Re: [nsp] Cisco Security Advisory: Scanning for SSH Can Cause a Crash

From: Charles Sprickman (spork@inch.com)
Date: Thu Jun 27 2002 - 14:51:59 EDT


Any idea if a vty access list is enough protection? It seems it may come
too late:

toolbox[/var/qmail/supervise/qmail-send]# telnet x.x.x.x 22
Trying x.x.x.x...
Connected to x.x.x.x
Escape character is '^]'.
Connection closed by foreign host.

Thanks,

Charles

--
Charles Sprickman
spork@inch.com

On Wed, 27 Jun 2002, Cisco Systems Product Security Incident Response Team wrote:

> -----BEGIN PGP SIGNED MESSAGE----- > > Security Advisory: Scanning for SSH Can Cause a Crash > > Revision 1.0 > > For Public Release 2002 June 27 16:00 (UTC 0000) > > - --------------------------------------------------------------------------- > > Summary > ======= > While fixing vulnerabilities mentioned in the Cisco Security Advisory: > Multiple SSH Vulnerabilities (http://www.cisco.com/warp/public/707/ > SSH-multiple-pub.html) we inadvertently introduced an instability in some > products. When an attacker tries to exploit the vulnerability VU#945216 > (described in the CERT/CC Vulnerability Note at http://www.kb.cert.org/vuls > /id/945216) the SSH module will consume too much of the processor's time, > effectively causing a DoS. In some cases the device will reboot. In order > to be exposed SSH must be enabled on the device. > > Affected product lines are: > > * All devices running Cisco IOSŪ Software supporting SSH. This includes > routers and switches running Cisco IOS Software. > > * Catalyst 6000 switches running CatOS. > > * Cisco PIX Firewall. > > * Cisco 11000 Content Service Switch family. > > No other Cisco product is vulnerable. It is possible to mitigate this > vulnerability by preventing, or having control over, the SSH traffic. > > This advisory is available at http://www.cisco.com/warp/public/707/ > SSH-scanning.shtml. > > Affected Products > ================= > * All devices running Cisco IOS Software supporting SSH. This includes > routers and switches running Cisco IOS Software. > > * Catalyst 6000 switches running CatOS. > > * Cisco PIX Firewall. > > * Cisco 11000 Content Service Switch family. > > +--------------------------------------------------+ > | Product Category | Vulnerability ID | > |--------------------+-----------------------------| > | IOS | CSCdw33027 | > |--------------------+-----------------------------| > | PIX | CSCdw29965 | > |--------------------+-----------------------------| > | VPN 3000 | Not affected | > |--------------------+-----------------------------| > | Catalyst 6000 | CSCdv85279 and CSCdw59394 | > |--------------------+-----------------------------| > | CSS 11000 | CSCdx59197 | > +--------------------------------------------------+ > > All software releases listed in the http://www.cisco.com/warp/public/707/ > SSH-multiple-pub.html (Cisco Security Advisory: Multiple SSH > Vulnerabilities), including all subsequent software releases that contain > the patches addressed by that advisory are vulnerable. > > All software that does not contain fixes for the issues listed in the > previous SSH advisory are not vulnerable to the issue described in this > advisory. However, falling back to a previous software release will leave > you exposed to the vulnerabilities described in the previous advisory and > you will lose any additional features or functionalities introduced in the > newer releases. > > No other Cisco products are affected. > > Details > ======= > While fixing the vulnerabilities listed in http://www.cisco.com/warp/public > /707/SSH-multiple-pub.html (Cisco Security Advisory: Multiple SSH > Vulnerabilities) an instability is introduced in some products. When > exposed to an overly large packet, the SSH process will consume a large > portion of the processor's instruction cycles, effectively causing a DoS. > The capability to create such a packet is available in publicly available > exploit code. In some cases this availability attack may result in a reboot > of the device. In order to be exposed SSH must be enabled on the device. > > The vulnerability in question is named CRC-32 Check in the http:// > www.cisco.com/warp/public/707/SSH-multiple-pub.html. It is also marked as > VU#945216 and described in the CERT/CC Vulnerability Note at http:// > www.kb.cert.org/vuls/id/945216. > > Impact > ====== > By repeatedly exploiting this vulnerability an attacker