------------+
| 12.2-based Releases | Rebuild | Interim** | Maintenance |
+---------------+----------------+-------------+------------+--------------+
| |General | | | |
| 12.2 |deployment |12.2(1b) |12.2(1.1) |12.2(3) |
| |release for all | | |2001-August |
| |platforms | | | |
+---------------+----------------+-------------+------------+--------------+
| |General | | | |
| 12.2T |deployment | |12.2(2.2)T | |
| |release for all | | | |
| |platforms | | | |
+---------------+----------------+-------------+------------+--------------+
| 12.2XA |SPLOB | | |12.2(2)XA |
| | | | |2001-July-02 |
+---------------+----------------+-------------+------------+--------------+
| |Short-lived | | | |
| 12.2XD |early deployment|12.2(1)XD1 | | |
| |release | | | |
+---------------+----------------+-------------+------------+--------------+
| |Short-lived | | | |
| 12.2XE |early deployment| | |12.2(1)XE |
| |release | | | |
+---------------+----------------+-------------+------------+--------------+
| |Short-lived | | | |
| 12.2XH |early deployment| | |12.2(1)XH |
| |release | | |2001-June-25 |
+---------------+----------------+-------------+------------+--------------+
| |Short-lived | | | |
| 12.2XQ |early deployment| | |12.2(1)XQ |
| |release | | |2001-June-23 |
+---------------+----------------+-------------+------------+--------------+
| Notes |
+--------------------------------------------------------------------------+
| * All dates are estimated and subject to change. |
| |
| ** Interim releases are subjected to less rigorous testing than regular |
| maintenance releases, and may have serious bugs. |
+--------------------------------------------------------------------------+
Obtaining Fixed Software
Cisco is offering free software upgrades to eliminate this
vulnerability for all affected customers.
Customers with contracts should obtain upgraded software through their
regular update channels. For most customers, this means that upgrades
should be obtained through the Software Center on Cisco's Worldwide
Web site at http://www.cisco.com. Please do not contact either
"psirt@cisco.com" or "security-alert@cisco.com" for software upgrades.
Workarounds
The workaround for this vulnerability is to disable HTTP server on the
router or to use TACACS+ or Radius for authentication.
To disable HTTP server, use the following commands:
Router# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)# no ip http server
In order to configure TACACS+ or Radius for authentication please
consult the following link
http://www.cisco.com/warp/public/480/tacplus.shtml
Exploitation and Public Announcements
This vulnerability has been reported to us independently by David
Hyams, Ernst & Young, Switzerland and by Bashis (bash@ns.wcd.se).
The Cisco PSIRT has received no reports of malicious exploitation of
this vulnerability and we are not aware of any public discussion.
Status of This Notice: INTERIM
This is an interim security advisory. Cisco anticipates issuing
updated versions of this notice at irregular intervals as there are
material changes in the facts, and will continue to update this notice
as necessary. The reader is warned that this notice may contain
inaccurate or incomplete information. Although Cisco cannot guarantee
the accuracy of all statements in this notice, all of the facts have
been checked to the best of our ability. Cisco anticipates issuing
monthly updates of this notice until it reaches FINAL status.
A standalone copy or paraphrase of the text of this security advisory
that omits the distribution URL in the following section is an
uncontrolled copy, and may lack important information or contain
factual errors.
Distribution
This notice will be posted on Cisco's Worldwide Web site at
http://www.cisco.com/warp/public/707/IOS-httplevel-pub.html. In
addition to Worldwide Web posting, a text version of this notice is
clear-signed with the Cisco PSIRT PGP key and is posted to the
following e-mail and Usenet news recipients:
* cust-security-announce@cisco.com
* bugtraq@securityfocus.com
* first-teams@first.org (includes CERT/CC)
* cisco@spot.colorado.edu
* comp.dcom.sys.cisco
* firewalls@lists.gnac.com
* Various internal Cisco mailing lists
Future updates of this notice, if any, will be placed on Cisco's
Worldwide Web server, but may or may not be actively announced on
mailing lists or newsgroups. Users concerned about this problem are
encouraged to check the URL given above for any updates.
Revision History
Revision 1.0 2001-June-27 08:00 UTC -0800 Initial public release
Cisco Security Procedures
Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and
registering to receive security information from Cisco, is available
on Cisco's Worldwide Web site at
http://www.cisco.com/warp/public/707/sec_incident_response.shtml.
This includes instructions for press inquiries regarding Cisco
security notices.
_________________________________________________________________
This notice is Copyright 2000 by Cisco Systems, Inc. This notice may
be redistributed freely after the release date given at the top of the
text, provided that redistributed copies are complete and unmodified,
and include all date and version information.
_________________________________________________________________
- -----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQEVAwUBOzn11WiN3BRdFxkbAQEwYwf/V48sYQX3IhLJFSBJacx0OJFXuVYRcvcR
uzg6L+0gSCMcD8N1he07/lLN1B6NoM95nqZ6Mq4duedBUDRj3JgY1452/yNDUnSW
l0E8B+sxqod0P5RChpilOQvrw2z7JGySxaS4b2KHzmIME1qqa2qvGZBkRQNUZH+5
9ws/PLg/xyG1mI2321I5te5gxAtDk0cpzkOBGeYX9+REYmvQVuz6QJZceDUyx/NT
4j8Va1u0ZvRe36D6KJA+Dj4Tl7MY9OeKukoW4g0ZctsEWFh28e8E40vChJQhlCXA
sVkxbZ8KYTnF5BeIYBhwkZ1PwMRAY+MLD7KOyxvtbn2w+NZD/TNURQ==
=QO5F
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to use any or all of this information is
the responsibility of each user or organisation, and should be done so in
accordance with site policies and procedures.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the original authors to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/Information/advisories.html
If you believe that your system has been compromised, contact AusCERT or
your representative in FIRST (Forum of Incident Response and Security
Teams).
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for emergencies.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
Comment: ftp://ftp.auscert.org.au/pub/auscert/AUSCERT_PGP.key
iQCVAwUBOzsT1Ch9+71yA2DNAQEomwP8CaILj0zAwJ9TeWV05J4VNyRsVxgreFQi
HGO8o8SJq/EAPjvvztIj2qbAJV5PQNOJoQx6agPY4rx+TrKet6WLDZVdTHy4oz6m
y2TRfQdQ2Ikz0pKeT1oOFjqYRNa0V7sqmYyPhekQox6imozarNCAjfSvSndw2N5/
hNIQ2ypFxKA=
=L+E+
-----END PGP SIGNATURE-----