[nsp] Cisco Security Advisory: IOS HTTP authorization vulnerability

From: Cisco Systems Product Security Incident Response Team (psirt@cisco.com)
Date: Wed Jun 27 2001 - 11:12:52 EDT


-----BEGIN PGP SIGNED MESSAGE-----

            Security Advisory: IOS HTTP authorization vulnerability
                                       
Revision 1.0 - INTERIM

  For public release 2001 June 27 08:00 (UTC -0800)
     _________________________________________________________________
   
Summary

   When HTTP server is enabled and local authorization is used, it is
   possible, under some circumstances, to bypass the authentication and
   execute any command on the device. It that case, the user will be able
   to exercise complete control over the device. All commands will be
   executed with the highest privilege (level 15).
   
   All releases of Cisco IOSŪ software, starting with the release 11.3
   and later, are vulnerable. Virtually, all mainstream Cisco routers and
   switches running Cisco IOS are affected by this vulnerability.
   
   Products that are not running Cisco IOS software are not vulnerable.
   
   The workaround for this vulnerability is to disable HTTP server on the
   router or to use Terminal Access Controller Access Control System
   (TACACS+) or Radius for authentication.
   
   This advisory will be posted at
   http://www.cisco.com/warp/public/707/IOS-httplevel-pub.html
   
Affected Products

   Any device running Cisco IOS software, starting with the release 11.3
   and later is vulnerable.
   
   Cisco devices that may be running with affected IOS software releases
   include, but are not limited to:
     * Cisco routers in the AGS/MGS/CGS/AGS+, IGS, RSM, 800, ubr900,
       1000, 1400, 1500, 1600, 1700, 2500, 2600, 3000, 3600, 3800, 4000,
       4500, 4700, AS5200, AS5300, AS5800, 6400, 7000, 7100, 7200,
       ubr7200, 7500, and 12000 series.
     * Most recent versions of the LS1010 ATM switch.
     * The Catalyst 6000 if it is running Cisco IOS software.
     * The Catalyst 2900XL LAN switch only if it is running Cisco IOS
       software.
     * The Catalyst 1900, 2800, 2900, 3000, and 5000 series LAN switches
       are affected.
     * The Cisco Distributed Director.
       
   For some products, the affected software releases are relatively new
   and may not be available on every device listed above.
   
   If you are not running Cisco IOS software, you are not affected by
   this vulnerability.
   
   Cisco products that do not run Cisco IOS software and are not affected
   by this defect include, but are not limited to:
     * 700 series dialup routers (750, 760, and 770 series).
     * The Catalyst 6000 is not affected if it is not running Cisco IOS
       software.
     * WAN switching products in the IGX and BPX lines.
     * The MGX (formerly known as the AXIS shelf).
     * Host-based software.
     * The Cisco PIX Firewall.
     * The Cisco LocalDirector.
     * The Cisco Cache Engine.
       
   No other Cisco products are affected.
   
Details

   By sending a crafted URL it is possible to bypass authentication and
   execute any command on the router at level 15 (enable level, the most
   privileged level). This will happen only if the user is using a local
   database for authentication (usernames and passwords are defined on
   the device itself). The same URL will not be effective against every
   Cisco IOS software release and hardware combination. However, there
   are only 84 different combinations to try, so it would be easy for an
   attacker to test them all in a short period of time.
   
   The URL in question folows this format:
     
     http://>/level/xx/exec/....

   Where xx is a number between 16 and 99.
   
   This vulnerability is documented as Cisco Bug ID CSCdt93862.
   
Impact

   An attacker can exercise complete control over the device. By
   exploiting this vulnerability, the attacker can see and change
   configuration of the device.
   
Software Versions and Fixes

   Each row of the table describes a release train and the platforms or
   products for which it is intended. If a given release train is
   vulnerable, then the earliest possible releases that contain the fix
   and the anticipated date of availability for each are listed in the
   "Rebuild", "Interim", and "Maintenance" columns. A device running any
   release in the given train that is earlier than the release in a
   specific column (less than the earliest fixed release) is known to be
   vulnerable, and it should be upgraded at least to the indicated
   release or a later version (greater than the earliest fixed release
   label).
   
