SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Router/Bridge/Hub)  >   Cisco IOS Vendors:   Cisco
Cisco IOS Web Interface Buffer Overflow Lets Remote Users Send 2GB HTTP GET Requests to Execute Arbitrary Code
SecurityTracker Alert ID:  1007342
SecurityTracker URL:  http://securitytracker.com/id/1007342
CVE Reference:   CVE-2003-0647   (Links to External Site)
Updated:  Aug 6 2003
Original Entry Date:  Jul 31 2003
Impact:   Denial of service via network, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Prior to 12.3
Description:   A buffer overflow was reported in Cisco IOS in the HTTP server software. A remote user can cause the target device to reboot or execute arbitrary code.

Cisco issued a Security Notice warning that a remote user can send a specially crafted HTTP GET request to the HTTP server on a Cisco IOS-based device to trigger a buffer overflow. The request must contain two gigabytes of data. A remote user can reportedly execute arbitrary code on the router.

All IOS software versions except 12.3 and 12.3T are affected. Cisco reports that CatOS and PIX are not affected.

Cisco has assigned bug ID CSCeb50339 to this vulnerability.

Cisco credits FX of Phenoelit with reporting this flaw.

Impact:   A remote user can cause the router to crash and reboot or potentially execute arbitrary code.
Solution:   Cisco has released or is developing the following releases [see the Vendor URL for the full patch matrix]:

Train
Description
Interim
Maintenance

12.0S
Core/ISO
12.0(25.4)S1
12.0(26)S (2003-Aug)

12.1
General Deployment
12.1(22) (2003-Dec)

12.lE
Enterprise Support
12.1(19.3)E (2003-Aug-01)
12.1(20)E (2003-Sep-29)

12.2
12.2 Mainline
12.2(18.2)
12.2(19) (2003-Aug-25)

12.2T
Technology Train
12.2(15)T
12.2(15)T5

12.2JA
Access Point Special
12.2(11)JA1
12.2(11)JA1

Vendor URL:  www.cisco.com/warp/public/707/cisco-sn-20030730-ios-2gb-get.shtml (Links to External Site)
Cause:   Boundary error

Message History:   None.


 Source Message Contents

Subject:  http://www.cisco.com/warp/public/707/cisco-sn-20030730-ios-2gb-get.shtml


Cisco issued a Security Notice (Document ID: 44226)

"Sending 2GB Data in GET Request Causes Buffer Overflow in Cisco IOS Software"

The notice indicated that Cisco IOS-based devices that run an HTTP server can be crashed 
by a remote user sending a specially crafted HTTP GET request containing two gigabytes of 
data.  A remote user can execute arbitrary code on the router.

All IOS software versions except 12.3 and 12.3T are affected.  Cisco reports that CatOS 
and PIX are not affected.

Cisco has assigned bug ID CSCeb50339 to this vulnerability.

Cisco credits FX of Phenoelit with reporting this flaw.

Cisco has released or is developing the following releases:

Train
  Description
  Interim
  Maintenance

12.0S
  Core/ISO
  12.0(25.4)S1
  12.0(26)S (2003-Aug)

12.1
  General Deployment
    12.1(22) (2003-Dec)

12.lE
  Enterprise Support
  12.1(19.3)E (2003-Aug-01)
  12.1(20)E (2003-Sep-29)

12.2
  12.2 Mainline
  12.2(18.2)
  12.2(19) (2003-Aug-25)

12.2T
  Technology Train
  12.2(15)T
  12.2(15)T5

12.2JA
  Access Point Special
  12.2(11)JA1
  12.2(11)JA1






 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC