'[nsp] Cisco Security Notice: Cisco IOS HTTP Server Vulnerability'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       cisco-nsp
Subject:    [nsp] Cisco Security Notice: Cisco IOS HTTP Server Vulnerability
From:       Cisco Product Security Incident Response Team <psirt () cisco ! com>
Date:       2000-04-28 5:32:08
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----

A serious vulnerability that affects all IOS images since 11.1 on all IOS
platforms was announced publicly on the BUGTRAQ mailing list on Thursday,
2000 April 27.  This defect has been filed as Cisco bug ID CSCdr36952.

If web-based management of a Cisco router has been enabled, it is possible
for anyone that can browse to that router's management web page to cause the
router to crash and not reload.  The power will have to be cycled to recover
normal operation.  This defect is present in any image that supports
management of the router via the web from IOS release 11.1 and later on all
platforms that support those releases.  This only affects IOS on routers.

To verify if a router is vulnerable, look for the following line in the
output of a "show run" or "show conf" command:

    ip http server

To work around the defect, disable the http service by entering global
configuration mode and applying the following command:

    no ip http server

Please be certain to write the configuration to memory to avoid
unintentionally re-enabling the service at the next reload.

Unless the router is protected from this attack via firewalls or access
control lists, PLEASE APPLY THE WORKAROUND AS SOON AS POSSIBLE!

We do not yet have a fix for the vulnerability nor has a formal security
advisory been drafted.  We are notifying the cust-security-announce mailing
list and various Cisco internal mailing lists immediately.  We have also
responded to the BUGTRAQ posting in a separate message.

Development engineering has begun work on the defect, and we will post a
formal advisory as soon as we have a timetable for fixed releases.

Please address comments or questions to psirt@cisco.com.  Press inquiries
should follow the procedure described at the URL in my signature block.

	Jim

- --
Jim Duncan, Product Security Incident Manager, Cisco Systems, Inc.
<http://www.cisco.com/warp/public/707/sec_incident_response.shtml>
E-mail: <jnduncan@cisco.com>  Phone(Direct/FAX): +1 919 392 6209

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.2

iQB1AwUBOQkcxN5wH2yjJs+JAQGvKAMAmzXqdz/eSZ1/b4AoxT8JbYkSGbTCfyWS
owd1Qe0x9+JFJBtD13++y1tZxOcbAkvR3LACF/XHmnyyCa1vftuE/D4bKToBOS9b
gAl6jQ1KVgjCNPoYq+GdXOchRTNSxHbf
=Nj+c
-----END PGP SIGNATURE-----

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic