RE: [nsp] Cisco Security Advisory: NTP vulnerability

From: KF (kf@reign.sk)
Date: Wed May 08 2002 - 14:10:08 EDT


Hi

Anyone aware, if ACL specified for NTP service in IOS are overlooked or ?

cheers

alex

> -----Original Message-----
> From: nobody@cisco.com [mailto:nobody@cisco.com]On Behalf Of Cisco
> Systems Product Security Incident Response Team
> Sent: Wednesday, May 08, 2002 6:35 PM
> To: cisco-nsp@puck.nether.net
> Cc: psirt@cisco.com
> Subject: [nsp] Cisco Security Advisory: NTP vulnerability
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
> Cisco Security Advisory: NTP Vulnerability
> ==========================================
> Revision 1.0
>
> For Public Release 2002 May 08 16:00 (UTC+0000)
>
> -
> --------------------------------------------------------------
> --------------
>
> Summary
> =======
> Network Time Protocol (NTP) is used to synchronize time on multiple
> devices. A vulnerability has been discovered in the NTP daemon query
> processing functionality. This vulnerability has been
> publicly announced.
>
> The following products are identified as affected by this
> vulnerability:
>
> * All releases of Cisco IOS software
> * Media Gateway Controller (MGC) and related products
> * BTS 10200
> * Cisco IP Manager
>
> Other Cisco software applications may run on Solaris
> platforms and where
> those products have not specifically been identified, customers should
> install security patches regularly in accordance with their normal
> maintenance procedures.
>
> Cisco is continuing to research this issue in other products
> that may be
> affected. Unless explicitly stated otherwise, all other products are
> considered to be not affected.
>
> The workarounds for this vulnerability are described in the
> Workarounds
> section.
>
> This advisory is available at
> http://www.cisco.com/warp/public/707/NTP-pub.shtml
>
> Affected Products
> =================
> The following products are affected:
>
> * All releases of Cisco IOS software
> * Media Gateway Controller (MGC) and related [DEL:
> :DEL]products, they
> encompass the following products:
> + SC2200
> + Cisco Virtual Switch Controller (VSC3000)
> + Cisco PGW2200 Public Switched Telephone Network (PSTN) Gateway
> + Cisco Billing and Management Server (BAMS)
> + Cisco Voice Services Provisioning Tool (VSPT)
> * BTS 10200
> * Cisco IP Manager
>
> Other Cisco software applications may run on Solaris
> platforms and where
> those products have not specifically been identified, customers should
> install security patches regularly in accordance with their normal
> maintenance procedures.
>
> Cisco is continuing to research this issue in other products
> that may be
> affected. Unless explicitly stated otherwise, all other products are
> considered to be not affected.
>
> Details
> =======
> By sending a crafted NTP query packet it is possible to
> trigger a buffer
> overflow in the NTP daemon. This vulnerability can be
> exploited remotely.
> The successful exploitation may cause arbitrary code to be
> executed on the
> target machine. Such exploitation, if it is possible at all,
> would require
> significant engineering skill and a thorough knowledge of the internal
> operation of Cisco IOS software or SUN Solaris operating system.
>
> To the best of our knowledge this vulnerability cannot cause
> arbitrary code
> to be executed on Cisco IOS and SUN Solaris.
>
> The vulnerability is present regardless of the role played by
> the device.
> The device may be an NTP server or client and it will still
> be vulnerable.
>
> For IOS, this vulnerability is documented as Cisco Bug ID CSCdt93866.
>
> The main repository of NTP software and all other information
> regarding
> NTP, can be found at http://www.eecis.udel.edu/~ntp/.
>
> Impact
> ======
> The successful exploitation may cause arbitrary code to be
> executed on the
> target machine. More often an attempt to exploit this
> vulnerability will
> result in a daemon or device crash.
>
> Cisco IOS
> It has been publicly announced on the Bugtraq list that
> certain IOS
> 11.x images can be crashed by exploiting this
> vulnerability (for the
> original report, see
> http://www.securityfocus.com/archive/1/175701).
> Our tests were unable to confirm this finding, however, a
> potential for
> the vulnerability exists. In our tests, IOS continued
> normal operation
> with no apparent impact.
>
> It is possible that a certain combination of hardware and
> IOS software
> may crash under some circumstances. In that case, the repeated
> exploitation of this vulnerability will lead to the
> denial of service.
>
>
> MGC and Related Products
> Cisco IP Manager
> BTS 10200
> The xntpd daemon that is used as a part of the Solaris
> installation is
> vulnerable.
>
> By exploiting this vulnerability it is only possible to
> crash the xntpd
> itself. According to the available information, it seems
> that it is not
> possible to execute the arbitrary code.
>
> Software Versions and Fixes
> ===========================
> MGC and Related Products
> - -------------------------
> MGC and related products are running on three different
> Solaris versions.
>
> Solaris 2.5.1
> The patch has not been released by Sun.
