Published:
28 March 2004
Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2004.0234 -- Cisco Security Advisory Exploit for Multiple Cisco Vulnerabilities Released 29 March 2004 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Various Publisher: Cisco Systems Impact: Denial of Service Administrator Compromise Access Required: Remote Ref: ESB-2000.398 ESB-2001.362 ESB-2000.312 ESB-2001.304 ESB-2001.263 ESB-2002.242 Comment: Proof-of-concept code has been publicly released that exploits multiple previous vulnerabilities in various Cisco products. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Proof-of-concept code has been publicly released that exploits multiple previous vulnerabilities in various Cisco products. The following list of vulnerabilities taken verbatim from the exploit code are affected. Included after each is a URL which may be referenced for more information regarding each vulnerability where Cisco has previously released a security advisory or response to address the issue. Customers should take steps to ensure that they have addressed each of these either via a software upgrade or workarounds in place as appropriate in order to mitigate any risk from this new exploit code. [1] - Cisco 677/678 Telnet Buffer Overflow Vulnerability CBOS - Improving Resilience to Denial-of-Service Attacks http://www.cisco.com/warp/public/707/CBOS-DoS.shtml [2] - Cisco IOS Router Denial of Service Vulnerability Cisco IOS HTTP Server Vulnerability http://www.cisco.com/warp/public/707/ioshttpserver-pub.shtml [3] - Cisco IOS HTTP Auth Vulnerability IOS HTTP Authorization Vulnerability http://www.cisco.com/warp/public/707/IOS-httplevel-pub.html [4] - Cisco IOS HTTP Configuration Arbitrary Administrative Access Vulnerability IOS HTTP Authorization Vulnerability http://www.cisco.com/warp/public/707/IOS-httplevel-pub.html [5] - Cisco Catalyst SSH Protocol Mismatch Denial of Service Vulnerability Cisco Catalyst SSH Protocol Mismatch Vulnerability http://www.cisco.com/warp/public/707/catalyst-ssh-protocolmismatch-pub.shtml [6] - Cisco 675 Web Administration Denial of Service Vulnerability Cisco is currently researching this vulnerability further. Mitigation methods have been available for some time such as setting the web server to listen on a different port: "Code Red" Worm - Customer Impact http://www.cisco.com/warp/public/707/cisco-code-red-worm-pub.shtml#workarounds and through bugs resolved in the following advisory where the webserver under Cisco CBOS was enabled by default and listening on port 80 even when the web server was not configured. CBOS Web-based Configuration Utility Vulnerability http://www.cisco.com/warp/public/707/cisco-cbos-webserver-pub.shtml [7] - Cisco Catalyst 3500 XL Remote Arbitrary Command Vulnerability Catalyst 3500 Issue Report: http://www.securityfocus.com/archive/1/141471 Cisco Response: http://www.securityfocus.com/archive/1/144655 [8] - Cisco IOS Software HTTP Request Denial of Service Vulnerability Cisco IOS HTTP Server Query Vulnerability http://www.cisco.com/warp/public/707/ioshttpserverquery-pub.shtml [9] - Cisco 514 UDP Flood Denial of Service Vulnerability A Vulnerability in IOS Firewall Feature Set http://www.cisco.com/warp/public/707/IOS-cbac-dynacl-pub.shtml This issue regarding the publication of new exploit code was first reported to Cisco by the NCC/Telecom-ISAC who also contributed to the content of this notice. - -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.2 iQA/AwUBQGSDg3sxqM8ytrWQEQLD0QCeMqpkXFBUEfZfGKZUCO0zNSzyOgYAoK3f kgGyWJb/UaRTyvwbP4blfLtN =oGRt - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQCVAwUBQGe+1yh9+71yA2DNAQIdEQP/UCTbL+AxLx01ZmxSvvpR7X6ewqlHs8XB TwoHVMCQkq7bKDo7mAgVo+W207DRYtcp/1Z6fKLZfLejsxvJwTGiJkUAwpFl12dd 6A6WMEWDy77iTjxQWZRDIXEW9rVazLJvmU4Il9l8jx0UjspVyUDwWghV7hhL/yhh sZiI6IBkcZQ= =5nSU -----END PGP SIGNATURE-----