   When selecting a release, keep in mind the following definitions:
   
        Maintenance
                Most heavily tested and highly recommended release of any
                label in a given row of the table.
                
        Rebuild
                Constructed from the previous maintenance or major
                release in the same train, it contains the fix for a
                specific defect. Although it receives less testing, it
                contains only the minimal changes necessary to effect the
                repair.
                
        Interim
                Built at regular intervals between maintenance releases
                and receives less testing. Interims should be selected
                only if there is no other suitable release that addresses
                the vulnerability, and interim images should be upgraded
                to the next available maintenance release as soon as
                possible. Interim releases are not available via
                manufacturing, and usually they are not available for
                customer download from CCO without prior arrangement with
                the Cisco TAC.
                
   In all cases, customers should exercise caution to be certain the
   devices to be upgraded contain sufficient memory and that current
   hardware and software configurations will continue to be supported
   properly by the new release. If the information is not clear, contact
   the Cisco TAC for assistance as shown in the following section.
   
   More information on IOS release names and abbreviations is available
   at
http://www.cisco.com/warp/public/620/1.html.

 +---------------+----------------+-----------------------------------------+
 | | Description of | |
 | Train | Image or | Availability of Fixed Releases* |
 | | Platform | |
 +---------------+----------------+-------------+------------+--------------+
 |11.0-based Releases and Earlier | Rebuild | Interim** | Maintenance |
 +---------------+----------------+-------------+------------+--------------+
 | |Multiple | |
 | 10.3 |releases and |Not affected |
 | |platforms | |
 +---------------+----------------+-----------------------------------------+
 | |Multiple | |
 | 11.0 |releases and |Not affected |
 | |platforms | |
 +---------------+----------------+-------------+------------+--------------+
 | 11.1-based Releases | Rebuild | Interim** | Maintenance |
 +---------------+----------------+-------------+------------+--------------+
 | |Major release | |
 | 11.1 |for all |Not affected |
 | |platforms | |
 +---------------+----------------+-------------+------------+--------------+
 | 11.2-based Releases | Rebuild | Interim** | Maintenance |
 +---------------+----------------+-------------+------------+--------------+
 | |Major release |End of Engineering |
 | 11.2 |for all +-----------------------------------------+
 | |platforms |Not affected |
 +---------------+----------------+-------------+------------+--------------+
 | 11.3-based Releases | Rebuild | Interim** | Maintenance |
 +---------------+----------------+-------------+------------+--------------+
 | |Major release |End of Engineering |
 | 11.3 |for all +-----------------------------------------+
 | |platforms |Upgrade recommended to 12.0(18) |
 +---------------+----------------+-----------------------------------------+
 | |ED for dial | |
 | |platforms and |Not Scheduled |
 | 11.3AA |access servers +-----------------------------------------+
 | |5800, 5200, |Upgrade recommended to 12.1(9) |
 | |5300, 7200 | |
 +---------------+----------------+-----------------------------------------+
 | |Early deployment|End of Engineering |
 | 11.3DA |train for ISP | |
 | |DSLAM 6200 +-----------------------------------------+
 | |platform |Upgrade recommended to 12.1DA |
 +---------------+----------------+-----------------------------------------+
 | |Early deployment| |
