The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


Cisco Systems - Vulnerability in CDP


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
Date: Tue, 09 Oct 2001 15:27:40 +0100
From: Damir Rajnovic <gaus@cisco.com.>
To: [email protected]
Subject: Cisco Systems - Vulnerability in CDP
Cc: [email protected], [email protected]

-----BEGIN PGP SIGNED MESSAGE-----

This is not a Cisco security advisory.

There is a vulnerability in how Cisco routers are handling CDP. 
By sending a large amount of CDP neighbor announcements it is
possible to consume all available router's memory. That will cause
a crash or some other abnormal behavior. This vulnerability is 
assigned a Cisco bug ID CSCdu09909. You can see details of it 
if you have a valid CCO account. This vulnerability was 
discovered by [email protected]

In order to trigger this vulnerability an attacker must be on the same
segment as the target router. This vulnerability can not be exploited
over the Internet unless an attacker has a helper program already
planted on the internal network.

The workaround for this vulnerability is to disable CDP. In order to
disable CDP for the whole router execute the following global command:

  Router# configure terminal
  Enter configuration commands, one per line.  End with CNTL/Z.
  Router(config)# no cdp run

Alternatively, CDP can be disabled on a particular interface. This
can be done using the following commands:

  Router# configure terminal
  Enter configuration commands, one per line.  End with CNTL/Z.
  Router(config)# interface Ethernet0
  Router(config-if)# no cdp enable

In this particular case we advise all customers to disable CDP for
the whole router.

This vulnerability has ben fixed in the following interim images:

12.2(3.6)B
12.2(4.1)S
12.2(3.6)PB
12.2(3.6)T
12.1(10.1)
12.2(3.6)

All higher IOS releases should contain this fix.

Please note that interim images are built at regular intervals between 
maintenance releases and receives less testing. Interims should be selected 
only if there is no other suitable release that addresses the vulnerability,
and interim images should be upgraded to the next available maintenance 
release as soon as possible. Interim releases are not available via 
manufacturing, and usually they are not available for customer
download from CCO without prior arrangement with the Cisco TAC. 

We would like to thank Phenoelit on his co-operation on this issue.

Gaus

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.3

iQEVAwUBO8MJHg/VLJ+budTTAQGpxAgAydE4X125IB9yzCb+uEExB9PjMpfLrRfH
ONbLmUfLi242ubhqb8kfOc+gGziB3YuNJck+N5YPcdT7ql0jpPOpltVQdoevNFBD
AhCZT1Eyp/Fi7npv5BDsX/Y4Jd1yTYjGUEIbZJLFJ2lFL9ip4z+bEFYfQ+Bdy0zt
7k8YckcJt2qxOnhGEZaU5tZMzP/Sc3NysZbUOmlCyI1t1cLocKzd81SC/LNsWyDF
Rac/7ZFb8LrvNQxVLt3d1/7jpVtuYFgXDdZhDOwaXem1T5r430AYE9hTRLwUwUE5
U6Sq6kdEjJyGkX3Tqwb/+/g5ERGkrwBtR95eiV13Kw8i2ehqlQ1rNQ==
=2DU0
-----END PGP SIGNATURE-----
==============
Damir Rajnovic <psirt@cisco.com.>, PSIRT Incident Manager, Cisco Systems
<http://www.cisco.com/warp/public/707/sec_incident_response.shtml>;
Phone: +44 7715 546 033
4 The Square, Stockley Park, Uxbridge, MIDDLESEX UB11 1BN, GB
==============
There is no insolvable problems. Question remains: can you 
accept the solution? 


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру