-----BEGIN PGP SIGNED MESSAGE-----
Cisco Security Advisory: Malformed SNMP Message-Handling Vulnerabilities
Revision 1.0
For Public Release 2002 February 12 20:00 GMT
- -------------------------------------------------------------------------------
Summary
=======
Multiple Cisco products contain vulnerabilities in the processing of Simple
Network Management Protocol (SNMP) messages. The vulnerabilities can be
repeatedly exploited to produce a denial of service. In most cases, workarounds
are available that may mitigate the impact. These vulnerabilities are
identified by various groups as VU#617947, VU#107186, OUSPG #0100,
CAN-2002-0012, and CAN-2002-0013.
This advisory is available at http://www.cisco.com/warp/public/707/
cisco-malformed-snmp-msgs-pub.shtml.
Affected Products
=================
This security advisory applies to a broad range of Cisco products. To determine
if a product is vulnerable, review the list below. If software versions or
configuration information is included, then only those combinations are
affected (or unaffected). If the product or series is listed without any
qualifying software version information, then consult the Software Versions and
Fixes section to determine if the product is running an affected version of
software. Additional information per product is provided in the Details and
Workarounds sections below.
The following Cisco products are vulnerable if they are running an affected
version of software:
* 800, 1000, 1005, 1400, 1600, 1700, 2500, 2600, 3600, MC3810, 4000, 4500,
4700, 6200, 6400 NRP, 6400 NSP series Cisco routers
* ubr900 and ubr920 universal broadband routers
* Catalyst 1500, 290x, 292x, 2900XL, 2948g, 2948g-l3, 2950, 3000, 3200,
3500XL, 3550, 4000, 4232, 4232-l3, 4840g, 4908g-l3, 4912g, 5000, 6000 RSFC
series switches
* AS5200, AS5300, AS5800 series access servers
* Catalyst 6000 MSM, 6000 Hybrid Mode, 6000 Native Mode, 6000 Supervisor
Module, Catalyst ATM Blade, Catalyst 6000 Network Analysis Module (NAM)
* RSM, 7000, 7010, 7100, 7200, ubr7200, 7500, 7600 OSR, 10000 ESR, and 12000
GSR series Cisco routers
* Lightstream 1010 ATM switches
* DistributedDirector
* Catalyst 8510CSR, 8510MSR, 8540CSR, 8540MSR series switches.
* BPX, IGX, MGX WAN switches, and the Service Expansion Shelf
* WAN Manager
* Cisco Secure PIX firewall
* Cisco Secure Intrusion Detection System (NetRanger) appliance and IDS
Module
* BR340, WGB340, AP340, AP350, BR350 Cisco/Aironet wireless products
* CSS11000 (Arrowpoint) Content Services Switch
* Cache Engine 505 and 570 running 2.3 or 2.5
* Content Engine 507, 560 and 590 running 2.3 or 2.5
* Content Engine 507, 560, 590, and 7320 running 3.1, 4.0, or 4.1
* LocalDirector
* Internet CDN
* VPN3000 (Altiga) VPN Concentrator
* VPN5000 VPN Concentrator
* Access Registrar running on Solaris 8
* Cisco ws-x6608 and ws-x6624 IP Telephony Modules
* Traffic Director
* Cisco Info Center
* Switch Probe
* CiscoWorks Windows
* Hosting Solution Engine
* User Registration Tool VLAN Policy Server
* Cisco Element Management Framework
Products Not Affected
=====================
The following Cisco products are not affected by this vulnerability in the
specified configuration, either because they do not contain the associated
defect or because they do not support SNMP. If software version information is
provided, then only that specific combination of product and software version
is not vulnerable.
* Catalyst 1900s switch running any version of CatOS
* FastHub 300 Ethernet repeater
* Cache Engine 505 and 570 running version 2.3 or 2.5.x
* Cache Engine and Content Delivery Manager running CDM Enterprise 3.0.x
* CR-4430B running CDM Enterprise 3.0.x
* IP/TV
* Device Fault Manager
* ME1100 series
* Voice Manager
* RTM
* IP Phone (all models)
* SN5400 series storage routers
* CallManager
* Unity Server
* Access Registrar running on Solaris 7.5.1
No other Cisco product is known to be affected by this vulnerability.
Details
=======
Simple Network Management Protocol (SNMP) defines a standard mechanism for
remote management and monitoring of devices in an Internet Protocol (IP)
network.
There are three types of SNMP messages: "get" requests to request information,
"set" requests which modify the configuration of the remote device, and "trap"
messages which provide a monitoring function.
An Object Identifier (OID) is the label employed by SNMP to uniquely specify an
item to be managed. OIDs in human-readable format are displayed as long strings
of decimal integers separated by periods, but they are packed into a more
efficient binary form for use within SNMP.
The largest group of vulnerabilities described in this advisory result from
insufficient checking of SNMP messages as they are received and processed by an
affected system. Malformed SNMP messages received by affected systems can cause
various parsing and processing functions to fail, resulting in a system crash
and a reload in most circumstances. Under some conditions, the affected device
can not reload. In a specific combination with an unrelated software defect,
the device reloads continuously and requires manual intervention to resume
normal operation.
These vulnerabilities can be easily and repeatedly demonstrated with the use of
the University of Oulu Secure Programming Group (OUSPG) "PROTOS" Test Suite for
SNMP. The test suite is generally used to analyze a protocol and produce
messages that probe various design limits within an implementation of a
protocol. Examples such as overly-long OIDs, malformed OIDs, and other
combinations of values appropriate to SNMP can be programmatically generated
and then transmitted to a network device under test. The test suite for SNMP,
as distributed, contains approximately 53,000 individual test cases. The
authors intend to make the SNMP test suite available to the public at the same
time that this advisory is published.
Impact
======
The vulnerability can be exploited to produce a Denial of Service (DoS) attack.
When the vulnerability is exploited, it can cause an affected Cisco product to
crash and reload.
SNMP messages are transported using User Datagram Protocol (UDP) and are
subject to IP source address spoofing. In any circumstance where ingress and
egress source IP address filtering is lacking, it is more likely that an
attacker could spoof the source IP address and circumvent access control
mechanisms to cause a vulnerable system to fail.
If an attacker is able to guess or otherwise obtain a read-only community
string for an affected device, then he or she could bypass SNMP access control
relying on the community string.
Software Versions and Fixes
===========================
Cisco IOS Software
Each row of the Cisco IOS software table (below) describes a release train and
the platforms or products for which it is intended. If a given release train is
vulnerable, then the earliest possible releases that contain the fix (the
"First Fixed Release") and the anticipated date of availability for each are
listed in the "Rebuild," "Interim," and "Maintenance" columns. A device running
a release in the given train that is earlier than the release in a specific
column (less than the First Fixed Release) is known to be vulnerable. The
release should be upgraded at least to the indicated release or a later version
(greater than or equal to the First Fixed Release label). When selecting a
release, keep in mind the following definitions:
Maintenance
Most heavily tested, stable, and highly recommended release of a
release train in any given row of the table.
Rebuild
Constructed from the previous maintenance or major release in the same
train, it contains the fix for a specific defect. Although it receives
less testing, it contains only the minimal changes necessary to repair
the vulnerability.
Interim
Built at regular intervals between maintenance releases and receives
less testing. Interims should be selected only if there is no other
suitable release that addresses the vulnerability. Interim images
should be upgraded to the next available maintenance release as soon as
possible. Interim releases are not available through manufacturing, and
usually they are not available for customer download from CCO without
prior arrangement with the Cisco TAC.
In all cases, customers should exercise caution to confirm that the devices to
be upgraded contain sufficient memory and that current hardware and software
configurations will continue to be supported properly by the new software
release. If the information is not clear, contact the Cisco TAC for assistance
as shown in the "Obtaining Fixed Software" section.
More information on Cisco IOS software release names and abbreviations is
available at http://www.cisco.com/warp/public/620/1.html.
+---------------------------------------------------------------------------+
| | Image | |
| Train | Description | Availability of Fixed Releases* |
| | or Platform | |
|-----------------------------------------+---------------------------------|
| 11.x Releases | Rebuild | Interim | Maintenance |
| | | ** | |
|-----------------------------------------+---------+---------+-------------|
| | | 11.0 | | |
| | | (22b) | | |
|11.0 | |---------| | |
| | | 2002/02 | | |
| | | /11 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 11.1 | | |
| 11.1 | | (24b) | | |
| | |---------| | |
| | | TBD | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 11.1 | | |
| | | (20)AA4 | | |
|11.1AA | |---------| | |
| | | 2002/02 | | |
| | | /11 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 11.1 | | |
| | | (36)CA2 | | |
|11.1CA | |---------| | |
| | | 2002/02 | | |
| | | /11 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 11.1 | | |
| | | (36)CC4 | | |
|11.1CC | |---------| | |
| | | 2002/02 | | |
| | | /11 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 11.1 | | |
| 11.1CT | | (28a)CT | | |
| | |---------| | |
| | | TBD | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 11.1 | | |
| 11.1IA | | (28a)IA | | |
| | |---------| | |
| | | TBD | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 11.2 | | |
| | | (26b) | | |
|11.2 | |---------| | |
| | | 2002/02 | | |
| | | /12 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 11.2 | | |
| | | (23a) | | |
| 11.2BC | | BC1 | | |
| | |---------| | |
| | | TBD | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 11.2 | | |
| | | (19a) | | |
| 11.2GS | | GS6 | | |
| | |---------| | |
| | | TBD | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 11.2 | | |
| | | (26)P1 | | |
|11.2P | |---------| | |
| | | 2002/02 | | |
| | | /15 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 11.2 | | |
| | | (8.9) | | |
| 11.2SA | | SA6 | | |
| | |---------| | |
| | | 2002/02 | | |
| | | /12 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 11.3 | | |
| | | (11c) | | |
|11.3 | |---------| | |
| | | 2002/02 | | |
| | | /11 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 11.3(7) | | |
| 11.3DB | | DB1 | | |
| | |---------| | |
| | | TBD | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 11.3(8) | | |
| 11.3DB | | DB2 | | |
| | |---------| | |
| | | TBD | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 11.3 | | |
| | | (11b)T2 | | |
|11.3T | |---------| | |
| | | 2002/02 | | |
| | | /11 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.0 | | |
| | | (21a) | | |
|12.0 | |---------| | |
| | | 2002/02 | | |
| | | /12 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.0 | | |
| | | (8a) | | |
|12.0 | |---------| | |
| | | 2002/02 | | |
| | | /11 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.0 | | |
| | | (9a) | | |
|12.0 | |---------| | |
| | | 2002/02 | | |
| | | /12 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.0 | | |
| | | (10a) | | |
|12.0 | |---------| | |
| | | 2002/02 | | |
| | | /12 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.0 | | |
| | | (11a) | | |
|12.0 | |---------| | |
| | | 2002/02 | | |
| | | /12 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.0 | | |
| | | (12a) | | |
|12.0 | |---------| | |
| | | 2002/02 | | |
| | | /12 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.0 | | |
| | | (13a) | | |
|12.0 | |---------| | |
| | | 2002/02 | | |
| | | /12 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.0 | | |
| | | (14a) | | |
|12.0 | |---------| | |
| | | 2002/02 | | |
| | | /12 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.0 | | |
| | | (15a) | | |
|12.0 | |---------| | |
| | | 2002/02 | | |
| | | /12 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.0 | | |
| | | (16a) | | |
|12.0 | |---------| | |
| | | 2002/02 | | |
| | | /11 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.0 | | |
| | | (17a) | | |
|12.0 | |---------| | |
| | | 2002/02 | | |
| | | /11 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.0 | | |
| | | (2b) | | |
|12.0 | |---------| | |
| | | 2002/02 | | |
| | | /11 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.0 | | |
| | | (3d) | | |
|12.0 | |---------| | |
| | | 2002/02 | | |
| | | /12 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.0 | | |
| | | (5a) | | |
|12.0 | |---------| | |
| | | 2002/02 | | |
| | | /12 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.0 | | |
| | | (6a) | | |
|12.0 | |---------| | |
| | | 2002/02 | | |
| | | /11 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.0 | | |
| | | (19a) | | |
|12.0 | |---------| | |
| | | 2002/02 | | |
| | | /11 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.0 | | |
| | | (20a) | | |
|12.0 | |---------| | |
| | | 2002/02 | | |
| | | /11 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.0 | | |
| 12.0 | | (18b) | | |
| | |---------| | |
| | | TBD | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.0 | | |
| | | (13)WT6 | | |
| 12.0WT | | (1) | | |
| | |---------| | |
| | | TBD | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.0(2) | | |
| 12.0(2)XE | | XE? | | |
| | |---------| | |
| | | TBD | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.0(2) | | |
| 12.0(2)XF | | XF? | | |
| | |---------| | |
| | | TBD | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.0 | | |
| 12.0(20)SX | | (21)SX | | |
| | |---------| | |
| | | TBD | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.0(4) | | |
| | | XE1 | | |
|12.0(4)XE | |---------| | |
| | | 2002/02 | | |
| | | /11 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.0(4) | | |
| | | XM1 | | |
|12.0(4)XM | |---------| | |
| | | 2002/02 | | |
| | | /12 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.0(5) | | |
| | | WC2b | | |
|12.0(5)WC 2900XL-LRE | |---------| | |
| | | 2002/02 | | |
| | | /11 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.0(5) | | |
| | | XE3 | | |
|12.0(5)XE | |---------| | |
| | | 2002/02 | | |
| | | /11 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.0(5) | | |
| | | XK2 | | |
|12.0(5)XK | |---------| | |
| | | 2002/02 | | |
| | | /12 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.0(5) | | |
| 12.0(5)XN | | XN1 | | |
| | |---------| | |
| | | TBD | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.0(5) | | |
| 12.0(5)XP, 2900XL, | | WC3 | | |
|3500XL platform | |---------| | |
| | | 2002/02 | | |
| | | /12 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.0(5) | | |
| 12.0(5)XS | | XS2 | | |
| | |---------| | |
| | | TBD | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.0(5) | | |
| 12.0(5)XU 2900XL, | | WC3 | | |
|3500XL platform | |---------| | |
| | | 2002/02 | | |
| | | /12 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.0(7) | | |
| | | XE1 | | |
|12.0(7)XE | |---------| | |
| | | 2002/02 | | |
| | | /11 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.0(7) | | |
| 12.0(7)XF | | XF1 | | |
| | |---------| | |
| | | TBD | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.0(7) | | |
| | | XK3 | | |
|12.0(7)XK | |---------| | |
| | | 2002/02 | | |
| | | /11 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.0(7) | | |
| 12.0(7)XV | | XV | | |
| | |---------| | |
| | | TBD | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.0(7) | | |
| 12.0DB | | DB2 | | |
| | |---------| | |
| | | TBD | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.0(7) | | |
| 12.0DC | | DC1 | | |
| | |---------| | |
| | | TBD | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.0 | | |
| | | (16)S8 | | |
|12.0S | |---------| | |
| | | 2002/02 | | |
| | | /12 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.0 | | |
| | | (21)S1 | | |
|12.0S | |---------| | |
| | | 2002/02 | | |
| | | /15 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.0 | | |
| | | (13)S6 | | |
|12.0S | |---------| | |
| | | 2002/02 | | |
| | | /15 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.0(9) | | |
| | | S8 | | |
|12.0S | |---------| | |
| | | 2002/02 | | |
| | | /15 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.0 | | |
| | | (17)S4 | | |
|12.0S | |---------| | |
| | | 2002/02 | | |
| | | /15 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.0 | | |
| | | (15)S6 | | |
|12.0S | |---------| | |
| | | 2002/02 | | |
| | | /15 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.0 | | |
| | | (18)S5 | | |
|12.0S | |---------| | |
| | | 2002/02 | | |
| | | /15 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.0 | | |
| | | (19)S2 | | |
|12.0S | |---------| | |
| | | 2002/02 | | |
| | | /15 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.0 | | |
| | | (12)S3 | | |
|12.0S | |---------| | |
| | | 2002/02 | | |
| | | /12 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.0 | | |
| | | (14)S7 | | |
|12.0S | |---------| | |
| | | 2002/02 | | |
| | | /12 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.0 | | |
| | | (10)S7 | | |
|12.0S | |---------| | |
| | | 2002/02 | | |
| | | /12 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.0 | | |
| | | (11)S6 | | |
|12.0S | |---------| | |
| | | 2002/02 | | |
| | | /15 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.0(8) | | |
| | | S1 | | |
|12.0S | |---------| | |
| | | 2002/02 | | |
| | | /15 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.0 | | |
| | | (16)SC3 | | |
|12.0SC | |---------| | |
| | | 2002/02 | | |
| | | /11 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.0 | | |
| | | (17)SL6 | | |
|12.0SL | |---------| | |
| | | 2002/02 | | |
| | | /15 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.0 | | |
| | | (19)SL4 | | |
|12.0SL | |---------| | |
| | | 2002/02 | | |