>
> Solaris 2.6
> For the software running on Solaris 2.6, the patch is
> available within
> the CSCOh007.pkg package. This package can be downloaded from
> http://www.cisco.com/cgi-bin/tablebuild.pl/mgc-sol but
> you must be a
> registered user and be logged in.
>
> Solaris 2.8
> The patch for this vulnerability is included on the
> installation disks.
> No further actions are needed.
>
> Cisco IP Manager
> BTS 10200
> - ----------
> The customers should install the latest Recommended Solaris
> Patch Cluster
> available from
> http://sunsolve.Sun.COM/pub-cgi/show.pl?target=patches/patch-access
>
> Cisco IOS
> - ----------
> Each row of the following table describes a release train and
> the platforms
> or products for which it is intended. If a given release train is
> vulnerable, then the earliest possible releases that contain
> the fix and
> the anticipated date of availability for each are listed in
> the Rebuild,
> Interim, and Maintenance columns. A device running any
> release in the given
> train that is earlier than the release in a specific column
> (less than the
> earliest fixed release) is known to be vulnerable, and it should be
> upgraded at least to the indicated release or a later version
> (greater than
> the earliest fixed release label).
>
> When selecting a release, keep the following definitions in mind:
>
> Maintenance
> Most heavily tested and highly recommended release of
> any label in
> a given row of the table.
>
> Rebuild
> Constructed from the previous maintenance or major
> release in the
> same train, it contains the fix for a specific
> defect. Although it
> receives less testing, it contains only the minimal changes
> necessary to affect the repair.
>
> Interim
> Built at regular intervals between maintenance releases and
> receives less testing. Interim releases should be
> selected only if
> there is no other suitable release that addresses the
> vulnerability, and interim images should be upgraded
> to the next
> available maintenance release as soon as possible.
> Interim releases
> are not available via manufacturing, and usually are
> not available
> for customer download from CCO without prior
> arrangement with the
> Cisco TAC.
>
> In all cases, customers should exercise caution to be certain
> the devices
> to be upgraded contain sufficient memory and that current hardware and
> software configurations will continue to be supported
> properly by the new
> release. If the information is not clear, contact the Cisco TAC for
> assistance as shown in the Obtaining Fixed Software section.
>
> More information on IOS release names and abbreviations is
> available at
> http://www.cisco.com/warp/public/620/1.html.
>
> +------------------------------------------------------------+
> | | Image or | |
> | Train | Platform | Availability of Fixed Releases* |
> | | Description | |
> |-------------------------+----------------------------------|
> | 11.0-based Releases and | Rebuild | Interim* | Maintenance |
> | Earlier | | * | |
> |-------------------------+----------------------------------|
> | 10.3 | Multiple | End of Engineering |
> | |releases and |----------------------------------|
> | | platforms | Upgrade recommended |
> |---------+---------------+----------------------------------|
> | 11.0 | Multiple | End of Engineering |
> | |releases and |----------------------------------|
> | | platforms | Upgrade recommended to 12.0(18) |
> |---------+---------------+----------------------------------|
> | 11.1 | Major release | End of Engineering |
> | |for all |----------------------------------|
> | | platforms | Upgrade recommended to 12.0(18) |
> |---------+---------------+----------------------------------|
> | 11.1AA | | End of Engineering |
> | | |----------------------------------|
> | | | Upgrade recommended to 12.1(9) |
> |---------+---------------+----------------------------------|
> | 11.1CA | | End of Engineering |
> | | |----------------------------------|
> | | | Upgrade recommended |
> |---------+---------------+----------------------------------|
> | 11.1CC | | | | 11.1(36)CC2 |
> |---------+---------------+----------------------------------|
> | 11.1CT | | End of Engineering |
> | | |----------------------------------|
> | | | Upgrade recommended to 12.0ST |
> |---------+---------------+----------------------------------|
> | 11.1IA | | End of Engineering |
> | | |----------------------------------|
> | | | Upgrade recommended to 12.2(3) |
> |---------+---------------+----------------------------------|
> | 11.2 | Major release | | | 11.2(26a) |
> | | for all | | | |
> | | platforms | | | |
> |---------+---------------+----------------------------------|
> | 11.2BC | | End of Engineering |
> | | |----------------------------------|
> | | | Upgrade recommended to 12.1(9) |
> |---------+---------------+----------------------------------|
> | 11.2F | | End of Engineering |
> | | |----------------------------------|
> | | | Upgrade recommended to 12.0(18) |
