The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


Cisco Security Advisory: IOS ARP Table Overwrite Vulnerability


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
Date: Thu, 15 Nov 2001 08:30:00 -0800 (PST)
From: Cisco Systems Product Security Incident Response Team <psirt@cisco.com.>
To: [email protected]
Subject: Cisco Security Advisory: IOS ARP Table Overwrite Vulnerability
Cc: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----

Cisco Security Advisory: Cisco IOS ARP Table Overwrite Vulnerability

Revision 1.0 For Release 2001 November 15 08:00 AM US/Pacific (UTC -0700) - ------------------------------------------------------------------------- Summary ======= It is possible to send an Address Resolution Protocol (ARP) packet on a local broadcast interface (for example: ethernet, cable, tokenring, fddi) which could cause a router or switch running specific versions of Cisco IOS╝ Software Release or CatOS to stop sending and receiving ARP packets on the local router interface. This will in a short time cause the router and local hosts to be unable to send packets to each other. ARP packets received by the router for the router's own interface address but a different Media Access Control (MAC) address will overwrite the router's MAC address in the ARP table with the one from the received ARP packet. This was demonstrated to attendees of the Black Hat conference and should be considered to be public knowledge. This attack is only successful against devices on the segment local to the attacker or attacking host. This vulnerability is documented in Cisco Bug ID CSCdu81936, and a workaround is available. The complete notice will be available at http://www.cisco.com/warp/public /707/IOS-arp-overwrite-vuln-pub.shtml Affected Products ================= The following products are affected if they run a software release that has the defect. To determine if a Cisco product is running an affected IOS, log in to the device and issue the command show version. Cisco IOS software will identify itself as "Internetwork Operating System Software" or "IOS (tm)" software and will display a version number. Other Cisco devices either will not have the command show version, or will give different output. Compare the version number obtained from the router with the versions presented in the Software Versions and Fixes section below. Cisco devices that may be running with affected IOS software releases include: * Cisco routers in the AGS/MGS/CGS/AGS+, IGS, RSM, 800, ubr900, 1000, 1400, 1500, 1600, 1700, 2500, 2600, 3000, 3600, 3800, 4000, 4500, 4700, AS5200, AS5300, AS5800, 6400, 7000, 7200, ubr7200, 7500, and 12000 series. * Most recent versions of the LS1010 ATM switch. * The Catalyst 6000. * The Catalyst 2900XL LAN switch. * The Catalyst 1900, 2800, 2900, 3000, and 5000 series LAN switches are affected. * The Cisco DistributedDirector. If you are not running Cisco IOS software, you are not affected by this vulnerability. Cisco products that do not run Cisco IOS software and are not affected by this defect include, but are not limited to: * 700 series dialup routers (750, 760, and 770 series) are not affected. * WAN switching products in the IGX and BPX lines are not affected. * The MGX (formerly known as the AXIS shelf) is not affected. * No host-based software is affected. * The Cisco PIX Firewall is not affected. * The Cisco LocalDirector is not affected. * The Cisco Cache Engine is not affected. Details ======= ARP packets, both request and reply, received by the router for the router's own interface address or global Network Address Translation (NAT) entries, but a different MAC address will overwrite the router's MAC address in the router's ARP table with the one in the ARP request or reply. Cisco IOS router devices will defend the MAC address of an interface for several attempts, but in an attempt to prevent an ARP storm, the device will accept the incorrect information into the ARP table, which causes the interface to stop accepting new ARP entries, and entries will not be accepted or updated in the ARP table. This behavior has been repaired to properly defend the interface MAC address, with rate limiting the response to avoid an ARP storm on the local network. This attack can only be carried out from the local network. This defect is documented in Cisco Bug ID CSCdu81936 and is repaired in future versions of Cisco IOS code. This defect is duplicated by the following Cisco Bug ID's: CSCdv83509, CSCdv63206, CSCdv77242, CSCdv77220, CSCdu85209. Additionally, a configuration workaround is available. Impact ====== This issue can cause a Cisco Router to be vulnerable to a Denial-of-Service attack, once the ARP table entries time out. This defect does not result in a failure of confidentiality of information stored on the unit, nor does this defect allow hostile code to be loaded onto a Cisco device. This defect may cause a denial of service on the management functions of a Cisco Switch, but does not affect traffic through the device. Software Versions and Fixes