 | |train for |End of Engineering |
 | |ISP/Telco/PTT | |
 | 11.3DB |xDSL broadband +-----------------------------------------+
 | |concentrator | |
 | |platform, (NRP) |Upgrade recommended to 12.1DB |
 | |for 6400 | |
 +---------------+----------------+-----------------------------------------+
 | |Short-lived ED |End of Engineering |
 | 11.3HA |release for ISR | |
 | |3300 (SONET/SDH +-----------------------------------------+
 | |router) |Upgrade recommended to 12.0(18) |
 +---------------+----------------+-----------------------------------------+
 | |MC3810 |End of Engineering |
 | 11.3MA |functionality +-----------------------------------------+
 | |only |Upgrade recommended to 12.1(9) |
 +---------------+----------------+-----------------------------------------+
 | |Voice over IP, | |
 | |media |End of Engineering |
 | 11.3NA |convergence, +-----------------------------------------+
 | |various |Upgrade recommended to 12.1(9) |
 | |platforms | |
 +---------------+----------------+-----------------------------------------+
 | |Early deployment|End of Engineering |
 | 11.3T |major release, | |
 | |feature-rich for+-----------------------------------------+
 | |early adopters |Upgrade recommended to 12.0(18) |
 +---------------+----------------+-----------------------------------------+
 | | |End of Engineering |
 | 11.3XA |Introduction of +-----------------------------------------+
 | |ubr7246 and 2600|Upgrade recommended to 12.0(18) |
 +---------------+----------------+-----------------------------------------+
 | | |End of Engineering |
 | 11.3WA4 |LightStream 1010+-----------------------------------------+
 | | |Upgrade to be determined |
 +---------------+----------------+-------------+------------+--------------+
 | 12.0-based Releases | Rebuild | Interim** | Maintenance |
 +---------------+----------------+-------------+------------+--------------+
 | |General | | | |
 | 12.0 |Deployment | | |12.0(18) |
 | |release for all | | | |
 | |platforms | | | |
 +---------------+----------------+-------------+------------+--------------+
 | | |Not Scheduled |
 | 12.0DA |xDSL support +-----------------------------------------+
 | |6100, 6200 |Upgrade recommended to 12.1(7)DA2 |
 +---------------+----------------+-----------------------------------------+
 | |Early Deployment| |
 | |(ED) release, | |
 | |which delivers |Not Scheduled |
 | |support for the | |
 | 12.0DB |Cisco 6400 +-----------------------------------------+
 | |Universal Access| |
 | |Concentrator | |
 | |(UAC) for Node |Upgrade recommended to 12.1(5)DB2 |
 | |Switch Processor| |
 | |(NSP). | |
 +---------------+----------------+-----------------------------------------+
 | |Early Deployment| |
 | |(ED) release, | |
 | |which delivers |Not Scheduled |
 | |support for the | |
 | 12.0DC |Cisco 6400 +-----------------------------------------+
 | |Universal Access| |
 | |Concentrator | |
 | |(UAC) for Node |Upgrade recommended to 12.1DC |
 | |Switch Processor| |
 | |(NSP). | |
 +---------------+----------------+-------------+------------+--------------+
 | |Core/ISP | | |12.0(18)S |
 | 12.0S |support GSR, | | |Available |
 | |RSP, c7200 | | |2001-July |
 +---------------+----------------+-------------+------------+--------------+
 | 12.0SC |Cable/broadband | | |12.0(16)SC |
 | |ISP ubr7200 | | | |
 +---------------+----------------+-------------+------------+--------------+
 | 12.0SL |10000 ESR c10k | | | |
 +---------------+----------------+-------------+------------+--------------+
 | |Cisco IOS | | | |
 | |software | | | |
 | |Release12.0ST is| | | |
 | |an early | | | |
 | |deployment (ED) | | | |
 | |release for the | | | |
 | 12.0ST |Cisco 7200, | | | |
 | |7500/7000RSP and| | | |
 | |12000 (GSR) | | | |
 | |series routers | | | |
 | |for Service | | | |
 | |Providers | | | |
 | |(ISPs). | | | |
 +---------------+----------------+-------------+------------+--------------+
 | |Early | |
 | |Deployment(ED) |Not Scheduled |
