-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2011.0803
Cisco Security Response: Infected Cisco Information Packet and Warranty CDs
                               4 August 2011

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:          Cisco Warranty CDs
Publisher:        Cisco Systems
Operating System: UNIX variants (UNIX, Linux, OSX)
                  Windows
                  Cisco
Impact/Access:    Execute Arbitrary Code/Commands -- Console/Physical
Resolution:       Mitigation

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Cisco Security Response: Infected Cisco Information Packet and
Warranty CDs


For Public Release 2011 August 03 1600 UTC (GMT)

+---------------------------------------------------------------------

Cisco Response
==============

In the period of December 2010 until August 2011, Cisco shipped
warranty CDs that contain a reference to a third-party website known
to be a malware repository. When the CD is opened with a web browser,
it automatically and without warning accesses this third-party
website. Additionally, on computers where the operating system is
configured to automatically open inserted media, the computer's
default web browser will access the third-party site when the CD is
inserted, without requiring any further action by the user.

To the best of our knowledge, starting from December 2010 until the
time of this document's publication on August 3, 2011, customers were
never in a position to have their computer compromised by using the
CDs provided by Cisco. Additionally, the third-party site in question
is currently inactive as a malware repository, so customers are not
in immediate danger of having their computers compromised. However,
if this third-party web site would become active as a malware
repository again, there is a potential that users could infect their
operating system by opening the CD with their web browser.

All warranty CDs printed with "Revision -F0" (or later) do not
contain references to the third-party website and do not introduce a
potential to compromise customers' computers.

This response is posted at:

http://www.cisco.com/warp/public/707/cisco-sr-20110803-cd.shtml

Additional Information
======================

In addition to the content described in the following table, all CDs
contain Cisco Information Packet - Cisco Limited Warranty, Disclaimer
of Warranty, End User License Agreement, and US FCC Notice. The
following Cisco CDs are affected:

+-------------------------------------------------------------------+
| CD Part      | Title                                              |
| Number       |                                                    |
|--------------+----------------------------------------------------|
| 80-8937-01D0 | Cisco 1-Year Limited Hardware Warranty Terms       |
| 80-8937-01E0 |                                                    |
|--------------+----------------------------------------------------|
| 80-8938-01D0 | Cisco Limited 5-Year Hardware and 1-Year Software  |
| 80-8938-01E0 | Warranty Terms                                     |
|--------------+----------------------------------------------------|
| 80-8939-01D0 | Cisco 90-Day Limited Hardware Warranty Terms       |
| 80-8939-01E0 |                                                    |
|--------------+----------------------------------------------------|
| 80-8940-01D0 | Cisco Information Packet - Cisco Limited Warranty, |
| 80-8940-01E0 | Disclaimer of Warranty, End User License           |
|              | Agreement, and US FCC Notice                       |
|--------------+----------------------------------------------------|
| 80-8941-01D0 | Cisco Limited Lifetime Hardware Warranty Terms     |
| 80-8941-01E0 |                                                    |
|--------------+----------------------------------------------------|
| 80-8943-01D0 | End User License Agreement                         |
| 80-8943-01E0 |                                                    |
+-------------------------------------------------------------------+

Note: CDs shipped prior to August 2011 do not contain revision
information (such as "-D0" and "-E0" as listed in the preceding table
of affected part numbers).

Although there are no distinguishable markings on the CDs, all
warranty CDs shipped in the period of December 2010 through August
2011 do contain a reference to the third-party site. Warranty CDs
shipped in August 2011 will have their revision designator printed on
them in the form "Revision -X0", where X is a letter denoting the CD
revision. Warranty CDs with the revision "-F0" or later do not
contain a reference to the third-party website.

All information present on the CDs is available on the Cisco
worldwide website. Customers are encouraged to use these links for
the most up-to-date information. The following table indicates where
the latest content of each CD is located on the Cisco worldwide
website.