> |---------+---------------+----------------------------------|
> | 11.2GS | | End of Engineering |
> | | |----------------------------------|
> | | | Upgrade recommended to 12.0(18) |
> |---------+---------------+----------------------------------|
> | 11.2P | | End of Engineering |
> | | |----------------------------------|
> | | | Upgrade recommended to 12.0(18) |
> |---------+---------------+----------------------------------|
> | 11.2SA | | End of Engineering |
> | | |----------------------------------|
> | | | Upgrade recommended to 12.0W |
> |---------+---------------+----------------------------------|
> | 11.2WA4 | | End of Engineering |
> | | |----------------------------------|
> | | | Upgrade recommended to 12.0W |
> |---------+---------------+----------------------------------|
> | 11.2XA | | End of Engineering |
> | | |----------------------------------|
> | | | Upgrade recommended to 12.0(18) |
> |-------------------------+----------------------------------|
> | 11.3-based Releases | Rebuild | Interim* | Maintenance |
> | | | * | |
> |-------------------------+----------------------------------|
> | 11.3 | Major release | End of Engineering |
> | |for all |----------------------------------|
> | | platforms | Upgrade recommended to 12.0(18) |
> |---------+---------------+----------------------------------|
> | 11.3AA | ED for dial | Not Scheduled |
> | | platforms and | |
> | | access | |
> | |servers: |----------------------------------|
> | | 5800, 5200, | Upgrade recommended to 12.1(9) |
> | | 5300, 7200 | |
> | | | |
> |---------+---------------+----------------------------------|
> | 11.3DA | Early | End of Engineering |
> | | deployment | |
> | |train for ISP |----------------------------------|
> | | DSLAM 6200 | Upgrade recommended to 12.1DA |
> | | platform | |
> |---------+---------------+----------------------------------|
> | 11.3DB | Early | End of Engineering |
> | | deployment | |
> | | train for ISP | |
> | | /Telco/PTT | |
> | | xDSL | |
> | |broadband |----------------------------------|
> | | concentrator | Upgrade recommended to 12.1DB |
> | | platform, | |
> | | (NRP) for | |
> | | 6400 | |
> | | | |
> |---------+---------------+----------------------------------|
> | 11.3HA | Short-lived | End of Engineering |
> | | ED release | |
> | |for ISR 3300 |----------------------------------|
> | | (SONET/SDH | Upgrade recommended to 12.0(18) |
> | | router) | |
> |---------+---------------+----------------------------------|
> | 11.3MA | MC3810 | End of Engineering |
> | |functionality |----------------------------------|
> | | only | Upgrade recommended to 12.1(9) |
> |---------+---------------+----------------------------------|
> | 11.3NA | Voice over | End of Engineering |
> | |IP, media |----------------------------------|
> | | convergence, | Upgrade recommended to 12.1(9) |
> |---------+---------------+----------------------------------|
> | 11.3T | Early | End of Engineering |
> | |deployment |----------------------------------|
> | | major | Upgrade recommended to 12.0(18) |
> |---------+---------------+----------------------------------|
> | 11.3XA | Introduction | End of Engineering |
> | |of uBR7246 |----------------------------------|
> | | and 2600 | Upgrade recommended to 12.0(18) |
> |---------+---------------+----------------------------------|
> | 11.3WA4 | LightStream | End of Engineering |
> | |1010 |----------------------------------|
> | | | Upgrade recommended to 12.0WA |
> |-------------------------+----------------------------------|
> | 12.0-based Releases | Rebuild | Interim* | Maintenance |
> | | | * | |
> |-------------------------+---------+----------+-------------|
> | 12.0 | General | | 12.0 | 12.0(18) |
> | | Deployment | | (17.6) | |
> | | release for | | | |
> | | all platforms | | | |
> |---------+---------------+----------------------------------|
> | 12.0DA | xDSL support: | Not Scheduled |
> | |6100, 6200 |----------------------------------|
> | | | Upgrade recommended to 12.1(7) |
> | | | DA2 |
> |---------+---------------+----------------------------------|
> | 12.0DB | Early | Not Scheduled |
> | |Deployment |----------------------------------|
> | | (ED) release, | Upgrade recommended to 12.1(5) |
> | | which | DB2 |
> |---------+---------------+----------------------------------|
> | 12.0DC | Early | Not Scheduled |
> | |Deployment |----------------------------------|
> | | (ED) release, | Upgrade recommended to 12.1DC |
> |---------+---------------+----------------------------------|
> | 12.0S | Core/ISP | 12.0 | 12.0 | 12.0(18)S |
> | | support: GSR, | (15)S6 | (17.6)S | |
> | | RSP, c7200 | | | |
> |---------+---------------+---------+----------+-------------|
> | 12.0SC | Cable/ | 12.0 | | 12.0(16)SC |
> | | broadband | (15.6) | | |
> | | ISP: uBR7200 | S1 | | |
> |---------+---------------+---------+----------+-------------|
> | 12.0SL | 10000 ESR: | 12.0 | | |
> | | c10k | (17)SL2 | | |
> |---------+---------------+---------+----------+-------------|