| | | /12 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.0 | | |
| | | (20)SP1 | | |
|12.0SP | |---------| | |
| | | 2002/02 | | |
| | | /12 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.0 | | |
| | | (17)ST5 | | |
|12.0ST | |---------| | |
| | | 2002/02 | | |
| | | /15 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.0 | | |
| | | (19)ST2 | | |
|12.0ST | |---------| | |
| | | 2002/02 | | |
| | | /12 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.0 | | |
| | | (11)ST4 | | |
|12.0ST | |---------| | |
| | | 2002/02 | | |
| | | /12 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.0 | | |
| | | (14)ST3 | | |
|12.0ST | |---------| | |
| | | 2002/02 | | |
| | | /15 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.0 | | |
| | | (16)ST1 | | |
|12.0ST | |---------| | |
| | | 2002/02 | | |
| | | /12 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.0 | | |
| | | (18)ST1 | | |
|12.0ST | |---------| | |
| | | 2002/02 | | |
| | | /12 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.0 | | |
| | | (20)ST2 | | |
|12.0ST | |---------| | |
| | | 2002/02 | | |
| | | /12 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.0 | | |
| 12.0ST | | (21)ST | | |
| | |---------| | |
| | | TBD | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.0(7) | | |
| | | T2 | | |
|12.0T | |---------| | |
| | | 2002/02 | | |
| | | /12 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.0 | | |
| | | (18)W5 | | |
| 12.0W5 | cat2948g-L3, | (22b) | | |
| |cat4232 |---------| | |
| | | 2002/02 | | |
| | | /11 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.0 | | |
| | c5atm,cat8510 | (20)W5 | | |
| 12.0W5 | [c,m] | (24a) | | |
| |cat8540[c,m], |---------| | |
| | ls1010 | 2002/02 | | |
| | | /11 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.1 | | |
| | | (3b) | | |
|12.1 | |---------| | |
| | | 2002/02 | | |
| | | /12 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.1 | | |
| | | (4a) | | |
|12.1 | |---------| | |
| | | 2002/02 | | |
| | | /12 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.1 | | |
| | | (13) | | |
|12.1 | |---------| | |
| | | 2002/02 | | |
| | | /15 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.1 | | |
| | | (8c) | | |
|12.1 | |---------| | |
| | | 2002/02 | | |
| | | /11 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.1 | | |
| | | (1c) | | |
|12.1 | |---------| | |
| | | 2002/02 | | |
| | | /12 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.1 | | |
| | | (2b) | | |
|12.1 | |---------| | |
| | | 2002/02 | | |
| | | /12 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.1 | | |
| | | (5e) | | |
|12.1 | |---------| | |
| | | 2002/02 | | |
| | | /12 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.1 | | |
| | | (6a) | | |
|12.1 | |---------| | |
| | | 2002/02 | | |
| | | /11 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.1 | | |
| | | (7b) | | |
|12.1 | |---------| | |
| | | 2002/02 | | |
| | | /12 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.1 | | |
| | | (9a) | | |
|12.1 | |---------| | |
| | | 2002/02 | | |
| | | /12 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.1 | | |
| | | (12b) | | |
|12.1 | |---------| | |
| | | 2002/02 | | |
| | | /12 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.1 | | |
| | | (11b) | | |
|12.1 | |---------| | |
| | | 2002/02 | | |
| | | /12 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.1 | | |
| | | (10a) | | |
|12.1 | |---------| | |
| | | 2002/02 | | |
| | | /12 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.1 | | |
| 12.1(10)EX | | (10)EX | | |
| | |---------| | |
| | | TBD | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.1 | | |
| 12.1(10)EY | | (10)EY | | |
| | |---------| | |
| | | TBD | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.1(2) | | |
| | | XF5 | | |
|12.1(2)XF | |---------| | |
| | | 2002/02 | | |
| | | /11 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.1(3) | | |
| | | XG6 | | |
|12.1(3)XG | |---------| | |
| | | 2002/02 | | |
| | | /11 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.1 | | |
| | | (3a)XI8 | | |
|12.1(3)XI | |---------| | |
| | | 2002/02 | | |
| | | /15 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.1(3) | | |
| 12.1(3)XP | | XP | | |
| | |---------| | |
| | | TBD | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.1(3) | | |
| 12.1(3)XQ | | XQ | | |
| | |---------| | |
| | | TBD | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.1(3) | | |
| 12.1(3)XT | | XT3 | | |
| | |---------| | |
| | | TBD | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.1(4) | | |
| | | XY8 | | |
|12.1(4)XY | |---------| | |
| | | 2002/02 | | |
| | | /12 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.1(4) | | |
| | | XZ7 | | |
|12.1(4)XZ | |---------| | |
| | | 2002/02 | | |
| | | /11 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.1(5) | | |
| | | XM7 | | |
|12.1(5)XM | |---------| | |
| | | 2002/02 | | |
| | | /15 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.1(5) | | |
| | | XV5 | | |
|12.1(5)XV | |---------| | |
| | | 2002/02 | | |
| | | /15 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.1(5) | | |
| | | XV4 | | |
|12.1(5)XV | |---------| | |
| | | 2002/02 | | |
| | | /15 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.1(5) | | |
| | | XV5 | | |
|12.1(5)XV | |---------| | |
| | | 2002/02 | | |
| | | /11 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.1(5) | | |
| | | YA2 | | |
|12.1(5)YA | |---------| | |
| | | 2002/02 | | |
| | | /11 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.1(5) | | |
| | | YB5 | | |
|12.1(5)YB | |---------| | |
| | | 2002/02 | | |
| | | /11 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.1(5) | | |
| | | YC2 | | |
|12.1(5)YC | |---------| | |
| | | 2002/02 | | |
| | | /11 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.1(5) | | |
| | | YD6 | | |
|12.1(5)YD | |---------| | |
| | | 2002/02 | | |
| | | /11 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.1(5) | | |
| | | YF4 | | |
|12.1(5)YF | |---------| | |
| | | 2002/02 | | |
| | | /11 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.1(5) | | |
| | | YH3 | | |
|12.1(5)YH | |---------| | |
| | | 2002/02 | | |