+===================================================================+ | Major | Description or | Availability of Repaired Releases* | | Release | Platform | | |-----------------------------+-------------------------------------| | Affected Earlier Releases | Rebuild | Interim | Maintenance | | | | ** | | +=============================+=====================================+ | 11.1 and | | | | earlier, | Numerous | Upgrade to repaired release or use | | all | | workaround | | variants | | | +=============================+=====================================+ | 11.2-based Releases | Rebuild | Interim | Maintenance | | | | ** | | +=============================+=====================================+ | | Major release | | | 11.2 | for all | Not affected after 11.2(13) | | | platforms | | |----------+------------------+-------------------------------------| | 11.2P | New platform | Not affected after 11.2(12)P | | | support | | +=============================+=====================================+ | 11.3-based Releases | Rebuild | Interim | Maintenance | | | | ** | | +=============================+=====================================+ | | Major release | | | 11.3 | for all | Not affected after 11.3(3) | | | platforms | | |----------+------------------+-------------------------------------| | | Early deployment | | | 11.3T | major release, | Not affected after 11.3(3)T | | | feature-rich for | | | | early adopters | | +=============================+=====================================+ | 12.0-based Releases | Rebuild | Interim | Maintenance | | | | ** | | +=============================+=====================================+ | | General | | | | | 12.0 | Deployment (GD) | | 12.0 | 12.0(20) | | | candidate: all | | (19.6) | | | | platforms | | | | |----------+------------------+-------------------------------------| | | xDSL support: | Unavailable | |12.0DA |6100, 6200 |-------------------------------------| | | | Upgrade recommended to 12.2DA | |----------+------------------+-------------------------------------| | | Early deployment | Unavailable | |12.0DB |release for 6400 |-------------------------------------| | | NSP | Upgrade recommended to 12.1T or | | | | later | |----------+------------------+-------------------------------------| | | Early deployment | Unavailable | |12.0DC |release for 6400 |-------------------------------------| | | NRP | Upgrade recommended to 12.2(2)B | | | | when available | |----------+------------------+-------------------------------------| | | Core/ISP | | | 12.0(21)S | | 12.0S | support: GSR, | | | 2002-Jan-14 | | | RSP, c7200 | | | | |----------+------------------+-------------------------------------| | | | Unavailable | |12.0SC |Cable/broadband |-------------------------------------| | | ISP: ubr7200 | Upgrade recommended to 12.1EC, or | | | | use workaround | |----------+------------------+-------------------------------------| | | | Unavailable | |12.0SL |10000 ESR: c10k |-------------------------------------| | | | Upgrade recommended to 12.0ST, or | | | | use workaround | |----------+------------------+-------------------------------------| | 12.0SP | c10720 | | | 12.0(20)SP | |----------+------------------+-------------+---------+-------------| | | MPLS/Tag | | | | | 12.0ST | Switching, GSR | | | 12.0(20)ST | | | 12000, 7200, | | | 2001-Nov-26 | | | 7500 | | | | |----------+------------------+-------------------------------------| | | Early Deployment | | | | (ED): VPN, | Unavailable | | | Distributed | | |12.0T |Director, |-------------------------------------| | | various | | | | platforms | Upgrade recommended to 12.1(11) | | | | | |----------+------------------+-------------------------------------| | | Catalyst | | | | | | switches: | | | 12.0(20)W5 | | | cat8510c, | | | (24) | | | cat8540c, | | | | | |ls1010, | | |-------------| | | cat8510m, | | | | | | cat8540m, | | | 2002-Jan-07 | | | cat5atm | | | | |12.0W5 |------------------+-------------+---------+-------------| | | Catalyst | | | 12.0(18)W5 | | | switches: | | | (22a) | | |cat2948g-L3, | | |-------------| | | cat4232 | | | 2001-Dec-1 | | |------------------+-------------+---------+-------------| | | | | | 12.0(16)W5 | | | Catalyst | | | (21b) | | |switches: c6msm | | |-------------| | | | | | 2001-Nov-29 | |----------+------------------+-------------+---------+-------------| | 12.0WC | Catalyst 2900xl | 12.0(5)WC3 | | | | | | 2002-Jan | | | |----------+------------------+-------------------------------------| | | Catalyst | | | 12.0WT | switches: | Not affected | | | cat4840g | | |----------+------------------+-------------------------------------| | | Early Deployment | Unavailable | |12.0XA |(ED): limited |-------------------------------------| | | platforms | Upgrade recommended to 12.1(11) | |----------+------------------+-------------------------------------| | | Short-lived | Unavailable | |12.0XB |early deployment |-------------------------------------| | | release | Upgrade recommended to 12.1(11) | |----------+------------------+-------------------------------------| | | Early Deployment | Unavailable | |12.0XC |(ED): limited |-------------------------------------| | | platforms | Upgrade recommended to 12.1(11) | |----------+------------------+-------------------------------------| | | Early Deployment | Unavailable | |12.0XD |(ED): limited |-------------------------------------| | | platforms | Upgrade recommended to 12.1(11) | |----------+------------------+-------------------------------------| | | Early Deployment | Unavailable | |12.0XE |(ED): limited |-------------------------------------| | | platforms | Upgrade recommended to 12.1(11)E, | | | | available 2001-Dec-10 | |----------+------------------+-------------------------------------| | | Early Deployment | Unavailable | |12.0XF |(ED): limited |-------------------------------------| | | platforms | Upgrade recommended to 12.1(11) | |----------+------------------+-------------------------------------| | | Early Deployment | Unavailable | |12.0XG |(ED): limited |-------------------------------------| | | platforms | Upgrade recommended to 12.1(11) | |----------+------------------+-------------------------------------| | | Early Deployment | Unavailable | |12.0XH |(ED): limited |-------------------------------------| | | platforms | Upgrade recommended to 12.1(11) | |----------+------------------+-------------------------------------| | | Early Deployment | Unavailable | |12.0XI |(ED): limited |-------------------------------------| | | platforms | Upgrade recommended to 12.1(11) | |----------+------------------+-------------------------------------| | | Early Deployment | Unavailable | |12.0XJ |(ED): limited |-------------------------------------| | | platforms | Upgrade recommended to 12.1(11) | |----------+------------------+-------------------------------------| | | | | | | Early Deployment | Unavailable | | 12.0XK | (ED): limited | | | |platforms |-------------------------------------| | | | Upgrade recommended to 12.1(11) | |----------+------------------+-------------------------------------| | | | | | | Early Deployment | Unavailable | | 12.0XL | (ED): limited | | | |platforms |-------------------------------------| | | | Upgrade recommended to 12.1(11) | |----------+------------------+-------------------------------------| | | | | | | Short-lived | Unavailable | | 12.0XM | early deployment | | | |release |-------------------------------------| | | | Upgrade recommended to 12.1(11) | |----------+------------------+-------------------------------------| | | | | | | Early Deployment | Unavailable | | 12.0XN | (ED): limited | | | |platforms |-------------------------------------| | | | Upgrade recommended to 12.1(11) | |----------+------------------+-------------------------------------| | | | | | | Early Deployment | Unavailable | | 12.0XP | (ED): limited | | | |platforms |-------------------------------------| | | | Workaround recommended | |----------+------------------+-------------------------------------| | | | | | | Short-lived | Unavailable | | 12.0XQ | early deployment | | | |release |-------------------------------------| | | | Upgrade recommended to 