can cause a denial > of service, though Cisco products remain unaffected to the exploits that > are trying to exploit vulnerabilities listed in http://www.cisco.com/warp/ > public/707/SSH-multiple-pub.html. > > Software Versions and Fixes > =========================== > For CSS 11000 family, the vulnerability is fixed in the following software > releases. > > +--------------------------------------------------+ > | WebNS | R5.00.045 or later (available now) | > | | 5.10.1.01 available July 2002 | > +--------------------------------------------------+ > > For Catalyst 6000 switches, the vulnerability is fixed in the following > CatOS releases. This table lists the first fixed release. > > +--------------------------------------------------+ > | CatOS | 6.3(3.6), 7.1(0.94), 7.2(0.14)PEN | > +--------------------------------------------------+ > > Each row of the table describes a release train and the platforms or > products for which it is intended. If a given release train is vulnerable, > then the earliest possible releases that contain the fix and the > anticipated date of availability for each are listed in the "Rebuild", > "Interim", and "Maintenance" columns. A device running any release in the > given train that is earlier than the release in a specific column (less > than the earliest fixed release) is known to be vulnerable, and it should > be upgraded at least to the indicated release or a later version (greater > than the earliest fixed release label). > > When selecting a release, keep in mind the following definitions: > > Maintenance > Most heavily tested and highly recommended release of any label in > a given row of the table. > > Rebuild > Constructed from the previous maintenance or major release in the > same train, it contains the fix for a specific defect. Although it > receives less testing, it contains only the minimal changes > necessary to effect the repair. > > Interim > Built at regular intervals between maintenance releases and > receives less testing. Interims should be selected only if there is > no other suitable release that addresses the vulnerability. Interim > images should be upgraded to the next available maintenance release > as soon as possible. Interim releases are not available through > manufacturing, and usually they are not available for customer > download from CCO without prior arrangement with the Cisco > Technical Assistance Center (TAC). > > In all cases, customers should exercise caution to be certain the devices > to be upgraded contain sufficient memory and that current hardware and > software configurations will continue to be supported properly by the new > release. If the information is not clear, contact the Cisco TAC for > assistance as shown in the following section. > > More information on Cisco IOS software release names and abbreviations is > available at http://www.cisco.com/warp/public/620/1.html. > > For PIX Firewall software, use the following table to determine affected > and fixed software releases. > > +---------------------------------------------------------+ > | | Description | | > | Train | of Image or | Availability of Fixed Releases* | > | | Platform | | > |---------------------+-----------------------------------| > | 5.x-based Releases | Rebuild | Interim** | Maintenance | > |---------------------+---------+-----------+-------------| > | | General | | | | > | | Deployment | | | | > | | (GD) for | | 5.2(6)202 | | > | 5.2 | Classic, | | Available | 5.2(7) | > | | 10000, 506, | | through | | > | | 506E, 510, | | TAC | | > | | 515, 515E, | | | | > | | 520 and 525 | | | | > |-------+-------------+---------+-----------+-------------| > | | Early | | | | > | | Deployment | | | | > | | (ED) for | | 5.3(2)205 | | > | | Classic, | | Available | | > | 5.3 | 10000, 506, | | through | 5.3(3) | > | | 506E, 510, | | TAC | | > | | 515, 515E, | | | | > | | 520, 525 | | | | > | | and 535 | | | | > |---------------------+---------+-----------+-------------| > | 6.x-based Releases | Rebuild | Interim** | Maintenance | > |---------------------+---------+-----------+-------------| > | | Early | | | | > | | Deployment | | 6.0(1)106 | | > | | (ED) for | | Available | | > | 6.0 | 501, 506, | | through | 6.0(2) | > | | 506E, 515, | | TAC | | > | | 515E, 520, | | | | > | | 525 and 535 | | | | > |-------+-------------+---------+-----------+-------------| > | | Early | | | | > | | Deployment | | 6.1(1)105 | | > | | (ED) for | | Available | | > | 6.1 | 501, 506, | | through | 6.1(2) | > | | 506E, 515, | | TAC | | > | | 515E, 520, | | | | > | | 525 and 535 | | | | > |-------+-------------+---------+-----------+-------------| > | | Early | | | | > | | Deployment | | 6.2(0)222 | | > | | (ED) for | | Available | | > | 6.2 | 501, 506, | | through | 6.2(1) | > | | 506E, 515, | | TAC | | > | | 515E, 520, | | | | > | | 525 and 535 | | | | > +---------------------------------------------------------+ > > For Cisco IOS software, use the following table to determine affected and > fixed software releases. This table always lists the first fixed release, > which is not necessarily the recommended release for your particular > environment. > > +-----------------------------------------------------------------------+ > | Train | Description of Image | Availability of Fixed Releases* | > | | or Platform | | > |--------------------------------+--------------------------------------| > | 12.0-based Releases | Rebuild | Interim | Maintenance | > | | | ** | | > |--------------------------------+------------+---------+---------------| > | 12.0S | Core/ISP support: | 12.0(17)S4 | 12.0 | 12.0(21)S | > | | GSR, RSP, c7200 | | (20.4)S | | > |--------+-----------------------+------------+---------+---------------| > | | Core/ISP support: | 12.0(20) | 12.0 | | > | 12.0SP | GSR, RSP, c7200 | SP2 | (20.4) | | > | | | | SP | | > |--------+-----------------------+------------+---------+---------------| > | | Core/ISP support: | 12.0(17) | 12.0 | | > | 12.0ST | GSR, RSP, c7200 | ST5 | (20.3) | 12.0(21)S | > | | | | ST2 | | > |--------+-----------------------+--------------------------------------| > | | Early Deployment | Not Scheduled | > | 12.0XB |Release |--------------------------------------| > | | | Migrate to 12.1(1)T or later | > |--------+-----------------------+--------------------------------------| > | | Early Deployment | Not Scheduled | > | 12.0XM |Release |--------------------------------------| > | | | Migrate to 12.1(3)T or later | > |--------+-----------------------+--------------------------------------| > | | Early Deployment | Not Scheduled | > | 12.0XV |Release |--------------------------------------| > | | | Migrate to 12.1(2)T or later | > |--------------------------------+--------------------------------------| > | 12.1-based Releases | Rebuild | Interim | Maintenance | > | | | ** | | > |--------------------------------+--------------------------------------| > | | General deployment | | > | 12.1 | release for all | SSH not supported | > | | platforms | | > |--------+-----------------------+--------------------------------------| > | | Core/ISP support: | | 12.1 | | > | 12.1E | GSR, RSP, c7200, | 12.1(8b)E8 | (10.5)E | 12.1(11b)E | > | | Catalyst 6000 | | | | > |--------+-----------------------+------------+---------+---------------| > | | Early Deployment | | 12.1 | | > | 12.1EC | Release | | (10.5) | 12.1(12c)EC | > | | | | EC | | > |--------+-----------------------+--------------------------------------| > | 12.1 | Early Deployment | Not Scheduled | > | (1)EX |Release |--------------------------------------| > | | | Migrate to 12.1(3)T or later | > |--------+-----------------------+--------------------------------------| > | 12.1 | | Not Scheduled | > | (5c)EX |Catalyst 6000 support |--------------------------------------| > | | | Migrate to 12.1(6)EX or later | > |--------+-----------------------+--------------------------------------| > | 12.1 | | Not Scheduled | > | (8a)EX |12.1E based XED |--------------------------------------| > | | | Migrate to 12.1(11)E or later | > |--------+-----------------------+--------------------------------------| > | 12.1 | Early Deployment | Not Scheduled | > | (9)EX |Release |--------------------------------------| > | | | Migrate to 12.1(10)EX or later | > |--------+-----------------------+--------------------------------------| > | | Early Deployment(ED): | Not Scheduled | > | | VPN, Distributed | | > | 12.1T |Director, various |--------------------------------------| > | | platforms | Migrate to 12.2 or later | > | | | | > |--------+-----------------------+--------------------------------------| > | | Early Deployment | Not Scheduled | > | 12.1XB |Release |--------------------------------------| > | | | Migrate to 12.1(5)YB or later | > |--------+-----------------------+--------------------------------------| > | | Early