| | | /11 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.1(5) | | |
| | | YI1 | | |
|12.1(5)YI & 12.1(5)EY | |---------| | |
| | | 2002/02 | | |
| | | /11 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.1(6) | | |
| | | EZ6 | | |
|12.1(6)EZ | |---------| | |
| | | 2002/02 | | |
| | | /12 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.1 | | |
| | | (7a)EY3 | | |
|12.1(7a)EY | |---------| | |
| | | 2002/02 | | |
| | | /11 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.1 | | |
| | | (8a)EW1 | | |
|12.1(8a)EW | |---------| | |
| | | 2002/02 | | |
| | | /11 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.1 | | |
| | | (8b)EX4 | | |
|12.1(8a)EX | |---------| | |
| | | 2002/02 | | |
| | | /12 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.1(9) | | |
| | | EX3 | | |
|12.1(9)EX | |---------| | |
| | | 2002/02 | | |
| | | /12 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.1(8) | | |
| | | AA1 | | |
|12.1AA | |---------| | |
| | | 2002/02 | | |
| | | /15 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.1 | | |
| 12.1AA | | (10)AA | | |
| | |---------| | |
| | | TBD | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.1(7) | | |
| 12.1DA | | DA3 | | |
| | |---------| | |
| | | TBD | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.1(5) | | |
| | | DB1 | | |
|12.1DB | |---------| | |
| | | 2002/02 | | |
| | | /15 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.1(1) | | |
| 12.1DB | | DB2 | | |
| | |---------| | |
| | | TBD | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.1(3) | | |
| 12.1DB | | DB1 | | |
| | |---------| | |
| | | TBD | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.1(4) | | |
| 12.1DB | | DB2 | | |
| | |---------| | |
| | | TBD | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.1(5) | | |
| | | DC2 | | |
|12.1DC | |---------| | |
| | | 2002/02 | | |
| | | /15 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.1(1) | | |
| 12.1DC | | DC2 | | |
| | |---------| | |
| | | TBD | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.1(3) | | |
| 12.1DC | | DC2 | | |
| | |---------| | |
| | | TBD | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.1(4) | | |
| 12.1DC | | DC2 | | |
| | |---------| | |
| | | TBD | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.1(9) | | |
| | | E2 | | |
|12.1E | |---------| | |
| | | 2002/02 | | |
| | | /12 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.1(9) | | |
| | | E3 | | |
|12.1E | |---------| | |
| | | 2002/02 | | |
| | | /15 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.1 | | |
| | | (10)E4 | | |
|12.1E | |---------| | |
| | | 2002/02 | | |
| | | /15 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.1(1) | | |
| | | E5 | | |
|12.1E | |---------| | |
| | | 2002/02 | | |
| | | /12 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.1 | | |
| | | (5c)E12 | | |
|12.1E | |---------| | |
| | | 2002/02 | | |
| | | /11 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.1 | | |
| | | (5c)E12 | | |
|12.1E | |---------| | |
| | | 2002/02 | | |
| | | /11 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.1 | | |
| | | (8b)E11 | | |
|12.1E | |---------| | |
| | | 2002/02 | | |
| | | /11 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.1 | | |
| | | (11)E | | |
|12.1E | |---------| | |
| | | 2002/02 | | |
| | | /25 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.1 | | |
| | | (8b)E9 | | |
|12.1E | |---------| | |
| | | 2002/02 | | |
| | | /11 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.1(6) | | |
| 12.1E | | E8 | | |
| | |---------| | |
| | | TBD | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.1 | | |
| 12.1E | | (3a)E7 | | |
| | |---------| | |
| | | TBD | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.1 | | |
| 12.1E | | (3a)E8 | | |
| | |---------| | |
| | | TBD | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.1 | | |
| 12.1E | | (7a)E6 | | |
| | |---------| | |
| | | TBD | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.1(4) | | |
| | | E3 | | |
|12.1E | |---------| | |
| | | 2002/02 | | |
| | | /12 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.1 | | |
| | | (10)EC1 | | |
|12.1EC | |---------| | |
| | | 2002/02 | | |
| | | /15 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.1 | | |
| 12.1EC | | (11)EC | | |
| | |---------| | |
| | | TBD | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.1(5) | | |
| | | T12 | | |
|12.1T | |---------| | |
| | | 2002/02 | | |
| | | /12 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.2 | | |
| | | (1d) | | |
|12.2 | |---------| | |
| | | 2002/02 | | |
| | | /12 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.2 | | |
| | | (5d) | | |
|12.2 | |---------| | |
| | | 2002/02 | | |
| | | /12 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.2 | | |
| | | (6c) | | |
|12.2 | |---------| | |
| | | 2002/02 | | |
| | | /12 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.2 | | |
| | | (3d) | | |
|12.2 | |---------| | |
| | | 2002/02 | | |
| | | /12 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.2 | | |
| | | (7a) | | |
|12.2 | |---------| | |
| | | 2002/02 | | |
| | | /15 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.2(2) | | |
| | | XA5 | | |
|12.2(1)XA | |---------| | |
| | | 2002/02 | | |
| | | /12 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.2(1) | | |
| | | XD3 | | |
|12.2(1)XD | |---------| | |
| | | 2002/02 | | |
| | | /11 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.2(1) | | |
| | | XE2 | | |
|12.2(1)XE | |---------| | |
| | | 2002/02 | | |
| | | /11 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.2(1) | | |
| 12.2(1)XS | | XS1 | | |
| | |---------| | |
| | | TBD | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.2(2) | | |
| | | BY2 | | |
|12.2(2)BY | |---------| | |
| | | 2002/02 | | |
| | | /11 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.2(2) | | |
| | | XB3 | | |
|12.2(2)XB | |---------| | |
| | | 2002/02 | | |
| | | /15 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.2(2) | | |
| | | XB4 | | |
|12.2(2)XB | |---------| | |
| | | 2002/02 | | |
| | | /11 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.2(2) | | |