 | 12.0T |VPN, Distributed| |
 | |Director, +-----------------------------------------+
 | |various |Upgrade recommended to 12.1(9) |
 | |platforms | |
 +---------------+----------------+-----------------------------------------+
 | |Catalyst | |
 | |switches | |
 | |cat8510c, | |
 |12.0(13)W5(19c)|cat8540c, c6msm,|Not vulnerable |
 | |ls1010, | |
 | |cat8510m, | |
 | |cat8540m | |
 +---------------+----------------+-------------+------------+--------------+
 | |Catalyst | | | |
 |12.0(10)W5(18g)|switches | | |12.0(18)W5(22a)
 | |cat2948g, | | |2001-August-23|
 | |cat4232 | | | |
 +---------------+----------------+-------------+------------+--------------+
 | |Catalyst | | | |
 |12.0(14)W5(20) |switches | | |12.0(18)W5(22)|
 | |cat5000ATM | | |2001-August-03|
 +---------------+----------------+-------------+------------+--------------+
 | | |Not Scheduled |
 | 12.0WC | +-----------------------------------------+
 | | |Upgrade to be determined |
 +---------------+----------------+-----------------------------------------+
 | | |Not Scheduled |
 | 12.0WT |cat4840g +-----------------------------------------+
 | | |Upgrade to be determined |
 +---------------+----------------+-----------------------------------------+
 | |Early Deployment|Not Scheduled |
 | 12.0XA |(ED) limited +-----------------------------------------+
 | |platforms |Upgrade recommended to 12.1(9) |
 +---------------+----------------+-----------------------------------------+
 | |Short-lived |Not Scheduled |
 | 12.0XB |early deployment+-----------------------------------------+
 | |release |Upgrade recommended to 12.1(9) |
 +---------------+----------------+-----------------------------------------+
 | |Early Deployment|Not Scheduled |
 | 12.0XC |(ED) limited +-----------------------------------------+
 | |platforms |Upgrade recommended to 12.1(9) |
 +---------------+----------------+-----------------------------------------+
 | |Early Deployment|Not Scheduled |
 | 12.0XD |(ED) limited +-----------------------------------------+
 | |platforms |Upgrade recommended to 12.1(9) |
 +---------------+----------------+-----------------------------------------+
 | |Early Deployment|Not Scheduled |
 | 12.0XE |(ED) limited +-----------------------------------------+
 | |platforms |Upgrade recommended to 12.1(8a)E |
 +---------------+----------------+-----------------------------------------+
 | |Early Deployment|Not Scheduled |
 | 12.0XF |(ED) limited +-----------------------------------------+
 | |platforms |Upgrade recommended to 12.1(9) |
 +---------------+----------------+-----------------------------------------+
 | |Early Deployment|Not Scheduled |
 | 12.0XG |(ED) limited +-----------------------------------------+
 | |platforms |Upgrade recommended to 12.1(9) |
 +---------------+----------------+-----------------------------------------+
 | |Early Deployment|Not Scheduled |
 | 12.0XH |(ED) limited +-----------------------------------------+
 | |platforms |Upgrade recommended to 12.1(9) |
 +---------------+----------------+-----------------------------------------+
 | |Early Deployment|Not Scheduled |
 | 12.0XI |(ED) limited +-----------------------------------------+
 | |platforms |Upgrade recommended to 12.1(9) |
 +---------------+----------------+-----------------------------------------+
 | |Early Deployment|Not Scheduled |
 | 12.0XJ |(ED) limited +-----------------------------------------+
 | |platforms |Upgrade recommended to 12.1(9) |
 +---------------+----------------+-----------------------------------------+
 | |Early Deployment|Not Scheduled |
 | 12.0(5)XK |(ED) limited +-----------------------------------------+
 | |platforms |Upgrade recommended to 12.1(9) |
 +---------------+----------------+-----------------------------------------+
 | |Early Deployment|Not Scheduled |
 | 12.0(7)XK |(ED) limited +-----------------------------------------+
 | |platforms |Upgrade recommended to 12.2 |