> | 12.0ST | Cisco IOS | 12.0 | 12.0 | |
> | | software | (17)ST1 | (17.6)ST | |
> | | Release | | | |
> | | 12.OST is an | | | |
> | | early | | | |
> | | deployment | | | |
> | | (ED) release | | | |
> | | for the Cisco | | | |
> | | 7200, 7500/ | | | |
> | | 7000RSP and | | | |
> | | 12000 (GSR) | | | |
> | | series | | | |
> | | routers for | | | |
> | | Service | | | |
> | | Providers | | | |
> | | (ISPs). | | | |
> |---------+---------------+----------------------------------|
> | 12.0T | Early | Not Scheduled |
> | |Deployment |----------------------------------|
> | | (ED): VPN, | Upgrade recommended to 12.1(9) |
> |---------+---------------+----------------------------------|
> | 12.0 | Catalyst | | 12.0(16) | 12.0(16)W5 |
> | (13)W5 | switches: | | W5 | (21) |
> | (19c) | cat8510c, | | (20.35) | |
> | | cat8540c, | | | |
> | | c6msm, | | | |
> | | ls1010, | | | |
> | | cat8510m, | | | |
> | | cat8540m | | | |
> |---------+---------------+---------+----------+-------------|
> | 12.0 | Catalyst | | 12.0 | 12.0(18)W5 |
> | (10)W5 | switches: | | (17.6)W5 | (22a) |
> | (18g) | cat2948g, | | (21.16) | |
> | | cat4232 | | | |
> |---------+---------------+---------+----------+-------------|
> | 12.0 | Catalyst | | | 12.0(18)W5 |
> | (14)W5 | switches: | | | (22) |
> | (20) | cat5000ATM | | | |
> |---------+---------------+---------+----------+-------------|
> | 12.0WC | | 12.0(5) | | |
> | | | WC2 | | |
> |---------+---------------+----------------------------------|
> | 12.0WT | cat4840g | Not Scheduled |
> | | |----------------------------------|
> | | | Upgrade to be determined |
> |---------+---------------+----------------------------------|
> | 12.0XA | Early | Not Scheduled |
> | |Deployment |----------------------------------|
> | | (ED): limited | Upgrade recommended to 12.1(9) |
> |---------+---------------+----------------------------------|
> | 12.0XB | Short-lived | Not Scheduled |
> | |early |----------------------------------|
> | | deployment | Upgrade recommended to 12.1(9) |
> |---------+---------------+----------------------------------|
> | 12.0XC | Early | Not Scheduled |
> | |Deployment |----------------------------------|
> | | (ED): limited | Upgrade recommended to 12.1(9) |
> |---------+---------------+----------------------------------|
> | 12.0XD | Early | Not Scheduled |
> | |Deployment |----------------------------------|
> | | (ED): limited | Upgrade recommended to 12.1(9) |
> |---------+---------------+----------------------------------|
> | 12.0XE | Early | Not Scheduled |
> | |Deployment |----------------------------------|
> | | (ED): limited | Upgrade recommended to 12.1(8a)E |
> |---------+---------------+----------------------------------|
> | 12.0XF | Early | Not Scheduled |
> | |Deployment |----------------------------------|
> | | (ED): limited | Upgrade recommended to 12.1(9) |
> |---------+---------------+----------------------------------|
> | 12.0XG | Early | Not Scheduled |
> | |Deployment |----------------------------------|
> | | (ED): limited | Upgrade recommended to 12.1(9) |
> |---------+---------------+----------------------------------|
> | 12.0XH | Early | Not Scheduled |
> | |Deployment |----------------------------------|
> | | (ED): limited | Upgrade recommended to 12.1(9) |
> |---------+---------------+----------------------------------|
> | 12.0XI | Early | Not Scheduled |
> | |Deployment |----------------------------------|
> | | (ED): limited | Upgrade recommended to 12.1(9) |
> |---------+---------------+----------------------------------|
> | 12.0XJ | Early | Not Scheduled |
> | |Deployment |----------------------------------|
> | | (ED): limited | Upgrade recommended to 12.1(9) |
> |---------+---------------+----------------------------------|
> | 12.0(5) | Early | Not Scheduled |
> | XK |Deployment |----------------------------------|
> | | (ED): limited | Upgrade recommended to 12.1(9) |
> |---------+---------------+----------------------------------|
> | 12.0(7) | Early | Not Scheduled |
> | XK |Deployment |----------------------------------|
> | | (ED): limited | Upgrade recommended to 12.2(4) |
> |---------+---------------+----------------------------------|
> | 12.0XL | Early | Not Scheduled |
> | |Deployment |----------------------------------|
> | | (ED): limited | Upgrade recommended to 12.1(9) |
> |---------+---------------+----------------------------------|
> | 12.0XM | Early | Not Scheduled |
> | |Deployment |----------------------------------|
> | | (ED): limited | Upgrade recommended to 12.0(5) |
> | | platforms | YB4 |
> | | | Availability date to be |
> | | | determined |
> |---------+---------------+----------------------------------|
> | 12.0XN | Early | Not Scheduled |
> | |Deployment |----------------------------------|
> | | (ED): limited | Upgrade recommended to 12.1(9) |
> |---------+---------------+----------------------------------|
> | 12.0XP | Early | Not Scheduled |
> | |Deployment |----------------------------------|