| 12.2(2)XG | | XG1 | | |
| | |---------| | |
| | | TBD | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.2(2) | | |
| | | XH2 | | |
|12.2(2)XH | |---------| | |
| | | 2002/02 | | |
| | | /11 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.2(2) | | |
| | | XI1 | | |
|12.2(2)XI | |---------| | |
| | | 2002/02 | | |
| | | /11 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.2(2) | | |
| 12.2(2)XJ | | XJ1 | | |
| | |---------| | |
| | | TBD | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.2(2) | | |
| | | XK2 | | |
|12.2(2)XK | |---------| | |
| | | 2002/02 | | |
| | | /11 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.2(2) | | |
| 12.2(2)XN | | XN | | |
| | |---------| | |
| | | TBD | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.2(2) | | |
| | | XT3 | | |
|12.2(2)XT | |---------| | |
| | | 2002/02 | | |
| | | /11 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.2(2) | | |
| | | XU2 | | |
|12.2(2)XU | |---------| | |
| | | 2002/02 | | |
| | | /15 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.2(2) | | |
| | | XU1 | | |
|12.2(2)XU | |---------| | |
| | | 2002/02 | | |
| | | /12 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.2(2) | | |
| | | XU2 | | |
|12.2(2)XU | |---------| | |
| | | 2002/02 | | |
| | | /11 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.2(2) | | |
| 12.2(2)YC | | YC | | |
| | |---------| | |
| | | TBD | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.2(4) | | |
| | | XL4 | | |
|12.2(4)XL | |---------| | |
| | | 2002/02 | | |
| | | /11 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.2(4) | | |
| | | XM2 | | |
|12.2(4)XM | |---------| | |
| | | 2002/02 | | |
| | | /11 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.2(4) | | |
| | | XV5 | | |
|12.2(4)XV | |---------| | |
| | | 2002/02 | | |
| | | /15 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.2(4) | | |
| 12.2(4)XW | | XW1 | | |
| | |---------| | |
| | | TBD | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.2(4) | | |
| | | YA1 | | |
|12.2(4)YA | |---------| | |
| | | 2002/02 | | |
| | | /11 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.2(4) | | |
| 12.2(4)YB | | YB | | |
| | |---------| | |
| | | TBD | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.2(4) | | |
| 12.2B | | BX | | |
| | |---------| | |
| | | TBD | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.2(4) | | |
| | | B2 | | |
|12.2B | |---------| | |
| | | 2002/02 | | |
| | | /15 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.2(4) | | |
| | | B4 | | |
|12.2B | |---------| | |
| | | 2002/02 | | |
| | | /15 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.2(4) | | |
| | | BC1a | | |
|12.2BC | |---------| | |
| | | 2002/02 | | |
| | | /15 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.2(2) | | |
| | | BX | | |
|12.2BX | |---------| | |
| | | 2002/02 | | |
| | | /15 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.2(4) | | |
| 12.2BX | | BX | | |
| | |---------| | |
| | | TBD | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.2(7) | | |
| | | DA | | |
|12.2DA | |---------| | |
| | | 2002/02 | | |
| | | /15 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.2 | | |
| 12.2DA | | (1b)DA1 | | |
| | |---------| | |
| | | TBD | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.2(5) | | |
| 12.2DA | | CA1 | | |
| | |---------| | |
| | | TBD | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.2(2) | | |
| | | DD3 | | |
|12.2DD | |---------| | |
| | | 2002/02 | | |
| | | /12 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.2(4) | | |
| | | MB3 | | |
|12.2MB | |---------| | |
| | | 2002/02 | | |
| | | /15 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.2(9) | | |
| 12.2S | | S | | |
| | |---------| | |
| | | TBD | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.2(2) | | |
| | | T4 | | |
|12.2T | |---------| | |
| | | 2002/02 | | |
| | | /12 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.2(4) | | |
| | | T3 | | |
|12.2T | |---------| | |
| | | 2002/02 | | |
| | | /19 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.2 | | |
| | | (6.8) | | |
| 12.2T | | T0a | | |
| | |---------| | |
| | | 2002/02 | | |
| | | /15 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.2(8) | | |
| | | T | | |
|12.2T | |---------| | |
| | | 2002/02 | | |
| | | /11 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.2 | | |
| | | (6.8) | | |
| 12.2T | | T1a | | |
| | |---------| | |
| | | 2002/02 | | |
| | | /11 | | |
|-------------------------+---------------+---------+---------+-------------|
| 2900XL/3500XL 12.0(5.1) | | 12.0(5) | | |
| XP 12.0(5)XU 12.0(5.2) | | WC3 | | |
|XU 12.0(5.3)WC1 12.0(5) | |---------| | |
| WC2 | | 2002/02 | | |
| | | /12 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.0(5) | | |
| 2900XL-LRE: 12.0(5)WC2, | | WC2b | | |
|12.0(5.4)WC1 | |---------| | |
| | | 2002/02 | | |
| | | /11 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.1(6) | | |
| 2950 12.0(5.3)WC1 12.0 | | EA2b | | |
|(5.4)WC1 12.0(5)WC2 | |---------| | |
| 12.1(6)EA2 12.1(6)EA2a | | 2002/02 | | |
| | | /11 | | |
|-------------------------+---------------+---------+---------+-------------|
| | | 12.1(8) | | |
| 3550 12.1(4)EA1e 12.1 | | EA1b | | |
|(6)EA1 12.1(6)EA1a | |---------| | |
| | | 2002/02 | | |
| | | /12 | | |
+---------------------------------------------------------------------------+
Please review the information in the following link for details on Cisco
non-IOS products:
http://www.cisco.com/warp/public/707/
cisco-malformed-snmp-msgs-non-ios-pub.shtml
Obtaining Fixed Software
========================
Cisco is offering free software upgrades to remedy this vulnerability for all
affected customers. Customers with service contracts may upgrade to any
software release containing the feature sets they have purchased. Customers
without contracts may upgrade only within a single row of the table above,
except that any available fixed software release will be provided to any
customer who can use it and for whom the standard fixed software release is not
yet available. Customers may only install and expect support for the feature
sets they have purchased.