12.1(11) | |----------+------------------+-------------------------------------| | | | | | | Short-lived | Unavailable | | 12.0XR | early deployment | | | |release |-------------------------------------| | | | Upgrade recommended to 12.1(11) | |----------+------------------+-------------------------------------| | | | | | | Short-lived | Unavailable | | 12.0XS | early deployment | | | |release |-------------------------------------| | | | Upgrade recommended to 12.1(11)E, | | | | available 2001-DEC-10 | |----------+------------------+-------------------------------------| | | | | | | Early Deployment | Unavailable | | 12.0XU | (ED): limited | | | |platforms |-------------------------------------| | | | Upgrade recommended or use | | | | workaround | |----------+------------------+-------------------------------------| | | | | | | Short-lived | Unavailable | | 12.0XV | early deployment | | | |release |-------------------------------------| | | | Upgrade recommended to 12.2 | +=============================+=====================================+ | 12.1-based Releases | Rebuild | Interim | Maintenance | | | | ** | | +=============================+=====================================+ | | General | | | | | 12.1 | Deployment (GD) | | 12.1 | 12.1(11) | | | candidate: all | | (10.3) | | | | platforms | | | | |----------+------------------+-------------+---------+-------------| | 12.1AA | Dial Support | | | 12.1(10)AA | | | | | | 2001-Nov-12 | |----------+------------------+-------------------------------------| | | | Unavailable | | 12.1DA | xDSL Support: | | | |6100, 6200 |-------------------------------------| | | | Upgrade recommended to 12.2.T | |----------+------------------+-------------------------------------| | | Cisco 6400 | Upgrade recommended to 12.2(2)B | | 12.1DB | Universal Access | when available | | | Concentrator | | |----------+------------------+-------------------------------------| | 12.1DC | xDSL NRP | Upgrade recommended to 12.2(2)B | | | support: c6400r | when available | |----------+------------------+-------------------------------------| | | Core/ISP | | | 12.1(11)E | | 12.1E | Support: GSR, | | | 2001-DEC-10 | | | RSP, c7200 | | | | |----------+------------------+-------------+---------+-------------| | | Catalyst 2950 | 12.1(6)EA2 | | | | | | 2001-Dec | | | |12.1EA |------------------+-------------+---------+-------------| | | | 12.1(6) | | | | | Catalyst 3550 | EA1a | | | | | | 2001-DEC | | | |----------+------------------+-------------+---------+-------------| | | Early Deployment | | | | | 12.1EC | (ED): ubr7200, | | 12.1 | 12.1(9)EC | | | UBR Headend | | (8.5)EC | | | | platforms | | | | |----------+------------------+-------------------------------------| | | | Unavailable | |12.1EX |Catalyst 6000 |-------------------------------------| | | | Upgrade recommended to 12.1(11)E | |----------+------------------+-------------------------------------| | 12.1EY | Catalyst 8510, | Not Affected | | | 8540, LS1010 | | |----------+------------------+-------------------------------------| | | Early Deployment | 12.1(6)EZ4 | | | | 12.1EZ | (ED): limited | 2001-Nov-02 | | | | | platforms | | | | |----------+------------------+-------------------------------------| | | | | | | New technology | Unavailable | | 12.1T | Early Deployment | | | | (ED): all | | | |platforms |-------------------------------------| | | | Upgrade recommended to 12.2 | |----------+------------------+-------------------------------------| | | | | | | Early Deployment | Unavailable | | 12.1XA | (ED): limited | | | |platforms |-------------------------------------| | | | Upgrade recommended to 12.2 | |----------+------------------+-------------------------------------| | | | | | | Early Deployment | Unavailable | | 12.1XB | (ED): limited | | | |platforms |-------------------------------------| | | | Upgrade recommended to 12.2 | |----------+------------------+-------------------------------------| | | | | | | Early Deployment | Unavailable | | 12.1XC | (ED): limited | | | |platforms |-------------------------------------| | | | Upgrade recommended to 12.2 | |----------+------------------+-------------------------------------| | | | | | | Early Deployment | Unavailable | | 12.1XD | (ED): limited | | | |platforms |-------------------------------------| | | | Upgrade recommended to 12.2 | |----------+------------------+-------------------------------------| | | | | | | Early