> | | (ED): limited | Upgrade recommended to 12.0WC |
> |---------+---------------+----------------------------------|
> | 12.0XQ | Early | Not Scheduled |
> | |Deployment |----------------------------------|
> | | (ED): limited | Upgrade recommended to 12.1(9) |
> |---------+---------------+----------------------------------|
> | 12.0XR | Early | Not Scheduled |
> | |Deployment |----------------------------------|
> | | (ED): limited | Upgrade recommended to 12.2(3) |
> |---------+---------------+----------------------------------|
> | 12.0XS | Early | End of Engineering |
> | |Deployment |----------------------------------|
> | | (ED): limited | Upgrade recommended to 12.1(8a)E |
> |---------+---------------+----------------------------------|
> | 12.0XU | Early | Not Scheduled |
> | |Deployment |----------------------------------|
> | | (ED): limited | Upgrade recommended to 12.0WC |
> |---------+---------------+----------------------------------|
> | 12.0XV | Early | Not Scheduled |
> | |Deployment |----------------------------------|
> | | (ED): limited | Upgrade recommended to 12.2(4) |
> |-------------------------+----------------------------------|
> | 12.1-based Releases | Rebuild | Interim* | Maintenance |
> | | | * | |
> |-------------------------+---------+----------+-------------|
> | 12.1 | General | | 12.1 | 12.1(9) |
> | | deployment | | (8.1) | |
> | | release for | | | |
> | | all platforms | | | |
> |---------+---------------+---------+----------+-------------|
> | 12.1AA | Dial support | | | 12.1(9)AA |
> |---------+---------------+---------+----------+-------------|
> | 12.1CX | Core/ISP | | | 12.1(7)CX |
> | | support: GSR, | | | |
> | | RSP, c7200 | | | |
> |---------+---------------+---------+----------+-------------|
> | 12.1DA | xDSL support: | 12.1(7) | | |
> | | 6100, 6200 | DA2 | | |
> |---------+---------------+---------+----------+-------------|
> | 12.1DB | Cisco IOS | | | 12.2(2)B |
> | | Software | | | |
> | | Release 12.1 | | | |
> | | (1)DB | | | |
> | | supports | | | |
> | | Cisco s 6400 | | | |
> | | Universal | | | |
> | | Access | | | |
> | | Concentrator | | | |
> |---------+---------------+---------+----------+-------------|
> | 12.1DC | Cisco IOS | | | 12.2(2)B |
> | | Software | | | |
> | | Release 12.1 | | | |
> | | (1)DC | | | |
> | | supports | | | |
> | | Cisco s 6400 | | | |
> | | Universal | | | |
> | | Access | | | |
> | | Concentrator | | | |
> |---------+---------------+---------+----------+-------------|
> | 12.1E | Core/ISP | 12.1 | 12.1 | 12.1(8a)E |
> | | support: GSR, | (7a)E2 | (8.5)E | |
> | | RSP, c7200 | | | |
> |---------+---------------+---------+----------+-------------|
> | 12.1EC | 12.1EC is | 12.1 | 12.1 | 12.1(7)EC |
> | | being offered | (6.5) | (8.5)EC | |
> | | to allow | EC3 | | |
> | | early support | | | |
> | | of new | | | |
> | | features on | | | |
> | | the uBR7200 | | | |
> | | platform, as | | | |
> | | well as | | | |
> | | future | | | |
> | | support for | | | |
> | | new Universal | | | |
> | | Broadband | | | |
> | | Router | | | |
> | | headend | | | |
> | | platforms. | | | |
> |---------+---------------+---------+----------+-------------|
> | 12.1EX | Catalyst 6000 | | | 12.1(8a)E |
> | | support | | | |
> |---------+---------------+---------+----------+-------------|
> | 12.1EY | Cat8510c, | | | 12.1(6)EY |
> | | Cat8510m, | | | |
> | | Cat8540c, | | | |
> | | Cat8540m, | | | |
> | | LS1010 | | | |
> |---------+---------------+---------+----------+-------------|
> | 12.1EZ | Early | 12.1(6) | | |
> | | Deployment | EZ2 | | |
> | | (ED): special | | | |
> | | image | | | |
> |---------+---------------+---------+----------+-------------|
> | 12.1T | Early | 12.1(5) | | |
> | | Deployment | T9 | | |
> | | (ED): VPN, | | | |
> | | Distributed | | | |
> | | Director, | | | |
> | | various | | | |
> | | platforms | | | |
> |---------+---------------+----------------------------------|
> | 12.1XA | Early | Not Scheduled |
> | |Deployment |----------------------------------|
> | | (ED): limited | Upgrade recommended to 12.2(3) |
> |---------+---------------+----------------------------------|
> | 12.1XB | Early | | | |
> | | Deployment | | | |
> | | (ED): limited | | | |
> | | platforms | | | |
> |---------+---------------+----------------------------------|
> | 12.1XC | Early | Not Scheduled |
> | |Deployment |----------------------------------|
> | | (ED): limited | Upgrade recommended to 12.2(3) |
> |---------+---------------+----------------------------------|
> | 12.1XD | Early | Not Scheduled |
> | |Deployment |----------------------------------|
> | | (ED): limited | Upgrade recommended to 12.2(3) |
> |---------+---------------+----------------------------------|
> | 12.1XE | Early | | | |
> | | Deployment | | | |
> | | (ED): limited | | | |
> | | platforms | | | |
> |---------+---------------+---------+----------+-------------|
> | 12.1XF | Early | 12.1(2) | | |
> | | Deployment | XF4 | | |
> | | (ED): 811 and | | | |
> | | 813 (c800 | | | |