Customers with contracts should obtain upgraded software through their regular
update channels. For most customers, this means that upgrades should be
obtained through the Software Center on Cisco's Worldwide Web site at http://
www.cisco.com/.
Customers whose Cisco products are provided or maintained through prior or
existing agreement with third-party support organizations such as Cisco
Partners, authorized resellers, or service providers should contact that
support organization for assistance with the upgrade, which should be free of
charge.
Customers who purchased directly from Cisco but who do not hold a Cisco service
contract, and customers who purchase through third party vendors but are
unsuccessful at obtaining fixed software through their point of sale, should
obtain fixed software by contacting the Cisco Technical Assistance Center
(TAC). TAC contacts are as follows:
* +1 800 553 2447 (toll free from within North America)
* +1 408 526 7209 (toll call from anywhere in the world)
* e-mail: tac@cisco.com
See http://www.cisco.com/warp/public/687/Directory.shtml for additional TAC
contact information, including instructions and e-mail addresses for use in
various languages.
Please have your product serial number available and give the URL of this
notice as evidence of your entitlement to a free upgrade. Free upgrades for
non-contract customers must be requested through the TAC.
Please do not contact either "psirt@cisco.com" or "security-alert@cisco.com"
for software upgrades.
Workarounds
===========
The usefulness of any workaround is dependent on specific customer situations
such as products, software versions, network topology, traffic behavior, and
organizational mission. Due to the great variety of affected products and
releases, customers should carefully evaluate each workaround to ensure it is
appropriate for use in the intended network before it is deployed.
General Measures
* Turn SNMP off in the device. This is an effective workaround, but removes
management capability to the device. This can be done using the following
configure command:
no snmp-server
Removing the community string public with the configure command:
no snmp-server community public ro
is not sufficient as the SNMP server will still be running and the device
will be vulnerable. The command no snmp server must be used instead. Verify
SNMP server status by using the enable command show snmp. You should see a
response of "%SNMP agent not enabled".
* Apply an extended access list (ACL) to deny protocol UDP, port 161 and 162,
at the interface level such that SNMP access to the device is allowed only
from the network management workstations. This can be done using the
following configure commands:
access-list 100 permit ip host 1.1.1.1 any
access-list 100 deny udp any any eq snmp
access-list 100 deny udp any any eq snmptrap
access-list 100 permit any any
where 1.1.1.1 is the trusted network management station. This access list
must be applied to all interfaces using the following configure commands:
interface serial 0
ip access-group 100 in
This will not prevent spoofed IP packets with the source IP address set to
that of the network management station from reaching the switch's
management interface.
The access-list statement containing "snmptrap" will prevent notification
messages from entering the network when it is applied at the network edge.
The Cisco SAFE white papers cover techniques that can be used to control IP
address spoofing. These papers can be found at:
Cisco SAFE Solution
Two white papers cover securing your network in general and controlling IP
address spoofing specifically:
SAFE: A Security Blueprint for Enterprise Networks
SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User
Networks
Workarounds with Caveats
* Apply an SNMP community-based ACL to allow SNMP access to the device only
from the network management workstations using the following configure
commands:
access-list 1 permit 1.1.1.1
snmp-server community string1 ro 1
In this case the trusted management station is at address 1.1.1.1.
If community strings are also configured for notifications, they must be
different than the community strings used for requests in order for this
workaround to be effective. Use the following configure commands to change
community strings for notifications that are the same as community strings
used for requests.
no snmp-server host 1.1.1.1 string1
snmp-server community string1 ro 1
The second command above reapplies the access list to the community and
must be reentered after the snmp-server host command is entered to ensure
the access list is applied correctly in some Cisco IOS software releases.
Use the following configure command to tell the device to send
notifications using the new community string:
snmp-server host 1.1.1.1 anythingbutstring1
All community strings used for notifications, like the "anythingbutstring1"
community string above, need to be set to deny all SNMP requests. Use the
following configure commands to do this:
access-list 2 deny any
snmp-server community anythingbutstring1 ro 2
This is required because Cisco IOS software configures community strings
used for notifications with no read or write view. You cannot see or change
any information on the device using this string. However, requests using a
community string with no view will still be processed by the device and the
PROTOS tool could exploit this processing and crash the device.
Please note that in order for this to take effect, the commands must be
issued in the following order:
snmp-server host 1.1.1.1 anythingbutstring1
snmp-server community anythingbutstring1 ro 2
This configuration will not survive a reload.
In certain releases, entering the snmp-server community command will delete
the notify view required to send traps. This can be determined by running
the enable command:
show snmp group
Look for two or more groups with the same name as the community string used
for notifications. The output should look like this:
groupname: anythingbutstring1 security model:v1
readview :v1default writeview:
notifyview: *tv.FFFFFFFF.FFFFFFFF
row status: active access-list: 1
groupname: anythingbutstring1 security model:v2c
readview :v1default writeview:
notifyview:
row status: active access-list: 1
Ensure that the notifyview is set for the version of notifications you want
the device to send and that the access-list is set correctly for all
security models.
If either fields are not correct, first reapply the configure command:
snmp-server host 1.1.1.1 anythingbutstring1
Then look at the output of show snmp group again. Take the view listed as
the notifyview, the correct access-list number, and the security model
version and enter the following configure command:
snmp-server group anythingbutstring1 v1 notify *tv.FFFFFFFF.FFFFFFFF
access 1
Modify the above command to match your configuration. Verify this worked
using the show snmp group enable command.
Note: The snmp-server group command will show up in the configuration
before the snmp-server host command, so this part of the workaround will
not survive a reboot. After a reboot, the device will continue to send
traps but the snmp-server group command will need to be reentered to
protect the device from exploits using this community string.
* Do not use the string "public" as a community string at all. The PROTOS
test suite uses "public" in its tests as configured by OULU.