+-------------------------------------------------------------------+
| Cisco 1-Year Limited Hardware Warranty Terms (80-8937-01D0,       |
| 80-8937-01E0)                                                     |
|-------------------------------------------------------------------|
|                             | http://www.cisco.com/en/US/docs/    |
| Cisco Information Packet    | general/warranty/English/           |
|                             | SL3DEN__.html                       |
|-----------------------------+-------------------------------------|
|                             | http://www.cisco.com/en/US/docs/    |
|                             | general/warranty/English/           |
| Cisco 1-Year Limited        | 1Y1DEN__.html (English)             |
| Hardware Warranty Terms     |                                     |
|                             | http://www.cisco.com/web/CA/        |
|                             | products/warranty/1y1den_fr.html    |
|                             | (French)                            |
|-------------------------------------------------------------------|
| Cisco Limited 5-Year Hardware and 1-Year Software Warranty Terms  |
| (80-8938-01D0, 80-8938-01E0)                                      |
|-------------------------------------------------------------------|
|                             | http://www.cisco.com/en/US/docs/    |
| Cisco Information Packet    | general/warranty/English/           |
|                             | SL3DEN__.html                       |
|-----------------------------+-------------------------------------|
|                             | http://www.cisco.com/en/US/docs/    |
|                             | general/warranty/English/           |
| Cisco Limited 5-Year        | 511DEN__.html (English)             |
| Hardware and 1-Year         |                                     |
| Software Warranty Terms     | http://www.cisco.com/web/CA/        |
|                             | products/warranty/511den_fr.html    |
|                             | (French)                            |
|-------------------------------------------------------------------|
| Cisco 90-Day Limited Hardware Warranty Terms (80-8939-01D0,       |
| 80-8939-01E0)                                                     |
|-------------------------------------------------------------------|
|                             | http://www.cisco.com/en/US/docs/    |
| Cisco Information Packet    | general/warranty/English/           |
|                             | SL3DEN__.html                       |
|-----------------------------+-------------------------------------|
|                             | http://www.cisco.com/en/US/docs/    |
|                             | general/warranty/English/           |
|                             | 901DEN__.html (English)             |
| Cisco 90-Day Limited        |                                     |
| Hardware Warranty Terms     | http://www.cisco.com/web/CA/        |
|                             | products/warranty/                  |
|                             | 901DEN__78-19458-01_fr.html         |
|                             | (French)                            |
|-------------------------------------------------------------------|
| Cisco Information Packet - Cisco Limited Warranty, Disclaimer of  |
| Warranty, End User License Agreement, and US FCC Notice           |
| (80-8940-01D0, 80-8940-01E0)                                      |
|-------------------------------------------------------------------|
|                             | http://www.cisco.com/en/US/docs/    |
|                             | general/warranty/English/           |
|                             | SL3DEN__.html (English)             |
| Cisco Information Packet    |                                     |
|                             | http://www.cisco.com/web/CA/        |
|                             | products/warranty/sl3den_fr.html    |
|                             | (French)                            |
|-------------------------------------------------------------------|
| Cisco Limited Lifetime Hardware Warranty Terms (80-8941-01D0,     |
| 80-8941-01E0)                                                     |
|-------------------------------------------------------------------|
|                             | http://www.cisco.com/en/US/docs/    |
| Cisco Information Packet    | general/warranty/English/           |
|                             | SL3DEN__.html                       |
|-----------------------------+-------------------------------------|
|                             | http://www.cisco.com/en/US/docs/    |
|                             | general/warranty/English/           |
| Cisco Limited Lifetime      | LH2DEN__.html (English)             |
| Hardware Warranty Terms     |                                     |
|                             | http://www.cisco.com/web/CA/        |
|                             | products/warranty/lh2den_fr.html    |
|                             | (French)                            |
|-------------------------------------------------------------------|
| End User License Agreement (80-8943-01D0, 80-8943-01E0)           |
|-------------------------------------------------------------------|
|                             | http://www.cisco.com/en/US/docs/    |
|                             | general/warranty/English/           |
| Cisco Limited Lifetime      | EU1KEN_.html (English)              |
| Hardware Warranty Terms     |                                     |
|                             | http://www.cisco.com/web/CA/        |
|                             | products/warranty/                  |
|                             | eula_78-3621-01Q0_fr.html (French)  |
+-------------------------------------------------------------------+

In addition to obtaining information from the Cisco website,
customers can also download ISO images of a CD from the Cisco
website. Customers can create a CD from its ISO image file using
build-in operating system capabilities or CD creation applications.

The following table provides direct URLs to compressed ISO images of
all affected CDs. These ISO images will be available for download
until December 2011. After that time these images will be withdrawn
and customers can obtain the information from the Cisco website as
per the preceding table.