 +---------------+----------------+-----------------------------------------+
 | |Early Deployment|Not Scheduled |
 | 12.0XL |(ED) limited +-----------------------------------------+
 | |platforms |Upgrade recommended to 12.1(9) |
 +---------------+----------------+-----------------------------------------+
 | |Early Deployment|Not Scheduled |
 | 12.0XM |(ED) limited +-----------------------------------------+
 | |platforms |Upgrade recommended to 12.0(4)XM1 |
 | | |Availability date to be determined |
 +---------------+----------------+-----------------------------------------+
 | |Early Deployment|Not Scheduled |
 | 12.0XN |(ED) limited +-----------------------------------------+
 | |platforms |Upgrade recommended to 12.1(9) |
 +---------------+----------------+-----------------------------------------+
 | |Early Deployment|Not Scheduled |
 | 12.0XP |(ED) limited +-----------------------------------------+
 | |platforms |Upgrade to be determined |
 +---------------+----------------+-----------------------------------------+
 | |Early Deployment|Not Scheduled |
 | 12.0XQ |(ED) limited +-----------------------------------------+
 | |platforms |Upgrade recommended to 12.1(9) |
 +---------------+----------------+-----------------------------------------+
 | |Early Deployment|Not Scheduled |
 | 12.0XR |(ED) limited +-----------------------------------------+
 | |platforms |Upgrade recommended to 12.2(1b) |
 +---------------+----------------+-----------------------------------------+
 | |Early Deployment|End of Engineering |
 | 12.0XS |(ED) limited +-----------------------------------------+
 | |platforms |Upgrade recommended to 12.1(8a)E |
 +---------------+----------------+-----------------------------------------+
 | |Early Deployment|Not Scheduled |
 | 12.0XU |(ED) limited +-----------------------------------------+
 | |platforms |Upgrade to be determined |
 +---------------+----------------+-----------------------------------------+
 | |Early Deployment|Not Scheduled |
 | 12.0XV |(ED) limited +-----------------------------------------+
 | |platforms |Upgrade to be determined |
 +---------------+----------------+-------------+------------+--------------+
 | 12.1-based Releases | Rebuild | Interim** | Maintenance |
 +---------------+----------------+-------------+------------+--------------+
 | |General | | | |
 | 12.1 |deployment | | |12.1(9) |
 | |release for all | | | |
 | |platforms | | | |
 +---------------+----------------+-------------+------------+--------------+
 | 12.1AA |Dial support | | | |
 +---------------+----------------+-------------+------------+--------------+
 | |Core/ISP | | | |
 | 12.1CX |support GSR, | | | |
 | |RSP, c7200 | | | |
 +---------------+----------------+-------------+------------+--------------+
 | 12.1DA |xDSL support |12.1(7)DA2 | | |
 | |6100, 6200 |2001-Jun-18 | | |
 +---------------+----------------+-------------+------------+--------------+
 | |Cisco IOS | | | |
 | |Software Release| | | |
 | |12.1(1)DB | | | |
 | 12.1DB |supports Cisco's| | | |
 | |6400 Universal | | | |
 | |Access | | | |
 | |Concentrator | | | |
 +---------------+----------------+-------------+------------+--------------+
 | |Cisco IOS | | | |
 | |Software Release| | | |
 | |12.1(1)DC | | | |
 | 12.1DC |supports Cisco's| | | |
 | |6400 Universal | | | |
 | |Access | | | |
 | |Concentrator | | | |
 +---------------+----------------+-------------+------------+--------------+
 | |Core/ISP | | | |
 | 12.1E |support GSR, | | |12.1(8a)E |
 | |RSP, c7200 | | |2001-Jul-09 |
 +---------------+----------------+-------------+------------+--------------+
 | |12.1EC is being | | | |
 | |offered to allow| | | |
 | |early support of| | | |
 | |new features on | | | |
 | |the uBR7200 | | | |
 | 12.1EC |platform, as | |12.1(6.5)EC3| |
 | |well as future | | | |
 | |support for new | | | |
 | |Universal | | | |
 | |Broadband Router| | | |
 | |headend | | | |
 | |platforms. | | | |