Note: Even though the current version of the PROTOS tests will not crash
the Cisco IOS software device if the device community string is not public,
it is very easy to modify the PROTOS code so that other community string
values are used. Therefore, it is important to use a community ACL to
further reduce your risk.
Caveats
The following workaround is effective in the following Cisco IOS software
releases:
11.0, 11.1, 11.2 and derivatives
12.0(3)T and later 12.0()T
12.0(6)S and later 12.0S
12.0(8.6)ST through 12.0(19.1)ST, 12.0(19.6)ST and later
12.1
12.1(1)T up to 12.1(4.4)T
12.1(1)E up to 12.1(9.4)E
12.1(1)EC up to 12.1(9.4)EC
to the best of our knowledge at this time based on testing and code inspection.
These workarounds are NOT effective in:
11.3, 11.3T
12.0
12.0(1)S through 12.0(5.x)S
12.0(19.3)ST, 12.0(19.3)ST1, 12.0(19.3)ST2
12.1(4.4)T2 and later 12.1()T
12.1(9.5)E and later 12.1()E
12.1(9.5)EC and later 12.1()EC
12.2, 12.2T
Troubleshooting Tips for Cisco IOS Software
* Configure the startup-config with no SNMP and the running-config with the
SNMP. In the event of a successful exploit due to this vulnerability, the
affected device will reload with a new configuration in which SNMP is
disabled. This will prevent additional, repeated exploit of the
vulnerability.
* Configure the SNMP Community ACLs with the "log" keyword. Monitor syslog
for failed attempts.
* Periodically check SNMP for errors.
Configuration Notes
show snmp
Command output:
router#show snmp
Chassis: 21350479
17005 SNMP packets input
37 Bad SNMP version errors **
15420 Unknown community name **
0 Illegal operation for community name supplied
1548 Encoding errors **
0 Number of requested variables
0 Number of altered variables
0 Get-request PDUs
0 Get-next PDUs
0 Set-request PDUs
0 SNMP packets output
0 Too big errors (Maximum packet size 1500)
0 No such name errors
0 Bad values errors
0 General errors
0 Response PDUs
0 Trap PDUs
Watch the counters marked **
Exploitation and Public Announcements
=====================================
Cisco is not aware of any malicious exploitation of this vulnerability.
The largest set of these vulnerabilities were reported by the OUSPG at the
University of Oulu, Finland, in concert with the CERT Coordination Center. A
small number were reported by Cisco customers and some were internally
discovered.
These vulnerabilities are present in other products not provided by Cisco, and
this security advisory is being published simultaneously with announcements
from the other affected organizations.
Status of This Notice: Interim
==============================
This is an interim Security Advisory notice. Cisco anticipates issuing updated
versions of this notice at irregular intervals as there are material changes in
the facts, and will continue to update this notice as necessary.
The reader is warned that this notice may contain inaccurate or incomplete
information. Although Cisco cannot guarantee the accuracy of all statements in
this notice, all of the facts have been checked to the best of our ability.
Cisco anticipates weekly updates of this notice until it reaches final status.
A standalone copy or paraphrase of the text of this Security Advisory that
omits the distribution URL in the following section is an uncontrolled copy,
and may lack important information or contain factual errors.
Distribution
============
This notice will be posted on Cisco's Worldwide Web site at http://
www.cisco.com/warp/public/707/cisco-malformed-snmp-msgs-pub.shtml. In addition
to Worldwide Web posting, a text version of this notice is clear-signed with
the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news
recipients:
* cust-security-announce@cisco.com
* bugtraq@securityfocus.com
* first-teams@first.org (includes CERT/CC)
* cisco@spot.colorado.edu
* comp.dcom.sys.cisco
* firewalls@lists.gnac.com
* Various internal Cisco mailing lists
Future updates of this notice, if any, will be placed on Cisco's Worldwide Web
server, but may or may not be actively announced on mailing lists or
newsgroups. Users concerned about this problem are encouraged to check the URL
given above for any updates.
Revision History
================
+--------------------------------------------------------------+
|Revision |2002-Feb-12|Initial public release |
|Number |20:00 GMT | |
|1.0 | | |
+--------------------------------------------------------------+
Cisco Security Procedures
Complete information on reporting security vulnerabilities in Cisco products,
obtaining assistance with security incidents, and registering to receive
security information from Cisco, is available on Cisco's Worldwide Web site at
http://www.cisco.com/warp/public/707/sec_incident_response.shtml. This includes
instructions for press inquiries regarding Cisco security notices. All Cisco
Security Advisories are available at http://www.cisco.com/go/psirt.
- -------------------------------------------------------------------------------
This notice is Copyright 2002 by Cisco Systems, Inc. This notice may be
redistributed freely after the release date given at the top of the text,
provided that redistributed copies are complete and unmodified, and include all
date and version information.
- -------------------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8
Comment: Signed by Sharad Ahlawat, Cisco Systems PSIRT
iQEVAwUBPGmVeg/VLJ+budTTAQHnqAf/eE3x+HOnONPugmDrCfp2TCqBY9bTpqt1
GHP7uUFmxNc0vSVfDX83HtGqoJo+1Ng+fdXMiRXCwP+q1yWBLVyqVEfnASz1qUIt
e6wcUBuzOMsEQMUChiX+dXt7VpFZ+pOXSkttbnrGfnqwNfofvw7jqkWA7aQWP2Qe
PIKH4gew5ApEZleRtw7SBWshQG7MbCJtlylMNrC9+jRfVVYjCcnPjx18BTUDsVRE
5C9uPOZ603rqju0Y/jZYbW2yUTiY0DqoOdaa+csO0q4KIepXnXxhT7gxrLipuhzT
qYFNiVie8q0p5eH/u7lwNuSUtEYiFuIIw6J4hHCc389iFTZgwzVJig==
=pBja
-----END PGP SIGNATURE-----
This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:13:33 EDT