+---------------------------------------------------------------------------+
| CD Part      | Title                   | MD5 Hash                         |
| Number       |                         |                                  |
|--------------+-------------------------+----------------------------------|
|              | Cisco 1-Year Limited    |                                  |
|              | Hardware Warranty Terms |                                  |
|              |                         |                                  |
| 80-8937-01F0 | http://www.cisco.com/   | a5700620c53228976eda052760423952 |
|              | web/about/security/     |                                  |
|              | psirt/                  |                                  |
|              | CSCO_1YR_LICWR-F0.zip   |                                  |
|--------------+-------------------------+----------------------------------|
|              | Cisco Limited 5-Year    |                                  |
|              | Hardware and 1-Year     |                                  |
|              | Software Warranty Terms |                                  |
| 80-8938-01F0 |                         | 30ffaa2424a21b981e94ed7247f9d9de |
|              | http://www.cisco.com/   |                                  |
|              | web/about/security/     |                                  |
|              | psirt/                  |                                  |
|              | CSCO_5_1YR_LICWR-F0.zip |                                  |
|--------------+-------------------------+----------------------------------|
|              | Cisco 90-Day Limited    |                                  |
|              | Hardware Warranty Terms |                                  |
|              |                         |                                  |
| 80-8939-01F0 | http://www.cisco.com/   | 9f1eb13e8abb4a55a1d72b6dc1896ad1 |
|              | web/about/security/     |                                  |
|              | psirt/                  |                                  |
|              | CSCO_90DY_LICWR-F0.zip  |                                  |
|--------------+-------------------------+----------------------------------|
|              | Cisco Information       |                                  |
|              | Packet - Cisco Limited  |                                  |
|              | Warranty, Disclaimer of |                                  |
|              | Warranty, End User      |                                  |
|              | License Agreement, and  |                                  |
| 80-8940-01F0 | US FCC Notice           | 2f750286c4bf8ea5d33970f266485b4f |
|              |                         |                                  |
|              | http://www.cisco.com/   |                                  |
|              | web/about/security/     |                                  |
|              | psirt/                  |                                  |
|              | CSO_CIP_LICWAR-F0.zip   |                                  |
|--------------+-------------------------+----------------------------------|
|              | Cisco Limited Lifetime  |                                  |
|              | Hardware Warranty Terms |                                  |
|              |                         |                                  |
| 80-8941-01F0 | http://www.cisco.com/   | c4c462f93b9afe8be09bf654450e3015 |
|              | web/about/security/     |                                  |
|              | psirt/                  |                                  |
|              | CSO_LTD_LICWAR-F0.zip   |                                  |
|--------------+-------------------------+----------------------------------|
|              | End User License        |                                  |
|              | Agreement               |                                  |
|              |                         |                                  |
| 80-8943-01F0 | http://www.cisco.com/   | 57ededc8d4e8caa60e57bebdb5d19d8e |
|              | web/about/security/     |                                  |
|              | psirt/                  |                                  |
|              | CSO_EULA_LICWAR-F0.zip  |                                  |
+---------------------------------------------------------------------------+

Status of this Notice: FINAL
============================

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY
KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS
AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS
DOCUMENT AT ANY TIME.

A stand-alone copy or Paraphrase of the text of this document that
omits the distribution URL in the following section is an
uncontrolled copy, and may lack important information or contain
factual errors.

Revision History
================

+---------------------------------------+
| Revision |            | Initial       |
| 1.0      | 2011-08-03 | public        |
|          |            | release.      |
+---------------------------------------+

Cisco Security Procedures
=========================

Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and
registering to receive security information from Cisco, is available
on Cisco's worldwide website at:

http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

This includes instructions for press inquiries regarding Cisco security
notices. All Cisco security advisories are available at:

http://www.cisco.com/go/psirt
- -----BEGIN PGP SIGNATURE-----

iFcDBQFOOWcHQXnnBKKRMNARCF9uAPwMQZ6ZtwHqGXVV9nhE2Hc45MTZxHFiwfkj
/iWN4IONOwEAgiYi9x8SuVIf0z/d/SPSb9eNhydphIE5RyvWAi7mgxI=
=gmFn
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBTjnlHu4yVqjM2NGpAQIPow//QmdOHHiTNj1bszFyMS/a4ZpjnsZDYIzZ
Mz92gaAi0s5Z4gKzy+PHhz2KeQ70LRdg6MljDKL8bq44bTeWbd6NZDPwzfhzHvgO
65iYQh6Sdy+B2qYuEtvrySeNB1W15MoNDI5eJkpKlT9BJP14/BCxj5gF+G5jaDQX
P9Qdscr8OxLIHm3cdlcdBHUTiJmi7SlKSfHpp8SsqpU+3pjMhrcIFvDogLa0WYCG
DCyInJm8MkInPjUFrGuKr7jTjBzc+EX60+ljcKg4LIotaAAEWSAIce8UUYyOlvNd
1wEyQn/ad3nf9ICpTue64PTNAclwYxzF3K6ty0GiCDQUh9CCHip1wOonZ6i/eEru
xlfitB2y7yif8uztxj8//Pqb5uNXvWEzfVxeGstDB/DhD7rzBYV088AwQet57FbN
t3/p48BV+BBFCyUBfNuH3cSRsmeqLNSjgRUgrdAW2Hi1y8fWnbSigevphPCXoNAT
LGmsPT5jVmrK3M9WmNthNa4NsTINCA6AcWbmR7oKjd423WeMrdSi2YEArYQTrznK
QdNYDzvo/27Y3f6yD289AsTgr1JukXVRfUJRZbOEua9NbPv4YZHBy1ZeeP9cWvbk
vnpIytXLCu4kH5gWxpuQs+VHsebvkSgTX9QH5g4tOyjr2dArFgMswcEb4jwCR+p6
ablFnUOV+8M=
=xkLN
-----END PGP SIGNATURE-----