SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Router/Bridge/Hub)  >   Cisco ONS Vendors:   Cisco
(Cisco ONS is Affected) Cisco SNMP Bug Lets Remote Users Send SNMP Solicited Operations to Cause the Device to Reload
SecurityTracker Alert ID:  1009915
SecurityTracker URL:  http://securitytracker.com/id/1009915
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Apr 22 2004
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): ONS 15454 and 15454E running 4.60, when configured with ML line card
Description:   A vulnerability was reported a vulnerability in certain releases of the Cisco Internetwork Operating System (IOS) software in the processing of SNMP requests. A remote user can cause the device to reload. Cisco ONS 15454 and 15454E devices configured with an ML-series line card and running release 4.60 are vulnerable, because the release bundles a vulnerable version of IOS.

Cisco reported that a remote user can send certain SNMP requests to the target system to cause the device to reload. Only certain IOS releases on Cisco routers and switches are affected, including versions of the software release trains 12.0S, 12.1E, 12.2, 12.2S, 12.3, 12.3B, and 12.3T.

The flaw was reportedly introduced by code that was to correct Bug ID CSCeb22276 and subsequent releases.

Cisco says that the following releases are affected [but this may not be a comprehensive list, they warned]:

* 12.0(23)S4, 12.0(23)S5
* 12.0(24)S4, 12.0(24)S5
* 12.0(26)S1
* 12.0(27)S
* 12.0(27)SV, 12.0(27)SV1
* 12.1(20)E, 12.1(20)E1, 12.1(20)E2
* 12.1(20)EO
* 12.1(20)EA1
* 12.1(20)EW, 12.1(20)EW1
* 12.1(20)EC, 12.1(20)EC1
* 12.2(12g), 12.2(12h)
* 12.2(20)S, 12.2(20)S1
* 12.2(21), 12.2(21a)
* 12.2(23)
* 12.3(2)XC1, 12.3(2)XC2
* 12.3(5), 12.3(5a), 12.3(5b)
* 12.3(6)
* 12.3(4)T, 12.3(4)T1, 12.3(4)T2, 12.3(4)T3
* 12.3(5a)B
* 12.3(4)XD, 12.3(4)XD1

UDP ports 161 and 162 are affected. Also, a randomly assigned port between 49152 and 59152 is affected.

The report indicates that IOS incorrectly attempts to process SNMP solicited operations on UDP port 162 and the random UDP port, causing memory corruption.

The remote user must authenticate (using SNMP community strings) to exploit via SNMPv1 and SNMPv2c but does not need to authenticate to exploit via SNMPv3 solicited operations. If the device is configured for SNMP, the device will support SNMP version 1, 2c, and 3 operations. As a result, no authentication is required to exploit this flaw.

Cisco has assigned Bug ID CSCed68575 to this vulnerability.

Impact:   A remote user can cause the target device to reset.
Solution:   For Cisco ONS 15454 and 15454E with an ML-series Line Card, a fixed version (4.62) will be available on April 27, 2004.
Vendor URL:  www.cisco.com/warp/public/707/cisco-sa-20040420-snmp.shtml (Links to External Site)
Cause:   State error

Message History:   This archive entry is a follow-up to the message listed below.
Apr 20 2004 Cisco SNMP Bug Lets Remote Users Send SNMP Solicited Operations to Cause the Device to Reload



 Source Message Contents

Subject:  http://www.cisco.com/warp/public/707/cisco-sa-20040420-snmp.shtml


http://www.cisco.com/warp/public/707/cisco-sa-20040420-snmp.shtml

 > Cisco Security Advisory: Vulnerabilities in SNMP Message Processing
 > Document ID: 50980
 > Revision 1.1
 > Last Updated 2004 April 22 0900 UTC (GMT)

Cisco updated their SNMP advisory to indicate the Cisco ONS is also affected.  The ONS 
15454 and 15454E devices configured with an ML-series line card and running release 4.60 
are vulnerable, the advisory warned.  This is because release 4.60 bundles IOS version 
12.1(20)EO, which is vulnerable.

For Cisco ONS 15454 and 15454E with an ML-series Line Card, a fixed version (4.62) will be 
available on April 27, 2004.

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC