102 lines
3.8 KiB
Plaintext
102 lines
3.8 KiB
Plaintext
|
|
-----BEGIN PGP SIGNED MESSAGE-----
|
|
|
|
===============================================================================
|
|
CA-93:07 CERT Advisory
|
|
April 22, 1993
|
|
Cisco Router Packet Handling Vulnerability
|
|
- -----------------------------------------------------------------------------
|
|
|
|
The CERT Coordination Center has received information indicating that under
|
|
some circumstances Cisco routers will pass IP source routed packets which
|
|
should have been denied. Routers which do not use the "no ip source-route"
|
|
command are not affected. This vulnerability applies to all models of Cisco
|
|
routers. This problem occurs with the following releases of software: 8.2,
|
|
8.3, 9.0, 9.1 and 9.17.
|
|
|
|
Cisco Systems and CERT recommend that sites using Cisco routers to provide
|
|
firewall protection take action to eliminate this vulnerability from their
|
|
networks.
|
|
|
|
This security issue is fixed in Cisco software releases 8.3(7.2), 9.0(5),
|
|
9.1(4) 9.17(2.1) and in all later releases. Customers who are using software
|
|
release 8.2 must upgrade to a later release and should contact Cisco's
|
|
Technical Assistance Center (TAC) at 800-553-2447 (Internet: tac@cisco.com)
|
|
for more information.
|
|
|
|
Cisco recommends that customers whose routers may be affected by this
|
|
vulnerability upgrade their software to the following versions:
|
|
|
|
Release (Update)
|
|
8.3 (8)
|
|
9.0 (5)
|
|
9.1 (4)
|
|
9.17 (3)
|
|
|
|
These releases are available on Cisco's Customer Information On-Line (CIO)
|
|
service for those customers having a maintenance contract. Other customers
|
|
may obtain these releases through Cisco's Technical Assistance Center or
|
|
by contacting their local Cisco distributor.
|
|
|
|
- -----------------------------------------------------------------------------
|
|
|
|
I. Description
|
|
|
|
A vulnerability exists in Cisco routers such that a router which
|
|
is configured to suppress source routed packets with the following
|
|
command:
|
|
|
|
no ip source-route
|
|
|
|
may allow traffic which should be suppressed.
|
|
|
|
II. Impact
|
|
|
|
This vulnerability can allow unauthorized traffic to pass through
|
|
the router/gateway.
|
|
|
|
III. Solution
|
|
|
|
Cisco recommends that affected customers upgrade to a later version.
|
|
Customers who cannot upgrade immediately may be able use access lists
|
|
to prevent unauthorized traffic.
|
|
|
|
Customers who have questions should contact the Cisco Technical
|
|
Assistance Center at 800-553-2447 for assistance. Internet:
|
|
tac@cisco.com
|
|
|
|
- ---------------------------------------------------------------------------
|
|
The CERT Coordination Center wishes to thank Cisco Systems for responding
|
|
to this problem.
|
|
- ---------------------------------------------------------------------------
|
|
|
|
If you believe that your system has been compromised, contact the CERT
|
|
Coordination Center or your representative in FIRST (Forum of Incident
|
|
Response and Security Teams).
|
|
|
|
Internet E-mail: cert@cert.org
|
|
Telephone: 412-268-7090 (24-hour hotline)
|
|
CERT personnel answer 8:30 a.m.-5:00 p.m. EST(GMT-5)/EDT(GMT-4),
|
|
and are on call for emergencies during other hours.
|
|
|
|
CERT Coordination Center
|
|
Software Engineering Institute
|
|
Carnegie Mellon University
|
|
Pittsburgh, PA 15213-3890
|
|
|
|
Past advisories, information about FIRST representatives, and other
|
|
information related to computer security are available for anonymous FTP
|
|
from cert.org (192.88.209.5).
|
|
|
|
|
|
-----BEGIN PGP SIGNATURE-----
|
|
Version: 2.6.2
|
|
|
|
iQCVAwUBMaMxLXVP+x0t4w7BAQGXWQP+N5ZtvBIROzN4KdLUNfxL8swx7jHpRvbp
|
|
uNulOwQ7KAIi6D20FvEdJ14XKOQPi5UVmPBEUwwAiD8XltAK4+BkdhoJrqVqLAau
|
|
i8A/4UP5MnTWKnGgSgMWb3Si/EXFKD2Z7imWnEPK8Tah42Omj5em4PA8UAN632sr
|
|
MlwGuIAfTi4=
|
|
=ZdlI
|
|
-----END PGP SIGNATURE-----
|
|
|