[c-nsp] Possible security issue with CDP

Jared Mauch jared at puck.nether.net
Thu Jun 26 11:21:27 EDT 2008


	Have you contacted PSIRT regarding this issue?  It would seem
to indicate a lack of proper security posture on part of the company
to not view the secret enabling of a feature a problem.

	- Jared

On Thu, Jun 26, 2008 at 08:31:25AM +0300, Hank Nussbacher wrote:
> Just wanted to alert people to a possible minor info leak in regards
> to Cisco CDP.
>
> We had 'cdp off' on POS11/0/0 which is an STM-16 link. Now change the
> encap from ppp to hdlc. Automagically, without notifying anyone, IOS
> changes CDP to be on. Not a good thing when trying to maintain a secure
> router.
>
> This behavior has been documented in CSCso40579 but has been marked
> closed.
>
> CSCso59137 (sev=4) documents the behavior as working as designed. This
> bugid will print a CDP status change message when such an event occurs.
>
> There have been security issues with CDP previously:
> <http://www.cisco.com/en/US/tech/tk962/technologies_security_notice09186a0080093ef0.html>
> so if you want your router to be secure, always double check your
> settings since things might change without you knowing it.
>
> -Hank
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

-- 
Jared Mauch  | pgp key available via finger from jared at puck.nether.net
clue++;      | http://puck.nether.net/~jared/  My statements are only mine.


More information about the cisco-nsp mailing list