Deployment | Unavailable | | 12.1XE | (ED): limited | | | |platforms |-------------------------------------| | | | Upgrade recommended to 12.2 | |----------+------------------+-------------------------------------| | | Early Deployment | 12.1(2)XF5 | | | | 12.1XF | (ED): limited | 2002-Jan | | | | | platforms | | | | |----------+------------------+-------------+---------+-------------| | | Early Deployment | 12.1(3)XG6 | | | | 12.1XG | (ED): limited | 2002-Jan | | | | | platforms | | | | |----------+------------------+-------------------------------------| | | | | | | Early Deployment | Unavailable | | 12.1XH | (ED): limited | | | |platforms |-------------------------------------| | | | Upgrade recommended to 12.2 | |----------+------------------+-------------------------------------| | | | | | | Early Deployment | Unavailable | | 12.1XI | (ED): limited | | | |platforms |-------------------------------------| | | | Upgrade recommended to 12.2 | |----------+------------------+-------------------------------------| | | | | | | Early Deployment | Unavailable | | 12.1XJ | (ED): limited | | | |platforms |-------------------------------------| | | | Upgrade recommended to 12.2 | |----------+------------------+-------------------------------------| | | | | | | Early Deployment | Unavailable | | 12.1XK | (ED): limited | | | |platforms |-------------------------------------| | | | Upgrade recommended to 12.2 | |----------+------------------+-------------------------------------| | | | | | | Early Deployment | Unavailable | | 12.1XL | (ED): limited | | | |platforms |-------------------------------------| | | | Upgrade recommended to 12.2 | |----------+------------------+-------------------------------------| | | Early Deployment | 12.1(5)XM6 | | | | 12.1XM | (ED): limited | 2001-Dec-03 | | | | | platforms | | | | |----------+------------------+-------------------------------------| | | | | | | Early Deployment | Unavailable | | 12.1XP | (ED): limited | | | |platforms |-------------------------------------| | | | Upgrade recommended to 12.2(2)T | |----------+------------------+-------------------------------------| | | | | | | Early Deployment | Unavailable | | 12.1XQ | (ED): limited | | | |platforms |-------------------------------------| | | | Upgrade recommended to 12.2(2)T | |----------+------------------+-------------------------------------| | | | | | | Early Deployment | Unavailable | | 12.1XR | (ED): limited | | | |platforms |-------------------------------------| | | | Upgrade recommended to 12.2(7)T | |----------+------------------+-------------------------------------| | | Early Deployment | 12.2(2)XC1 | | | | 12.1XS | (ED): limited | 2001-DEC-3 | | | | | platforms | | | | |----------+------------------+-------------------------------------| | | | | | | Early Deployment | Unavailable | | 12.1XT | (ED): limited | | | |platforms |-------------------------------------| | | | Upgrade recommended to 12.2(7)T | |----------+------------------+-------------------------------------| | | Early Deployment | | | 12.1XU | (ED): limited | Not affected | | | platforms | | |----------+------------------+-------------------------------------| | | Early Deployment | 12.2(2)XB2 | | | | 12.1XV | (ED): limited | 2001-DEC-17 | | | | | platforms | | | | |----------+------------------+-------------+---------+-------------| | | Early Deployment | | | | | 12.1XW | (ED): limited | | | 12.1(11) | | | platforms | | | | |----------+------------------+-------------+---------+-------------| | | Early Deployment | | | | | 12.1XX | (ED): limited | | | 12.1(11) | | | platforms | | | | |----------+------------------+-------------+---------+-------------| | | Early Deployment | | | | | 12.1YA | (ED): limited | | | 12.2(2)XB | | | platforms | | | | |----------+------------------+-------------+---------+-------------| | | Early Deployment | 12.1(5)YB5 | | | | 12.1YB | (ED): limited | 2002-Jan | | | | | platforms | | | | |----------+------------------+-------------+---------+-------------| | | Early Deployment | 12.1(5)YC2 | | | | 12.1YC | (ED): limited | 2002-Jan | | | | | platforms | | | | |----------+------------------+-------------------------------------| | | Early Deployment | | | 12.1YD | (ED): limited | Migrate to 12.2(7)T | | | platforms | | |----------+------------------+-------------------------------------| | | Early Deployment | 12.1(5)YE4 | | | | 