Manualshelf

User guide

ManualsBrandsCisco ManualsComputer equipment2525 - 2525 TR Router
31323334353637383940
37
Release Notes for Cisco 2500 Series for Cisco IOS Release 12.0 T
78-5563-07 Rev.H0
Important Notes
Attackers can cause Cisco IOS devices to repeatedly fail and reload, resulting in a completely disabled
Cisco IOS device that needs to be reconfigured by its administrator. Some Cisco IOS devices have been
observed to hang instead of failing when attacked. These devices do not recover until they are manually
restarted by reset or power cycling. An administrator must personally visit an attacked, hung device to
restart it, even if the attacker is no longer actively sending any traffic. Some devices have failed without
providing stack traces; some devices may indicate that they were “restarted by power-on,” even when
that is not the case.
Assume that any potential attacker is likely to know that existence of this problem and the ways to
exploit it. An attacker can use tools available to the public on the Internet and does not need to write
any software to exploit the vulnerability. Minimal skill is required and no special equipment is required.
Despite Cisco specifically inviting such reports, Cisco has received no actual reports of malicious
exploitation of this problem.
This vulnerability notice was posted on Cisco’s World Wide Web site:
http://www.cisco.com/warp/public/770/iossyslog-pub.shtml
This information was also sent to the following e-mail and USENET news recipients:
cust-security-announce@cisco.com
bugtraq@netspace.org
first-teams@first.org (includes CERT/CC)
first-info@first.org
cisco@spot.colorado.edu
comp.dcom.sys.cisco
nanog@merit.edu
Affected Devices and Software Versions
Vulnerable devices and software versions are specified in Table 7, Affected and Repaired Software
Versions. Affected versions include Releases 11.3 AA, 11.3 DB, and all 12.0 versions (including 12.0
mainline, 12.0 S, 12.0 T, and any other regular released version whose number starts with 12.0), up to
the repaired releases listed in Table 7. Cisco is correcting the problem in certain special releases and
will correct it in future maintenance and interim releases. See Table 7, Affected and Repaired Software
Versions for details. Cisco intends to provide fixes for all affected IOS variants.
No particular configuration is needed to make a Cisco IOS device vulnerable. It is possible to filter out
attack traffic by using access lists. See the “Workarounds” section on page 39 for techniques. However,
except at Internet firewalls, the appropriate filters are not common in customer configurations. Carefully
evaluate your configuration before assuming that any filtering you have protects you against this attack.
The most commonly used or asked-about products are listed below. If you are unsure whether your
device is running Cisco IOS software, log in to the device and issue the show version command. Cisco
IOS software will identify itself simply as “IOS” or “Internetwork Operating System Software”. Other
Cisco devices will not have the show version command, or they will identify themselves differently in
their output. The most common Cisco devices that run Cisco IOS software include the following:
Cisco routers in the AGS/MGS/CGS/AGS+, IGS, RSM, 800, uBR900, 1000, 2500, 2600, 3000,
3600, 3800, 4000, 4500, 4700, AS5200, AS5300, AS5800, 6400, 7000, 7200 (including the
uBR7200), 7500, and 12000 series
Most recent versions of the LS1010 ATM switch
Some versions of the Catalyst 2900XL LAN switch