 +---------------+----------------+-------------+------------+--------------+
 | 12.1EX |Catalyst 6000 | | |12.1(8a)E |
 | |support | | |2001-Jul-09 |
 +---------------+----------------+-------------+------------+--------------+
 | |Cat8510c, | | | |
 | 12.1EY |Cat8510m, | | |12.1(6)EY |
 | |Cat8540c, | | | |
 | |Cat8540m, LS1010| | | |
 +---------------+----------------+-------------+------------+--------------+
 | |Early Deployment| | | |
 | 12.1EZ |(ED) special |12.1(6)EZ1 | | |
 | |image | | | |
 +---------------+----------------+-------------+------------+--------------+
 | |Early | |
 | |Deployment(ED) |Not Scheduled |
 | 12.1T |VPN, Distributed| |
 | |Director, +-----------------------------------------+
 | |various |Upgrade recommended to 12.2(1b) |
 | |platforms | |
 +---------------+----------------+-------------+------------+--------------+
 | |Early Deployment| | | |
 | 12.1XA |(ED) limited | | | |
 | |platforms | | | |
 +---------------+----------------+-------------+------------+--------------+
 | |Early Deployment| | | |
 | 12.1XB |(ED) limited | | | |
 | |platforms | | | |
 +---------------+----------------+-------------+------------+--------------+
 | |Early Deployment| | | |
 | 12.1XC |(ED) limited | | | |
 | |platforms | | | |
 +---------------+----------------+-------------+------------+--------------+
 | |Early Deployment|Not Scheduled |
 | 12.1XD |(ED) limited +-----------------------------------------+
 | |platforms |Upgrade recommended to 12.2(1b) |
 +---------------+----------------+-------------+------------+--------------+
 | |Early Deployment| | | |
 | 12.1XE |(ED) limited | | | |
 | |platforms | | | |
 +---------------+----------------+-------------+------------+--------------+
 | |Early Deployment| | | |
 | 12.1XF |(ED) 811 and |12.1(2)XF4 | | |
 | |813 (c800 |2001-July-09 | | |
 | |images) | | | |
 +---------------+----------------+-------------+------------+--------------+
 | |Early Deployment| | | |
 | 12.1XG |(ED) 800, 805, |12.1(5)XG5 | | |
 | |820, and 1600 |2001-July-09 | | |
 +---------------+----------------+-------------+------------+--------------+
 | |Early Deployment|Not Scheduled |
 | 12.1XH |(ED) limited +-----------------------------------------+
 | |platforms |Upgrade recommended to 12.2(1b) |
 +---------------+----------------+-----------------------------------------+
 | |Early Deployment|Not Scheduled |
 | 12.1XI |(ED) limited +-----------------------------------------+
 | |platforms |Upgrade recommended to 12.2(1b) |
 +---------------+----------------+-----------------------------------------+
 | |Early Deployment|Not Scheduled |
 | 12.1XJ |(ED) limited +-----------------------------------------+
 | |platforms |Upgrade recommended to 12.1(5)YB4 |
 +---------------+----------------+-------------+------------+--------------+
 | |Early Deployment| | | |
 | 12.1XK |(ED) limited | | | |
 | |platforms | | | |
 +---------------+----------------+-------------+------------+--------------+
 | |Early Deployment|Not Scheduled |
 | 12.1XL |(ED) limited +-----------------------------------------+
 | |platforms |Upgrade recommended to 12.2(1b) |
 +---------------+----------------+-------------+------------+--------------+
 | |Short-lived | | | |
 | 12.1XM |early deployment|12.1(4)XM4 | | |
 | |release |2001-June-27 | | |
 +---------------+----------------+-------------+------------+--------------+
 | |Early Deployment| | | |
 | 12.1XP |(ED) 1700 and |12.1(3)XP4 | | |
 | |SOHO | | | |
 +---------------+----------------+-------------+------------+--------------+
 | |Short-lived |Not Scheduled |
 | 12.1XQ |early deployment+-----------------------------------------+
 | |release |Upgrade recommended to 12.2(1b) |
 +---------------+----------------+-------------+------------+--------------+
 | |Short-lived | | | |
 | 12.1XR |early deployment|12.1(5)XR2 | | |
 | |release | | | |
 +---------------+----------------+-------------+------------+--------------+
 | |Short-lived | | | |