> | | images) | | | |
> |---------+---------------+---------+----------+-------------|
> | 12.1XG | Early | | | |
> | | Deployment | | | |
> | | (ED): 800, | | | |
> | | 805, 820, and | | | |
> | | 1600 | | | |
> |---------+---------------+----------------------------------|
> | 12.1XH | Early | Not Scheduled |
> | |Deployment |----------------------------------|
> | | (ED): limited | Upgrade recommended to 12.2(3) |
> |---------+---------------+----------------------------------|
> | 12.1XI | Early | Not Scheduled |
> | |Deployment |----------------------------------|
> | | (ED): limited | Upgrade recommended to 12.2(3) |
> |---------+---------------+----------------------------------|
> | 12.1XJ | Early | Not Scheduled |
> | |Deployment |----------------------------------|
> | | (ED): limited | Upgrade recommended to 12.1(5) |
> | | platforms | YB4 |
> |---------+---------------+----------------------------------|
> | 12.1XK | Early | | | |
> | | Deployment | | | |
> | | (ED): limited | | | |
> | | platforms | | | |
> |---------+---------------+----------------------------------|
> | 12.1XL | Early | Not Scheduled |
> | |Deployment |----------------------------------|
> | | (ED): limited | Upgrade recommended to 12.2(3) |
> |---------+---------------+----------------------------------|
> | 12.1XM | Short-lived | 12.1(5) | | |
> | | early | XM4 | | |
> | | deployment | | | |
> | | release | | | |
> |---------+---------------+---------+----------+-------------|
> | 12.1XP | Early | 12.1(5) | | |
> | | Deployment | YB4 | | |
> | | (ED): 1700 | | | |
> | | and SOHO | | | |
> |---------+---------------+----------------------------------|
> | 12.1XQ | Short-lived | Not Scheduled |
> | |early |----------------------------------|
> | | deployment | Upgrade recommended to 12.2(1b) |
> |---------+---------------+----------------------------------|
> | 12.1XR | Short-lived | End of Engineering |
> | |early |----------------------------------|
> | | deployment | Migrate recommended to 12.1(5) |
> | | release | YD2 |
> |---------+---------------+----------------------------------|
> | 12.1XS | Short-lived | 12.1(5) | | |
> | | early | XS2 | | |
> | | deployment | | | |
> | | release | | | |
> |---------+---------------+----------------------------------|
> | 12.1XT | Early | Not Scheduled |
> | |Deployment |----------------------------------|
> | | (ED): 1700 | Upgrade recommended to 12.1(5) |
> | | series | YB4 |
> |---------+---------------+----------------------------------|
> | 12.1XU | Early | End of Engineering |
> | |Deployment |----------------------------------|
> | | (ED): limited | Upgrade recommended to 12.2(2)XA |
> |---------+---------------+----------------------------------|
> | 12.1XV | Short-lived | 12.1(5) | | |
> | | early | XV3 | | |
> | | deployment | | | |
> | | release | | | |
> |---------+---------------+----------------------------------|
> | 12.1XW | Short-lived | Not Scheduled |
> | |early |----------------------------------|
> | | deployment | Upgrade recommended to 12.2DD |
> |---------+---------------+----------------------------------|
> | 12.1XX | Short-lived | | | |
> | | early | | | |
> | | deployment | | | |
> | | release | | | |
> |---------+---------------+---------+----------+-------------|
> | 12.1XY | Short-lived | | | |
> | | early | | | |
> | | deployment | | | |
> | | release | | | |
> |---------+---------------+---------+----------+-------------|
> | 12.1XZ | Short-lived | | | |
> | | early | | | |
> | | deployment | | | |
> | | release | | | |
> |---------+---------------+---------+----------+-------------|
> | 12.1YA | Short-lived | | | |
> | | early | | | |
> | | deployment | | | |
> | | release | | | |
> |---------+---------------+---------+----------+-------------|
> | 12.1YB | Short-lived | 12.1(5) | | |
> | | early | YB4 | | |
> | | deployment | | | |
> | | release | | | |
> |---------+---------------+---------+----------+-------------|
> | 12.1YC | Short-lived | 12.1(5) | | |
> | | early | YC1 | | |
> | | deployment | | | |
> | | release | | | |
> |---------+---------------+---------+----------+-------------|
> | 12.1YD | Short-lived | 12.1(5) | | |
> | | early | YD2 | | |
> | | deployment | | | |
> | | release | | | |
> |---------+---------------+---------+----------+-------------|
> | 12.1YF | Short-lived | 12.1(5) | | |
> | | early | YF2 | | |
> | | deployment | | | |
> | | release | | | |
> |-------------------------+---------+----------+-------------|
> | 12.2-based Releases | Rebuild | Interim* | Maintenance |
> | | | * | |
> |-------------------------+---------+----------+-------------|
> | 12.2 | General | | 12.2 | 12.2(3) |
> | | deployment | | (1.1) | |
> | | release for | | | |
> | | all platforms | | | |
> |---------+---------------+---------+----------+-------------|
> | 12.2B | General | | 12.2 | 12.2(2)B |
> | | deployment | | (3.4)B | |
> | | release for | | | |
> | | all platforms | | | |
> |---------+---------------+---------+----------+-------------|
> | 12.2PB | General | | 12.2 | |
