[c-nsp] Possible security issue with CDP
Hank Nussbacher
hank at efes.iucc.ac.il
Thu Jun 26 12:12:00 EDT 2008
On Thu, 26 Jun 2008, Jared Mauch wrote:
Of course. This was opened with PSIRT (PSIRT-0642590629) on March 26 and
was discussed internally by them and I argued against their view but they
held their ground and the results were just concluded and I posted them
here so everyone can realize it. They know I am posting to cisco-nsp as
well.
-Hank
> Have you contacted PSIRT regarding this issue? It would seem
> to indicate a lack of proper security posture on part of the company
> to not view the secret enabling of a feature a problem.
>
> - Jared
>
> On Thu, Jun 26, 2008 at 08:31:25AM +0300, Hank Nussbacher wrote:
>> Just wanted to alert people to a possible minor info leak in regards
>> to Cisco CDP.
>>
>> We had 'cdp off' on POS11/0/0 which is an STM-16 link. Now change the
>> encap from ppp to hdlc. Automagically, without notifying anyone, IOS
>> changes CDP to be on. Not a good thing when trying to maintain a secure
>> router.
>>
>> This behavior has been documented in CSCso40579 but has been marked
>> closed.
>>
>> CSCso59137 (sev=4) documents the behavior as working as designed. This
>> bugid will print a CDP status change message when such an event occurs.
>>
>> There have been security issues with CDP previously:
>> <http://www.cisco.com/en/US/tech/tk962/technologies_security_notice09186a0080093ef0.html>
>> so if you want your router to be secure, always double check your
>> settings since things might change without you knowing it.
>>
>> -Hank
>>
>> _______________________________________________
>> cisco-nsp mailing list cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> --
> Jared Mauch | pgp key available via finger from jared at puck.nether.net
> clue++; | http://puck.nether.net/~jared/ My statements are only mine.
>
More information about the cisco-nsp
mailing list