Deployment | Not Scheduled | > | 12.1XC |(ED): limited |--------------------------------------| > | | platforms | Migrate to 12.2 or later | > |--------+-----------------------+--------------------------------------| > | | Early Deployment | 12.1(2)XF6 | | Not planned, | > | 12.1XF | (ED): 811 and 813 | Release | | migrate to | > | | (c800 images) | date to be | | 12.1(5)T or | > | | | determined | | later | > |--------+-----------------------+------------+---------+---------------| > | | Early Deployment | 12.1(3)XG7 | | Not planned, | > | 12.1XG | (ED): 800, 805, 820, | Release | | migrate to | > | | and 1600 | date to be | | 12.2(1)T or | > | | | determined | | later | > |--------+-----------------------+--------------------------------------| > | | Early Deployment | Not Scheduled | > | 12.1XH |(ED): limited |--------------------------------------| > | | platforms | Migrate to 12.2 or later | > |--------+-----------------------+--------------------------------------| > | | Early Deployment | Not Scheduled | > | 12.1XI |(ED): limited |--------------------------------------| > | | platforms | Migrate to 12.2 or later | > |--------+-----------------------+--------------------------------------| > | | Early Deployment | Not Scheduled | > | 12.1XJ |(ED): limited |--------------------------------------| > | | platforms | Migrate to 12.2(2)T or later | > |--------+-----------------------+--------------------------------------| > | | Early Deployment | Not Scheduled | > | 12.1XL |(ED): limited |--------------------------------------| > | | platforms | Migrate to 12.2 or later | > |--------+-----------------------+--------------------------------------| > | | | | | Not planned, | > | 12.1XM | Short-lived early | 12.1(5)XM7 | | migrate to | > | | deployment release | | | 12.2(1)T or | > | | | | | later | > |--------+-----------------------+--------------------------------------| > | | Short-lived early | Not Scheduled | > | 12.1XP |deployment release |--------------------------------------| > | | | Migrate to 12.2(2)T or later | > |--------+-----------------------+--------------------------------------| > | | Short-lived early | Not Scheduled | > | 12.1XQ |deployment release |--------------------------------------| > | | | Migrate to 12.2(2)XB or later | > |--------+-----------------------+--------------------------------------| > | | Early Deployment | Not Scheduled | > | 12.1XT |(ED): 1700 series |--------------------------------------| > | | | Migrate to 12.2(2)T or later | > |--------+-----------------------+--------------------------------------| > | | Early Deployment | Not Scheduled | > | 12.1XU |(ED): limited |--------------------------------------| > | | platforms | Migrate to 12.2T or later | > |--------+-----------------------+--------------------------------------| > | | | 12.1(5)YB6 | | Not planned, | > | 12.1YB | Short-lived early | Release | | migrate to | > | | deployment release | date to be | | 12.2(2)T or | > | | | determined | | later | > |--------+-----------------------+------------+---------+---------------| > | | | 12.1(5)YC3 | | Not planned, | > | 12.1YC | Short-lived early | Release | | migrate to | > | | deployment release | date to be | | 12.2(4)T or | > | | | determined | | later | > |--------+-----------------------+--------------------------------------| > | | Short-lived early | Not Scheduled | > | 12.1YD |deployment release |--------------------------------------| > | | | Migrate to 12.2(8)T or later | > |--------+-----------------------+--------------------------------------| > | | Short-lived early | Not Scheduled | > | 12.1YE |deployment release |--------------------------------------| > | | | Migrate to 12.1(5)YI or later | > |--------+-----------------------+--------------------------------------| > | | Short-lived early | Not Scheduled | > | 12.1YF |deployment release |--------------------------------------| > | | | Migrate to 12.2(2)XN or later | > |--------+-----------------------+--------------------------------------| > | | Short-lived early | Not Scheduled | > | 12.1YI |deployment release |--------------------------------------| > | | | Migrate to 12.2(2)YC or later | > |--------------------------------+--------------------------------------| > | 12.2-based Releases | Rebuild | Interim | Maintenance | > | | | ** | | > |--------------------------------+------------+---------+---------------| > | | General