> | | deployment | | (3.4)BP | |
> | | release for | | | |
> | | all platforms | | | |
> |---------+---------------+---------+----------+-------------|
> | 12.2PI | General | | 12.2 | |
> | | deployment | | (1.1)PI | |
> | | release for | | | |
> | | all platforms | | | |
> |---------+---------------+---------+----------+-------------|
> | 12.2S | General | | 12.2 | |
> | | deployment | | (1.4)S | |
> | | release for | | | |
> | | all platforms | | | |
> |---------+---------------+---------+----------+-------------|
> | 12.2T | General | | 12.2 | 12.2(4)T |
> | | deployment | | (2.2)T | |
> | | release for | | | |
> | | all platforms | | | |
> |---------+---------------+---------+----------+-------------|
> | 12.2XA | SPLOB | 12.2(2) | | |
> | | | XA1 | | |
> |---------+---------------+---------+----------+-------------|
> | 12.2XD | Short-lived | 12.2(1) | | |
> | | early | XD1 | | |
> | | deployment | | | |
> | | release | | | |
> |---------+---------------+---------+----------+-------------|
> | 12.2XE | Short-lived | | | 12.2(1)XE |
> | | early | | | |
> | | deployment | | | |
> | | release | | | |
> |---------+---------------+---------+----------+-------------|
> | 12.2XH | Short-lived | | | 12.2(1)XH |
> | | early | | | |
> | | deployment | | | |
> | | release | | | |
> |---------+---------------+---------+----------+-------------|
> | 12.2XQ | Short-lived | | | 12.2(1)XQ |
> | | early | | | |
> | | deployment | | | |
> | | release | | | |
> |------------------------------------------------------------|
> | Notes |
> |------------------------------------------------------------|
> | * All dates are estimates and subject to change. |
> | |
> | ** Interim releases are subjected to less rigorous testing |
> | than regular maintenance releases, and may have serious |
> | bugs. |
> +------------------------------------------------------------+
>
> Obtaining Fixed Software
> ========================
> Cisco is offering free software upgrades to remedy this
> vulnerability for
> all affected customers. Customers may only install and expect
> support for
> the feature sets they have purchased.
>
> Customers with service contracts should obtain upgraded
> software through
> their regular update channels to any software release containing the
> feature sets they have purchased. For most customers, this means that
> upgrades should be obtained through the Software Center on Cisco's
> worldwide website at http://www.cisco.com.
>
> Customers whose Cisco products are provided or maintained
> through prior or
> existing agreement with third-party support organizations
> such as Cisco
> Partners, authorized resellers, or service providers should
> contact that
> support organization for assistance with the upgrade, which
> should be free
> of charge.
>
> Customers who purchased directly from Cisco but who do not
> hold a Cisco
> service contract, and customers who purchase through third
> party vendors
> but are unsuccessful at obtaining fixed software through
> their point of
> sale, should obtain fixed software by contacting the Cisco Technical
> Assistance Center (TAC). In those cases, customers may only
> upgrade to a
> later version of the same release as indicated by the
> applicable row in the
> Software Versions and Fixes table.
>
> Cisco TAC contacts are as follows:
>
> * +1 800 553 2447 (toll-free from within North America)
> * +1 408 526 7209 (toll call from anywhere in the world)
> * e-mail: tac@cisco.com
>
> See http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml for
> additional TAC contact information, including special
> localized telephone
> numbers and instructions and e-mail addresses for use in
> various languages.
>
> Please have your product serial number available and give the
> URL of this
> notice as evidence of your entitlement to a free upgrade.
> Free upgrades for
> non-contract customers must be requested through the TAC.
>
> Please do not contact either "psirt@cisco.com" or
> "security-alert@cisco.com" for software upgrades.
>
> Workarounds
> ===========
> Cisco IOS
> - ----------
> There are a few methods available to lower the exposure. You can
> combine these methods or use them individually.
>
> * Prevent IOS from processing NTP queries at all. No other
> NTP function
> is affected by this. This can be accomplished by adding
> the following
> statement into the configuration:
>
> ntp access-group serve-only
>
> * Use NTP with authentication. You must enable this feature on all
> participating peers and servers. You can enable it in IOS
> as follows:
>
> ntp authentication-key 20 md5 your_NTP_key
> ntp authenticate
> ntp trusted-key 20
>
> Note: The key must be the same on all participating peers
> and servers.
>
> * It is possible to mitigate the exposure by using ACLs and
> dropping all
> NTP packets that are not from the legitimate servers. This can be
> accomplished as follows:
>
> access-list 10 permit 1.2.3.4
> access-list 10 permit 5.6.7.8
> access-list 10 deny any any
> !
> ntp access-group peer 10
>
> In the above example, 1.2.3.4 and 5.6.7.8 are addresses
> of peers or
> servers from which NTP packets will be accepted.
>
> * Additionally, if you are not using NTP servers external from your
> network, you can drop all NTP packets on the network
> boundary. This can
> be done by the ACL as follows:
>
> access-list 101 deny udp any any eq ntp
>
> For more detailed information regarding individual commands
> and additional
> examples, please refer to the following documentation:
>
> *
> http://www.cisco.com/univercd/cc/td/doc/product/software/ios12
> 1/121cgcr
> /fun_c/fcprt3/fcd303.htm
>
> * http://www.cisco.com/public/cons/isp/essentials/
>
> MGC and Related Products
> Cisco IP Manager
> BTS 10200
> - ----------
>
> Although the workaround was posted on the Bugtraq list we
> recommend
> installing the patch provided.
>
> The users must follow the installation instructions that
> are part of
> the patch.
>
> Exploitation and Public Announcements
> =====================================
> This vulnerability was discovered by Przemyslaw Frasunek and
> it has been
> posted on the Bugtraq list on 2001-April-04. The full text of
> the mail can
> be seen at: http://www.securityfocus.com/archive/1/174011.
>
> Our initial response has been sent to Bugtraq on
> 2001-April-12 and can be
> seen at http://www.securityfocus.com/archive/1/176137.
>
> Status of This Notice: FINAL
> ============================
> This is a final notice. Although Cisco cannot guarantee the
> accuracy of all
> statements in this notice, all of the facts have been checked
> to the best
> of our ability. Cisco does not anticipate issuing updated
> versions of this
> notice unless there is some material change in the facts.
> Should there be a
> significant change in the facts, Cisco may update this notice.
>
> A standalone copy or paraphrase of the text of this security
> advisory that
> omits the distribution URL in the following section is an uncontrolled
> copy, and may lack important information or contain factual errors.
>
> Distribution
> ============
> This notice will be posted on Cisco's Worldwide Web site at http://
> www.cisco.com/warp/public/707/ntp-pub.shtml. In addition to
> Worldwide Web
> posting, a text version of this notice is clear-signed with
> the Cisco PSIRT
> PGP key and is posted to the following e-mail and Usenet news
> recipients:
>
> * cust-security-announce@cisco.com
> * bugtraq@securityfocus.com
> * first-teams@first.org (includes CERT/CC)
> * cisco@spot.colorado.edu
> * comp.dcom.sys.cisco
> * firewalls@lists.gnac.com
> * Various internal Cisco mailing lists
>
> Future updates of this notice, if any, will be placed on
> Cisco's Worldwide
> Web server, but may or may not be actively announced on
> mailing lists or
> newsgroups. Users concerned about this problem are encouraged
> to check the
> URL given above for any updates.
>
> Revision History
> ================
> +-------------------------------------------------+
> |Revision |2002-May-08 16:00 |Initial public |
> |1.0 |UTC+0000 |release |
> +-------------------------------------------------+
>
> Cisco Security Procedures
> =========================
> Complete information on reporting security vulnerabilities in Cisco
> products, obtaining assistance with security incidents, and
> registering to
> receive security information from Cisco, is available on
> Cisco's Worldwide
> Web site at
> http://www.cisco.com/warp/public/707/sec_incident_response.shtml
> This includes instructions for press inquiries regarding
> Cisco security
> notices.
>
> All Cisco Security Advisories are available at
> http://www.cisco.com/go/psirt
>
> -
> --------------------------------------------------------------
> --------------
>
> This notice is Copyright 2002 by Cisco Systems, Inc. This
> notice may be
> redistributed freely after the release date given at the top
> of the text,
> provided that redistributed copies are complete and
> unmodified, and include
> all date and version information.
>
> -
> --------------------------------------------------------------
> --------------
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 6.5.3
>
> iQEVAwUBPNlQNw/VLJ+budTTAQHaOwf/TtX5LlnyHiYyJ9wPzI87zIaGXpy4V2+9
> n+5Bs+gPgj98xMzYchzeYhtMmIdoeCW6A4EKraoN+Dsr3sk2HER8Nx/cr2kgztkb
> p78VEY0GPjHpQcPTQaDoJfaUDj8iqZdyDCZzKLx1GrfQLykWRE0XfI4P4hZ9YTKx
> hEo+FgTeBlOoOxMb0kbVfPs2Er8ma18Y+Swx72zAzWhnufX6z8bPAqoTpvF6cmML
> otwRRvrrm7P628SBsJYmcjm6r1vzwZ0Lh6PoGdMcG/wBtO9+WyCzAeV50TsRg8AR
> UFfDbZrGy1wIEkGpUl/VOFSEnL7laKey1ejH1TKzaUnJ4axIUXM+UA==
> =Yk3J
> -----END PGP SIGNATURE-----
>
>



This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:13:44 EDT