Date: Wed, 18 Sep 2002 09:00:00 -0700 (PDT)
From: Cisco Systems Product Security Incident Response Team <psirt@cisco.com.>
To: [email protected]Subject: Cisco Security Advisory: Microsoft Windows SMB Denial of Service Vulnerabilities in Cisco Products - MS02-045
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Microsoft Windows SMB Denial of Service
Vulnerabilities in Cisco Products - MS02-045
Revision 1.0 - Final
For Public Release 2002 September 18 16:00 (UTC -0400)
- -------------------------------------------------------------------------------
Contents
========
Summary
Affected Products
Details
Impact
Software Versions and Fixes
Obtaining Fixed Software
Workarounds
Exploitation and Public Announcements
Status of This Notice
Distribution
Revision History
Cisco Security Procedures
- -------------------------------------------------------------------------------
Summary
=======
This advisory describes vulnerabilities that affect Cisco products and
applications that are installed on Microsoft operating systems incorporating
the use of the Server Message Block (SMB) file sharing protocol. It is based on
the vulnerabilities in Microsoft's SMB protocol, not due to a defect of the
Cisco product or application.
Vulnerabilities were discovered that enable an attacker to execute arbitrary
code or perform a denial of service against the server. These vulnerabilities
were discovered and publicly announced by Microsoft in their Microsoft Security
Bulletin MS02-045.
All Cisco products and applications that are using the Microsoft operating
systems identified by Microsoft in their Microsoft Security Bulletin MS02-045
are considered vulnerable.
This advisory is available at
http://www.cisco.com/warp/public/707/Microsoft-SMB-vulnerabilities-MS02-045-pub.shtml.
Affected Products
=================
To determine if a product is vulnerable, review the list below. If the software
versions or configuration information are provided, then only those
combinations are vulnerable.
* Cisco CallManager
* Cisco ICS 7750
Other products in the list below may be installed on the affected Microsoft
operating systems and should have the hotfix from Microsoft installed to remove
the vulnerabilities. This list is not all inclusive, please refer to
Microsoft's bulletin if you think you have an affected Microsoft platform.
* Cisco Unity
* Cisco Building Broadband Service Manager (BBSM)
* Cisco uOne Enterprise Edition
* Cisco Network Registrar (CNR)
* Cisco Intelligent Contact Manager (ICM)
* Cisco E-mail Manager (CEM)
* Cisco Collaboration Server (CCS)
* Cisco Dynamic Content Adapter (DCA)
* Cisco Media Blender (CMB)
* TrailHead (Part of the Web Gateway solution)
* Cisco Works 2000
+ Lan Management Solution
+ Routed WAN Management
+ Service Management
+ VPN/Security Mangement Solution
+ IP Telephony Environment Monitor
+ Wireless Lan Solution Engine
+ Small Network Management Solution
+ QoS Policy Manager
+ Voice Manager
* Cisco Transport Manager (CTM)
* Cisco Broadband Troubleshooter (CBT)
* DOCSIS CPE Configurator
* Cisco Secure Applications
+ Cisco Secure Policy Manager (CSPM)
+ Access Control Server (ACS)
+ User Registration Tool
Details
=======
The vulnerabilities have been described in more detail at
http://www.microsoft.com/technet/security/bulletin/MS02-045.asp.
Impact
======
Successful exploitation of these vulnerabilities may cause the system to crash
resulting in a loss of availability until the device has reinitialized.
Software Versions and Fixes
To access the software center for software fixes, you must be a registered user
and you must be logged in.
Cisco CallManager
+-----------------------------------------------------+
| Version | Fixed Regular Release (available |
| Affected | now) |
| | Fix carries forward into all later |
| | versions |
|--------------+--------------------------------------|
| Version | Install |
| 3.0.x | win-OS-Upgrade.2000-1-3spF.exe from |
| | our Software Center |
|--------------+--------------------------------------|
| Version | Install |
| 3.1.x | win-OS-Upgrade.2000-1-3spF.exe from |
| | our Software Center |
|--------------+--------------------------------------|
| Version | Install |
| 3.2.x | win-OS-Upgrade.2000-1-3spF.exe from |
| | our Software Center |
+-----------------------------------------------------+
Cisco ICS 7750
+-----------------------------------------------------+
| Version | Fixed Regular Release (available now) |
| Affected | Fix carries forward into all later |
| | versions |
|-----------+-----------------------------------------|
| | Follow instructions in the Field Notice |
| Version | Upgrade Program for SPE200 |
| 1.x | Then install |
| | win-OS-Upgrade.2000-1-3spF.exe from our |
| | Software Center |
|-----------+-----------------------------------------|
| Version | Install win-OS-Upgrade.2000-1-3spF.exe |
| 2.x | from our Software Center |
+-----------------------------------------------------+
All Other Products
Install the patch for MS02-045.