12.1YE | (ED): limited | 2001-Nov-19 | | | | | platforms | | | | |----------+------------------+-------------+---------+-------------| | | Early Deployment | 12.1(5)YF3 | | | | 12.1YF | (ED): limited | 2001-Nov | | | | | platforms | | | | |----------+------------------+-------------------------------------| | | Early Deployment | | | 12.1YH | (ED): limited | Not Affected | | | platforms | | +=============================+=====================================+ | Affected 12.2-based | Rebuild | Interim | Maintenance | | Releases | | ** | | +=============================+=====================================+ | | General | | | | | 12.2 | Deployment (GD) | | 12.2 | 12.2(5) | | | candidate: all | | (4.2) | | | | platforms | | | | |----------+------------------+-------------+---------+-------------| | 12.2DD | 7200, 7400 | 12.2(2)DD1 | | | | | | 2001-Nov-19 | | | |----------+------------------+-------------+---------+-------------| | | Early Deployment | | | 12.2(7)T | | 12.2T | (ED): limited | | | 2002-Feb | | | platforms | | | | |----------+------------------+-------------+---------+-------------| | | Early Deployment | 12.2(2)XA4 | | | | 12.2XA | (ED): limited | 2001-Dec-3 | | | | | platforms | | | | |----------+------------------+-------------+---------+-------------| | | Early Deployment | 12.2(2)XB2 | | | | 12.2XB | (ED): limited | 2001-Dec-17 | | | | | platforms | | | | |----------+------------------+-------------+---------+-------------| | | Early Deployment | 12.2(2)XC1 | | | | 12.2XC | (ED): limited | 2001-DEC-3 | | | | | platforms | | | | |----------+------------------+-------------+---------+-------------| | | Early Deployment | 12.2(1)XD3 | | | | 12.2XD | (ED): limited | 2002-Jan | | | | | platforms | | | | |----------+------------------+-------------+---------+-------------| | | Early Deployment | 12.2(1)XE2 | | | | 12.2XE | (ED): limited | 2002-Jan | | | | | platforms | | | | |----------+------------------+-------------+---------+-------------| | | Early Deployment | 12.2(2)XG1 | | | | 12.2XG | (ED): limited | 2001-DEC-17 | | | | | platforms | | | | |----------+------------------+-------------+---------+-------------| | | Early Deployment | 12.2(2)XH2 | | | | 12.2XH | (ED): limited | 2002-Jan | | | | | platforms | | | | |----------+------------------+-------------+---------+-------------| | | Early Deployment | 12.2(2)XI1 | | | | 12.2XI | (ED): limited | 2002-Jan | | | | | platforms | | | | |----------+------------------+-------------+---------+-------------| | | Early Deployment | 12.2(2)XJ2 | | | | 12.2XJ | (ED): limited | 2002-Jan | | | | | platforms | | | | |----------+------------------+-------------+---------+-------------| | | Early Deployment | 12.2(2)XK5 | | | | 12.2XK | (ED): limited | 2002-Jan | | | | | platforms | | | | |----------+------------------+-------------+---------+-------------| | | Early Deployment | 12.2(2)XQ2 | | | | 12.2XQ | (ED): limited | 2002-Jan | | | | | platforms | | | | +===================================================================+ | Notes | +===================================================================+ | * All dates are estimated and subject to change. | | | | ** Interim releases are subjected to less rigorous testing than | | regular maintenance releases, and may have serious bugs. | | | | *** This release does not have a rebuild solution. Customers | | should upgrade to 12.2T when it becomes available. This is not a | | misprint. | +===================================================================+ Obtaining Fixed Software
Cisco is offering free software upgrades to remedy this vulnerability for all affected customers. Customers with service contracts may upgrade to any software version. Customers without contracts may upgrade only within a single row of the table above, except that any available fixed software will be provided to any customer who can use it and for whom the standard fixed software is not yet available. As always, customers may install only the feature sets they have purchased. Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's Worldwide Web site at http://www.cisco.com. Customers whose Cisco products are provided or maintained through prior or existing agreement with third-party support organizations such as Cisco Partners, authorized resellers, or service providers should contact that support organization for assistance with the upgrade, which should be free of charge. Customers without contracts should get their upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows: * +1 800 553 2447 (toll-free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: [email protected] Give the URL of this notice as evidence of your entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Please do not contact either "[email protected]" or "[email protected]" for software upgrades. Workarounds =========== The workaround for this vulnerability is to enter the router interface MAC address into the arp table with an configuration entry, sometimes known as "hard coding" the ARP table entry. The syntax for this command for routers and switches running IOS is as follows: arp <ip-address> <hardware-address> <type> The syntax for this command for switches running CatOS is as follows: set arp [dynamic|permanent|static] <ip_address> <hardware_address> The caveat to this workaround is identified with defect CSCdv04366, which will clear all manually entered MAC addresses from the ARP table, when they are the same as the interface MAC address, when the command "clear arp" is issued on the router. This workaround does not survive a reboot of the router, and must be re-written to the configuration after any reload or reboot. Exploitation and Public Announcements
This vulnerability was disclosed at the Black Hat conferences in Las Vegas this year by Kevin DePeugh <v0nelm0@best.com.> and Jeff Nathan <jeff@wwti.com.>. There have been isolated reports of exploitation of this vulnerability, and workarounds implemented circumvented the attacks. This attack is known as the "Sonic Boom", and tools are readily available. Status of This Notice: FINAL
This is a final notice. Although Cisco cannot guarantee the accuracy of all statements in this notice, all of the facts have been checked to the best of our ability. Cisco does not anticipate issuing updated versions of this notice unless there is some material change in the facts. Should there be a significant change in the facts, Cisco may update this notice. A standalone copy or paraphrase of the text of this security advisory that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This notice will be posted on Cisco's Worldwide Web site at http:// www.cisco.com/warp/public/707/IOS-arp-overwrite-vuln-pub.shtml. In addition to Worldwide Web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients: * [email protected] * [email protected] * [email protected] (includes CERT/CC) * [email protected] * comp.dcom.sys.cisco * [email protected] * Various internal Cisco mailing lists Future updates of this notice, if any, will be placed on Cisco's Worldwide Web server, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the URL given above for any updates. Revision History ================ +-----------------------------------------------------------------------+ |Revision|15-November-2001 | For public release 15-NOV-2001 08:00 AM US/| |1.0 | |Pacific (UTC-0700) | +-----------------------------------------------------------------------+ Cisco Security Procedures
Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's Worldwide Web site at http://www.cisco.com/warp/public/707/ sec_incident_response.shtml. This includes instructions for press inquiries regarding Cisco security notices. All Cisco Security Advisories are available at http://www.cisco.com/go/psirt. - ------------------------------------------------------------------------- This notice is Copyright 2001 by Cisco Systems, Inc. This notice may be redistributed freely after the release date given at the top of the text, provided that redistributed copies are complete and unmodified, and include all date and version information. - ------------------------------------------------------------------------- All contents are Copyright ╘ 1992--2001 Cisco Systems Inc. All rights reserved. Important Notices and Privacy Statement. -----BEGIN PGP SIGNATURE----- Version: PGP 7.0 iQEVAwUBO/P63g/VLJ+budTTAQGeFAf/b3We4VLixOftM/r0Ao/+En+hcdfI6yEO Pzceanq3tXooBYulGhGpBNXRCmPYzEzqsC4t3Ph5v9U8Pr8PZckQKroduSjsLlWg 2LFspKO8kCzQoA1+VLoN5dcrCaj32QdYxPM/WtigKDyydQGK+3fiCmKiGYt6XPGT NCJxxy6NccDCC4B42F01AMWhuoSz7GbcFG8cdzZXyja5KQE+tVFUx6nWeKOD2eYU t6Hsw6FnGQrKZyJM1XUsYO3bddFh615irOVOHfjRq9rKNnucOtG0WRLlwXy5Qskv pDbpQh5Nab7jBTJhT6NbQh+P5bR5upvgR5bj0LFSIYtHhnOPqL3CTA== =89e1 -----END PGP SIGNATURE-----

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру