TLAnews Information for security concerned people

*Telecom and Logistics Associates*	TLAalert *Security Service*
Translate this page from:	publication: Christian ALT

Save Time and Money

TLAnews: Security NEWs Service

27.6.2000 Security: Crash Cisco routers with Security tests
Cisco has been forced to warn customers that its routers can crash when tested for security vulnerabilities by security scanning software programs.

En français: "Crasher" des routeurs cisco avec des tests de sécurité
Cisco a du avertir ses clients que ses routeurs peuvent s'interrompre lorsqu'ils subissent certains tests de sécurité, par des scanners de sécurité

Home

TLAnews

TLAnews.com
Information for security concerned people

English version

The defect, due to a fault in Cisco's IOS (Internet Operating System) software, can be exploited repeatedly to produce a consistent denial of service (DoS) attack, Cisco has admitted. The defect first came to light two months ago but is still an issue in the field, so Cisco has issued a reminder to customers.

Cisco customers using the affected IOS software releases - which include 11.3AA, and a number of 12.0 releases up to and including 12.0(6) - are urged to upgrade as soon as possible to later versions, which are not vulnerable to the defect.

Résumé en français

Le défault est du à une anomalie dans le logiciel Cisco IOS (Internet Operating System). Cette faille peut être exploitée de manière repétitive et creer une situation de Déni de service (DoS). Cette vulnérabilité est apparue il y a deux mois de cela, mais cela n'a pas été corrigé à beaucoup d'endroit, c'est ce qui a incité Cisco à transmettre une nouvelle mise en garde.

Les client Cisco qui utilisent la version logicielle incriminée, qui comprend les 1.3AA, et un nombre de version 12.0 jusqu'à et y compris 12.0(6), doivent rapidement effectuer une mise à jour aux versions suivantes.

Cisco's advisory states: "The described defect can be used to mount a consistent and repeatable denial of service attack on any vulnerable Cisco product, which may result in violations of the availability aspects of a customer's security policy. This defect by itself does not cause the disclosure of confidential information nor allow unauthorised access."

The flaw in IOS is exposed when unspecified security scanners test for the presence of two specific vulnerabilities that affect certain Unix-based systems. These vulnerabilities are unrelated to Cisco IOS software. However, a side effect of the tests means that a router can crash without warning.

During the test, the scanning program invokes the Telnet Environ option, #36, before the router is ready to accept it. This causes the router to reset itself unexpectedly.

In lieu of a software upgrade, Cisco has also detailed workarounds. These involve setting up an interactive log-in capability without using the Telnet service, thus mitigating the threat.

This vulnerability affects a wide range of Cisco's hardware line including series access servers, routers, access products and voice gateway products running vulnerable software.

All information provided is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act upon such information without appropriate professional advice after a thorough examination of the facts of the particular situation.

Author information. Copyright © [Telecom and Logistics Associates Sàrl]. All rights reserved. Revised: juin 27, 2000 .

Author information.
Copyright © [Telecom and Logistics Associates Sàrl]. All rights reserved.
Revised: juin 27, 2000 .