Obtaining Fixed Software
Where Cisco provides the operating system bundled with the product, Cisco is
offering free software upgrades to address these vulnerabilities for all
affected customers. Customers may only install and expect support for the
feature sets they have purchased.
Customers with service contracts should contact their regular update channels
to obtain any software release containing the feature sets they have purchased.
For most customers with service contracts, this means that upgrades should be
obtained through the Software Center on Cisco's Worldwide Web site at
http://www.cisco.com/.
Customers whose Cisco products are provided or maintained through a prior or
existing agreement with third-party support organizations such as Cisco
Partners, authorized resellers, or service providers should contact that
support organization for assistance with obtaining the free software
upgrade(s).
Customers who purchased directly from Cisco but who do not hold a Cisco service
contract, and customers who purchase through third party vendors but are
unsuccessful at obtaining fixed software through their point of sale, should
obtain fixed software by contacting the Cisco Technical Assistance Center (TAC)
using the contact information listed below. In these cases, customers are
entitled to obtain an upgrade to a later version of the same release or as
indicated by the applicable row in the Software Versions and Fixes table (noted
above).
Cisco TAC contacts are as follows:
* +1 800 553 2447 (toll free from within North America)
* +1 408 526 7209 (toll call from anywhere in the world)
* e-mail: [email protected]
See http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml for additional
TAC contact information, including special localized telephone numbers and
instructions and e-mail addresses for use in various languages.
Please have your product serial number available and give the URL of this
notice as evidence of your entitlement to a free upgrade.
Please do not contact either "[email protected]" or "[email protected]"
for software upgrades.
Workarounds
===========
Microsoft documents several workarounds in their bulletin MS02-045.
Exploitation and Public Announcements
The vulnerabilities described here have been discussed publicly on mailing
lists and via security advisories released by other sources. Exploit code for
these vulnerabilities is publicly available via the Internet.
Status of This Notice: Final
This is a final advisory. Although Cisco cannot guarantee the accuracy of all
statements in this notice, all of the facts have been checked to the best of
our ability. Cisco does not anticipate issuing updated versions of this
advisory unless there is some material change in the facts. Should there be a
significant change in the facts, Cisco may update this advisory.
Distribution
============
This notice will be posted on Cisco's Worldwide Web site at
http://www.cisco.com/warp/public/707/Microsoft-SMB-vulnerabilities-MS02-045-pub.shtml.
In addition to Worldwide Web posting, a text version of this notice is
clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail
and Usenet news recipients:
* [email protected]
* [email protected]
* [email protected]
* [email protected] (includes CERT/CC)
* [email protected]
* [email protected]
* comp.dcom.sys.cisco
* [email protected]
* Various internal Cisco mailing lists
Future updates of this notice, if any, will be placed on Cisco's Worldwide Web
server, but may or may not be actively announced on mailing lists or
newsgroups. Users concerned about this problem are encouraged to check the URL
given above for any updates.
Revision History
================
+----------------------------------------------------------------------------+
| Revision 1.0 | September 18, 2002 16:00 (UTC -0400) | Initial public |
| | | release |
+----------------------------------------------------------------------------+
Cisco Security Procedures
Complete information on reporting security vulnerabilities in Cisco products,
obtaining assistance with security incidents, and registering to receive
security information from Cisco, is available on Cisco's Worldwide Web site at
http://www.cisco.com/warp/public/707/sec_incident_response.shtml. This includes
instructions for press inquiries regarding Cisco security notices. All Cisco
Security Advisories are available at http://www.cisco.com/go/psirt/.
- -------------------------------------------------------------------------------
This notice is Copyright 2002 by Cisco Systems, Inc. This notice may be
redistributed freely after the release date given at the top of the text,
provided that redistributed copies are complete and unmodified, and include all
date and version information.
- -------------------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.2
iQA/AwUBPYijBZPS/wbyNnWcEQIO8ACgp3Lf6CpzIYYIjwEuKsYhyL9LCvQAn0V2
R2Iyvhm8JM0baMVA+LcTQBBm
=QCDS
-----END PGP SIGNATURE-----