deployment | | 12.2 | | > | 12.2 | release for all | 12.2(6b) | (7.4) | 12.2(7) | > | | platforms | | | | > |--------+-----------------------+------------+---------+---------------| > | 12.2B | Early Deployment | 12.2(4)B3 | 12.2 | | > | | Broadband Release | | (7.6)B | | > |--------+-----------------------+------------+---------+---------------| > | | Early Deployment | | | | > | 12.2BC | Broadband Release | 12.2(8)BC1 | | | > | | uBR7000 and uBR10000 | | | | > |--------+-----------------------+------------+---------+---------------| > | 12.2DA | Early Deployment | 12.2(6.8a) | | 12.2(7)DA | > | | Release: xDSL | DA | | | > |--------+-----------------------+--------------------------------------| > | | Specific Technology | Not Scheduled | > | 12.2DD |Early Deployment |--------------------------------------| > | | release for 7200 and | Migrate to 12.2(4)B1 or later | > |--------+-----------------------+--------------------------------------| > | 12.2S | SPLOB | | 12.2 | | > | | | | (7.4)S | | > |--------+-----------------------+------------+---------+---------------| > | | General deployment | | 12.2 | | > | 12.2T | release for all | | (7.4)T | 12.2(8)T | > | | platforms | | | | > |--------+-----------------------+--------------------------------------| > | | Early Deployment | Not Scheduled | > | 12.2XA |Release |--------------------------------------| > | | | Migrate to 12.2(4)T or 12.2(2)XB | > |--------+-----------------------+--------------------------------------| > | | Early Deployment | 12.2(2)XB4 | | | > | 12.2XB | Release | Available | | | > | | | 2002-July | | | > |--------+-----------------------+------------+---------+---------------| > | | | | | Not planned, | > | 12.2XD | ICS7750, 820, soho70 | 12.2(1)XD4 | | migrate to | > | | | | | 12.2(8)T or | > | | | | | later | > |--------+-----------------------+------------+---------+---------------| > | | | | | Not planned, | > | 12.2XE | 806, 820, soho78 | 12.2(1)XE3 | | migrate to | > | | | | | 12.2(8)T or | > | | | | | later | > |--------+-----------------------+--------------------------------------| > | | DOCSYS support, | Not Scheduled | > | 12.2XF |uBR7100, uBR7200, |--------------------------------------| > | | uBR10000 | Migrate to 12.2(4)BC1 | > |--------+-----------------------+--------------------------------------| > | | | Not Scheduled | > | 12.2XG |IAD2400/2600/3600 |--------------------------------------| > | | | Migrate to 12.2(8)T | > |--------+-----------------------+--------------------------------------| > | | 1700, 800, 820, | | | Not planned, | > | 12.2XH | soho70 | 12.2(2)XH3 | | migrate to | > | | | | | 12.2(8)T | > |--------+-----------------------+------------+---------+---------------| > | | Early Deployment | | | Not planned, | > | 12.2XI | Release 820/SOHO | 12.2(2)XI2 | | migrate to | > | | | | | 12.2(12)T | > |--------+-----------------------+--------------------------------------| > | | | Not Scheduled | > | 12.2XJ |1700 |--------------------------------------| > | | | Migrate to 12.2(4)YB | > |--------+-----------------------+--------------------------------------| > | | Early Deployment | | | Not planned, | > | 12.2XK | Release 820/SOHO | 12.2(2)XK3 | | migrate to | > | | | | | 12.2(12)T | > |--------+-----------------------+------------+---------+---------------| > | | 1700, 820, 800, | 12.2(4)XL5 | | Not planned, | > | 12.2XL | SOHO70 | Available | | migrate to | > | | | 2002-June | | 12.2(12)T | > |--------+-----------------------+------------+---------+---------------| > | 12.2XM | Early Deployment | 12.2(4)XM4 | | | > | | Release | | | | > |--------+-----------------------+--------------------------------------| > | | Early Deployment | Not Scheduled | > | 12.2XN |Release for enhanced |--------------------------------------| > | | MGCP support, | Upgrade recommended to a release yet | > | | selected platforms | to be determined | > |--------+-----------------------+--------------------------------------| > | | | Not Scheduled | > | 12.2XQ |1720, 1750, 1752 |--------------------------------------| > | | | Migrate to 12.2(4)YB or later | > |--------+-----------------------+--------------------------------------| > | | Short-lived early | Not Scheduled | > | 12.2XR |deployment release |--------------------------------------| > | | | Migrate to 12.2(4)XR or later | > |--------+-----------------------+--------------------------------------| > | | Short-lived early | Not Scheduled | > | 12.2XS |deployment release |--------------------------------------| > | | | Migrate to 12.2(6) or later | > |--------+-----------------------+--------------------------------------| > | | Short-lived early | Not Scheduled | > | 12.2XT |deployment release |--------------------------------------| > | | | Migrate to 12.2(8)T or later | > |--------+-----------------------+--------------------------------------| > | | Short-lived early | Not Scheduled | > | 12.2XW |deployment release |--------------------------------------| > | | | Migrate to 12.2(4)YB or later | > |--------+-----------------------+--------------------------------------| > | 12.2YA | Early Deployment | 12.2(4)YA2 | | | > | | Release | | | | > |--------+-----------------------+--------------------------------------| > | | | Not Scheduled | > | 12.2YB |Short-lived early |--------------------------------------| > | | deployment release | Upgrade recommended to yet to be | > | | | determined release | > |--------+-----------------------+--------------------------------------| > | | Short-lived early | Not Scheduled | > | 12.2YC |deployment release |--------------------------------------| > | | | Migrate to 12.2(13)T or later | > |--------+-----------------------+--------------------------------------| > | | Broadband suport for | Not Scheduled | > | 12.2YD |7200 |--------------------------------------| > | | | Migrate to 12.2(8)B or later | > |--------+-----------------------+--------------------------------------| > | | | Not Scheduled | > | 12.2YF |Short-lived early |--------------------------------------| > | | deployment release | Upgrade recommended to yet to be | > | | | determined release | > |--------+-----------------------+--------------------------------------| > | 12.2YG | Early Deployment | | | 12.2(4)YG | > | | Release | | | | > |--------+-----------------------+------------+---------+---------------| > | 12.2YH | 1700, 8xx, soho7x, | | | 12.2(4)YH | > | | ICS7700 | | | | > |-----------------------------------------------------------------------| > | Notes | > |-----------------------------------------------------------------------| > | * All dates are estimates and subject to change. | > | | > | ** Interim releases are subjected to less rigorous testing than | > | regular maintenance releases, and may have serious bugs. | > +-----------------------------------------------------------------------+ > > Obtaining Fixed Software > ======================== > Cisco is offering free software upgrades to remedy this vulnerability for > all affected customers. Customers may only install and expect support for > the feature sets they have purchased. > > Customers with service contracts should obtain upgraded software through > their regular update channels to any software release containing the > feature sets they have purchased. For most customers, this means that > upgrades should be obtained through the Software Center on Cisco's > worldwide website at http://www.cisco.com. > > Customers whose Cisco products are provided or maintained through prior or > existing agreement with third-party support organizations such as Cisco > Partners, authorized resellers, or service providers should contact that > support organization for assistance with the upgrade, which should be free > of charge. > > Customers who purchased directly from Cisco but who do not hold a Cisco > service contract, and customers who purchase through third party vendors > but are unsuccessful at obtaining fixed software through their point of > sale, should obtain fixed software by contacting the Cisco Technical > Assistance Center (TAC). In those cases, customers may only upgrade to a > later version of the same release as indicated by the applicable row in the > Software Versions and Fixes table. > > Cisco TAC contacts are as follows: > > * +1 800 553 2447 (toll-free from within North America) > * +1 408 526 7209 (toll call from anywhere in the world) > * e-mail: tac@cisco.com > > See http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml for > additional TAC contact information, including special localized telephone > numbers and instructions and e-mail addresses for use in various languages. > > Please have your product serial number available and give the URL of this > notice as evidence of your entitlement to a free upgrade. Free upgrades for > non-contract customers must be requested through the TAC. > > Please do not contact either "psirt@cisco.com" or > "security-alert@cisco.com" for software upgrades. > > Workarounds > =========== > It is possible to mitigate this vulnerability in two ways: > > * Block all SSH connections on the border on your network, or > > * On each individual device allow SSH connections only from the required > IP addresses and block all others. > > Blocking all SSH connections, and all other protocols that are not supposed > to come from the outside, on the network edge should be an integral part of > the network security best practice. > > Exploitation and Public Announcements > ===================================== > Publicly available malicous software is known to trigger this defect. > Scanning for Unix hosts running vulnerable versions of SSH has been > prevalent and such a scan may trigger this vulnerability. > > Cisco PSIRT is aware of a few customers who experienced problems related > to this vulnerability, however we do not have any evidence that these > devices were targeted directly. > > Status of This Notice: FINAL > ============================ > This is a final notice. Although Cisco cannot guarantee the accuracy of all > statements in this notice, all of the facts have been checked to the best > of our ability. Cisco does not anticipate issuing updated versions of this > notice unless there is some material change in the facts. Should there be a > significant change in the facts, Cisco may update this notice. > > A standalone copy or paraphrase of the text of this security advisory that > omits the distribution URL in the following section is an uncontrolled > copy, and may lack important information or contain factual errors. > > Distribution > ============ > This notice will be posted on Cisco's worldwide web site at http:// > www.cisco.com/warp/public/707/SSH-scanning.shtml. In addition to worldwide > web posting, a text version of this notice is clear-signed with the Cisco > PSIRT PGP key and is posted to the following e-mail and Usenet news > recipients: > > * cust-security-announce@cisco.com > * bugtraq@securityfocus.com > * first-teams@first.org (includes CERT/CC) > * cisco@spot.colorado.edu > * comp.dcom.sys.cisco > * firewalls@lists.gnac.com > * Various internal Cisco mailing lists > > Future updates of this notice, if any, will be placed on Cisco's worldwide > web server, but may or may not be actively announced on mailing lists or > newsgroups. Users concerned about this problem are encouraged to check the > URL given above for any updates. > > Revision History > ================ > +----------------------------------------------------------------------+ > |Revision |2002-June-27|Initial public release | > |1.0 |14:18 | | > | |GMT+0000 | | > +----------------------------------------------------------------------+ > > Cisco Security Procedures > ========================= > Complete information on reporting security vulnerabilities in Cisco > products, obtaining assistance with security incidents, and registering to > receive security information from Cisco, is available on Cisco's worldwide > website at http://www.cisco.com/warp/public/707/sec_incident_response.shtml > This includes instructions for press inquiries regarding Cisco security > notices. > > All Cisco Security Advisories are available at > http:// www.cisco.com/go/psirt. > > - --------------------------------------------------------------------------- > > This notice is Copyright 2002 by Cisco Systems, Inc. This notice may be > redistributed freely after the release date given at the top of the text, > provided that redistributed copies are complete and unmodified, and include > all date and version information. > > - --------------------------------------------------------------------------- > > -----BEGIN PGP SIGNATURE----- > Version: PGP 6.5.3 > > iQEVAwUBPRsp4g/VLJ+budTTAQHHmQf+KaYQF3JOLivF5us1p6+YdRcBR43K56ZP > 9b0Z2NWIkj/VwWsXEqRM5Sg+3gvFGe/5myh67s3CRcaIyFm58j2BZHZ0PgG7RY4I > 9tBxoWRytTpyEn5VylIO3mniJE+pUV8cvQOSLks2qOgMXnaNJv0PvZLXAblUlTUO > LQgfrCF0ryf2/tB207hUSeIf4MQ0wRmw1zwshCWIGv6pW4mFfYH7J69vshtMpjZG > WJUHJYHxe7pA6XYPIXCepbnaijh9O7DXzfIiL1VYDNFuesBW8Fb4lR99e/QCSzPK > C+QJPaxFtjUBzJKQXkUR6fL596/1rhDVPIcch7vXpPOsP+e5Z0nWxw== > =NGMT > -----END PGP SIGNATURE----- >



This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:01 EDT