[c-nsp] Possible security issue with CDP
Aaron
dudepron at gmail.com
Thu Jun 26 21:41:52 EDT 2008
Curious. Was CDP globally disabled? Don't want to make any assumptions.
Aaron
On Thu, Jun 26, 2008 at 12:12 PM, Hank Nussbacher <hank at efes.iucc.ac.il>
wrote:
> On Thu, 26 Jun 2008, Jared Mauch wrote:
>
> Of course. This was opened with PSIRT (PSIRT-0642590629) on March 26 and
> was discussed internally by them and I argued against their view but they
> held their ground and the results were just concluded and I posted them here
> so everyone can realize it. They know I am posting to cisco-nsp as well.
>
> -Hank
>
>
> Have you contacted PSIRT regarding this issue? It would seem
>> to indicate a lack of proper security posture on part of the company
>> to not view the secret enabling of a feature a problem.
>>
>> - Jared
>>
>> On Thu, Jun 26, 2008 at 08:31:25AM +0300, Hank Nussbacher wrote:
>>
>>> Just wanted to alert people to a possible minor info leak in regards
>>> to Cisco CDP.
>>>
>>> We had 'cdp off' on POS11/0/0 which is an STM-16 link. Now change the
>>> encap from ppp to hdlc. Automagically, without notifying anyone, IOS
>>> changes CDP to be on. Not a good thing when trying to maintain a secure
>>> router.
>>>
>>> This behavior has been documented in CSCso40579 but has been marked
>>> closed.
>>>
>>> CSCso59137 (sev=4) documents the behavior as working as designed. This
>>> bugid will print a CDP status change message when such an event occurs.
>>>
>>> There have been security issues with CDP previously:
>>> <
>>> http://www.cisco.com/en/US/tech/tk962/technologies_security_notice09186a0080093ef0.html
>>> >
>>> so if you want your router to be secure, always double check your
>>> settings since things might change without you knowing it.
>>>
>>> -Hank
>>>
>>> _______________________________________________
>>> cisco-nsp mailing list cisco-nsp at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>>
>>
>> --
>> Jared Mauch | pgp key available via finger from jared at puck.nether.net
>> clue++; | http://puck.nether.net/~jared/<http://puck.nether.net/%7Ejared/> My statements are only mine.
>>
>> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list