 | 12.1XS |early deployment| | | |
 | |release | | | |
 +---------------+----------------+-------------+------------+--------------+
 | |Early Deployment| | | |
 | 12.1XT |(ED) 1700 |12.1(3)XT3 | | |
 | |series | | | |
 +---------------+----------------+-------------+------------+--------------+
 | |Early Deployment| | | |
 | 12.1XU |(ED) limited |12.1(5)XU1 | | |
 | |platforms | | | |
 +---------------+----------------+-------------+------------+--------------+
 | |Short-lived | | | |
 | 12.1XV |early deployment|12.1(5)XV3 | | |
 | |release |2001-July | | |
 +---------------+----------------+-------------+------------+--------------+
 | |Short-lived |Not Scheduled |
 | 12.1XW |early deployment+-----------------------------------------+
 | |release |Upgrade recommended to 12.2DD |
 +---------------+----------------+-------------+------------+--------------+
 | |Short-lived | | | |
 | 12.1XX |early deployment| | |12.1(6)EZ |
 | |release | | | |
 +---------------+----------------+-------------+------------+--------------+
 | |Short-lived | | | |
 | 12.1XY |early deployment|12.1(5)XY6 | | |
 | |release |2001-July | | |
 +---------------+----------------+-------------+------------+--------------+
 | |Short-lived | | | |
 | 12.1XZ |early deployment|12.1(5)XZ4 | | |
 | |release |2001-July | | |
 +---------------+----------------+-------------+------------+--------------+
 | |Short-lived | | | |
 | 12.1YA |early deployment| | | |
 | |release | | | |
 +---------------+----------------+-------------+------------+--------------+
 | |Short-lived | | | |
 | 12.1YB |early deployment|12.1(5)YB4 | | |
 | |release | | | |
 +---------------+----------------+-------------+------------+--------------+
 | |Short-lived | | | |
 | 12.1YC |early deployment|12.1(5)YC1 | | |
 | |release | | | |
 +---------------+----------------+-------------+------------+--------------+
 | |Short-lived | | | |
 | 12.1YD |early deployment|12.1(5)YD2 | | |
 | |release |2001-June-25 | | |
 +---------------+----------------+-------------+------------+--------------+
 | |Short-lived | | | |
 | 12.1YF |early deployment|12.1(5)YF2 | | |
 | |release | | | |
 +---------------+----------------+-------------+------------+--------------+
 | 12.2-based Releases | Rebuild | Interim** | Maintenance |
 +---------------+----------------+-------------+------------+--------------+
 | |General | | | |
 | 12.2 |deployment |12.2(1b) |12.2(1.1) |12.2(3) |
 | |release for all | | |2001-August |
 | |platforms | | | |
 +---------------+----------------+-------------+------------+--------------+
 | |General | | | |
 | 12.2T |deployment | |12.2(2.2)T | |
 | |release for all | | | |
 | |platforms | | | |
 +---------------+----------------+-------------+------------+--------------+
 | 12.2XA |SPLOB | | |12.2(2)XA |
 | | | | |2001-July-02 |
 +---------------+----------------+-------------+------------+--------------+
 | |Short-lived | | | |
 | 12.2XD |early deployment|12.2(1)XD1 | | |
 | |release | | | |
 +---------------+----------------+-------------+------------+--------------+
 | |Short-lived | | | |
 | 12.2XE |early deployment| | |12.2(1)XE |
 | |release | | | |
 +---------------+----------------+-------------+------------+--------------+
 | |Short-lived | | | |
 | 12.2XH |early deployment| | |12.2(1)XH |
 | |release | | |2001-June-25 |
 +---------------+----------------+-------------+------------+--------------+
 | |Short-lived | | | |
 | 12.2XQ |early deployment| | |12.2(1)XQ |
 | |release | | |2001-June-23 |
 +---------------+----------------+-------------+------------+--------------+
 | Notes |
 +--------------------------------------------------------------------------+
 | * All dates are estimated and subject to change. |
 | |
 | ** Interim releases are subjected to less rigorous testing than regular |
 | maintenance releases, and may have serious bugs. |
 +--------------------------------------------------------------------------+
   
Obtaining Fixed Software

   Cisco is offering free software upgrades to eliminate this
   vulnerability for all affected customers.
   
   Customers with contracts should obtain upgraded software through their
   regular update channels. For most customers, this means that upgrades
   should be obtained through the Software Center on Cisco's Worldwide
   Web site at http://www.cisco.com. Please do not contact either
   "psirt@cisco.com" or "security-alert@cisco.com" for software upgrades.
   
Workarounds

   The workaround for this vulnerability is to disable HTTP server on the
   router or to use TACACS+ or Radius for authentication.
   
   To disable HTTP server, use the following commands:

      Router# configure terminal
      Enter configuration commands, one per line. End with CNTL/Z.
      Router(config)# no ip http server

   In order to configure TACACS+ or Radius for authentication please
   consult the following link
   http://www.cisco.com/warp/public/480/tacplus.shtml
   
Exploitation and Public Announcements

   This vulnerability has been reported to us independently by David
   Hyams, Ernst & Young, Switzerland and by Bashis (bash@ns.wcd.se).
   
   The Cisco PSIRT has received no reports of malicious exploitation of
   this vulnerability and we are not aware of any public discussion.
   
Status of This Notice: INTERIM

   This is an interim security advisory. Cisco anticipates issuing
   updated versions of this notice at irregular intervals as there are
   material changes in the facts, and will continue to update this notice
   as necessary. The reader is warned that this notice may contain
   inaccurate or incomplete information. Although Cisco cannot guarantee
   the accuracy of all statements in this notice, all of the facts have
   been checked to the best of our ability. Cisco anticipates issuing
   monthly updates of this notice until it reaches FINAL status.
   
   A standalone copy or paraphrase of the text of this security advisory
   that omits the distribution URL in the following section is an
   uncontrolled copy, and may lack important information or contain
   factual errors.
   
Distribution

   This notice will be posted on Cisco's Worldwide Web site at
   http://www.cisco.com/warp/public/707/IOS-httplevel-pub.html. In
   addition to Worldwide Web posting, a text version of this notice is
   clear-signed with the Cisco PSIRT PGP key and is posted to the
   following e-mail and Usenet news recipients:
     * cust-security-announce@cisco.com
     * bugtraq@securityfocus.com
     * first-teams@first.org (includes CERT/CC)
     * cisco@spot.colorado.edu
     * comp.dcom.sys.cisco
     * firewalls@lists.gnac.com
     * Various internal Cisco mailing lists
       
   Future updates of this notice, if any, will be placed on Cisco's
   Worldwide Web server, but may or may not be actively announced on
   mailing lists or newsgroups. Users concerned about this problem are
   encouraged to check the URL given above for any updates.
   
Revision History

   Revision 1.0 2001-June-27 08:00 UTC -0800 Initial public release
   
Cisco Security Procedures

   Complete information on reporting security vulnerabilities in Cisco
   products, obtaining assistance with security incidents, and
   registering to receive security information from Cisco, is available
   on Cisco's Worldwide Web site at
   http://www.cisco.com/warp/public/707/sec_incident_response.shtml.
   This includes instructions for press inquiries regarding Cisco
   security notices.
     _________________________________________________________________
   
   This notice is Copyright 2000 by Cisco Systems, Inc. This notice may
   be redistributed freely after the release date given at the top of the
   text, provided that redistributed copies are complete and unmodified,
   and include all date and version information.
     _________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBOzn11WiN3BRdFxkbAQEwYwf/V48sYQX3IhLJFSBJacx0OJFXuVYRcvcR
uzg6L+0gSCMcD8N1he07/lLN1B6NoM95nqZ6Mq4duedBUDRj3JgY1452/yNDUnSW
l0E8B+sxqod0P5RChpilOQvrw2z7JGySxaS4b2KHzmIME1qqa2qvGZBkRQNUZH+5
9ws/PLg/xyG1mI2321I5te5gxAtDk0cpzkOBGeYX9+REYmvQVuz6QJZceDUyx/NT
4j8Va1u0ZvRe36D6KJA+Dj4Tl7MY9OeKukoW4g0ZctsEWFh28e8E40vChJQhlCXA
sVkxbZ8KYTnF5BeIYBhwkZ1PwMRAY+MLD7KOyxvtbn2w+NZD/TNURQ==
=QO5F
-----END PGP SIGNATURE-----



This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:43 EDT