Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2003.0529 -- Cisco Security Notice Data Leak in UDP Echo Service 01 August 2003 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: IOS Publisher: Cisco Systems Impact: Access Privileged Data Access Required: Remote - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Data Leak in UDP Echo Service Revision 1.0 Description =========== If the udp-small-servers command is enabled, a Cisco IOS® software device may reply to malformed udp echo packets with some of the contents stored in a router's memory. By repeatedly sending malformed udp echo packets and capturing the replies, an attacker can obtain portions of the data that is stored in a router's memory. Workarounds are available to mitigate the effects. Fixed Software ============== This vulnerability has been fixed by the Cisco Bug ID CSCdk77834. Below are the first Cisco IOS software releases that are not affected by this vulnerability: * 12.0(3.2) * 12.0(3.3)S * 12.0(3.4)T * 12.0(3.6)W5(9.0.5) 12.1, 12.2, and 12.3-based images are not affected. Workaround ========== The workaround is to disable udp-small-services. The syntax for this command on routers and switches running Cisco IOS software is as follows: no service udp-small-servers The udp-small-servers command is disabled by default since Cisco IOS Software Release 11.2(1). It is always recommended to disable unnecessary services on routers and switches. Refer to Improving Security on Cisco Routers (http://www.cisco.com/warp/public/707/21.html#possibly_unnecessary) for more information on improving router security. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE/KZn9ezGozzK2tZARAm88AKDDEOepms5pWBGS8+O2GSbJiBVWJwCgt1yh 4uQb39onkchAFo7TiLWfgdw= =P/VN - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to firstname.lastname@example.org and we will forward your request to the appropriate person. This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 Internet Email: email@example.com Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQCVAwUBPynltCh9+71yA2DNAQFhDAP+NIf02/dCn7Y9Mdc2Gd6lim6K4InzAR6T 77CmMsYY4QOzduU2oJD3ckIvhABGy8GwDIDQ3GZ3lP5v+QVvb9UB5pQfODHNE081 RPjNyd5gzVxiKPCNuUni5ljcuerpLur3Wtge+ytnROfdjyZqrK4mQLcv5Bwp8wdO DOjX2WRmpAs= =mfnv -----END PGP SIGNATURE-----