分享
 
 
 

ISSalert:ISSSecurityAdvisory:Remot

王朝other·作者佚名  2008-05-19
窄屏简体版  字體: |||超大  

-----BEGIN PGP SIGNED MESSAGE-----

ISS Security Advisory

March 24, 1999

Remote Denial of Service Vulnerability in Cisco Catalyst Series Ethernet

Switches

Internet Security Systems (ISS) X-Force has discovered several

vulnerabilities in Cisco Catalyst Series Ethernet Switches running the Cisco

fixed configuration switch software. Cisco Catalyst switches are commonly

used in high volume production environments supporting high-end servers and

"virtual LAN" configurations.

Affected Models:

Catalyst 1200, 2900, 5000, and 5500 series switches are affected. The

Catalyst 2900XL and Catalyst 2926 are not affected.

Vulnerable Software Versions:

Catalyst 1200 family supervisor software versions up to and including 4.29

are vulnerable.

Catalyst 2900 family supervisor software revisions up to and including

2.1(5) are vulnerable.

Catalyst 5000 and 5500 family supervisor software revisions up to and

including 2.1(5) are vulnerable.

For the 2900, 5000, and 5500 series, minor revisions 2.1(501) and 2.1(502)

are also vulnerable.

Recommendations:

Upgrade your switch to the most recent version of the Catalyst switch

software, or any version that is not vulnerable. All affected users are

urged to review the "For More Information" section of this advisory.

Free fixes are available from Cisco Systems. Service contract customers can

download new versions of switch software at:

http://www.cisco.com/kobayashi/sw-center/sw-switching.shtml

Non-contract customers should contact the Cisco Technical Assistance Center

(TAC). TAC contacts are:

* +1 800 553 2447 (toll-free from within North America)

* +1 408 526 7209 (toll call from anywhere in the world)

e-mail: tac@cisco.com

An immediate workaround involves removing the IP address from the vulnerable

switch hardware. This workaround has the negative effect of disabling remote

management of the switch.

ISS X-Force recommends that border routers and firewalls are configured to

block all traffic to the vulnerable switches from untrusted sources.

Description:

The Cisco Catalyst 5000 Series Ethernet Switches run fixed configuration

switch software. This software operates an undocumented TCP service. Sending

a carriage return character to this port causes the switch to immediately

reset. An attacker may repeat this action indefinitely, causing a denial of

network services. The switch software does not provide any IP filtering

options to prevent this type of attack.

Credits:

These vulnerabilities were primarily researched by Josh Sierles and Chris

Stach of the ISS X-Force. ISS appreciates the assistance of the individuals

at Cisco Systems.

For more information:

Cisco's public advisory including detailed fix and support information is

located at: http://www.cisco.com/warp/public/770/cat7161-pub.shtml

Documentation on Cisco Catalyst switches is available at:

http://www.cisco.com/univercd/cc/td/doc/product/lan/index.htm

___________

Copyright (c) 1999 by Internet Security Systems, Inc.

Permission is hereby granted for the redistribution of this alert

electronically. It is not to be edited in any way without express

consent of X-Force. If you wish to reprint the whole or any part of this

alert in any other medium excluding electronic medium, please e-mail

xforce@iss.net for permission.

Disclaimer:

The information within this paper may change without notice. Use of this

information constitutes acceptance for use in an AS IS condition. There

are NO warranties with regard to this information. In no event shall the

author be liable for any damages whatsoever arising out of or in

connection with the use or spread of this information. Any use of this

information is at the user's own risk.

X-Force PGP Key available at: http://www.iss.net/xforce/sensitive.html,

as well as on MIT's PGP key server and PGP.com's key server.

X-Force Vulnerability and Threat Database: http://www.iss.net/xforce

Please send suggestions, updates, and comments to: X-Force

of Internet Security Systems, Inc.

-----BEGIN PGP SIGNATURE-----

Version: 2.6.3a

Charset: noconv

iQCVAwUBNvkLHjRfJiV99eG9AQFuHQP/TfumLTSwGdkog2q15aWvV7ilcRBolfmD

2zuM8clvNRRkr2GXKHp1z80IlSI6C1F+3XTPSoBiRXOR7uD2IV0SkFzvr0WC2tMx

UmL5k9EUBBGhHtmQUm5UM2JcSnGEHrTR7WWoX7Xac1EThjbQqPrj91MairHhumT0

qJWuMRUvr9Y=

=4KdT

-----END PGP SIGNATURE-----

 
 
 
免责声明:本文为网络用户发布,其观点仅代表作者个人观点,与本站无关,本站仅提供信息存储服务。文中陈述内容未经本站证实,其真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
2023年上半年GDP全球前十五强
 百态   2023-10-24
美众议院议长启动对拜登的弹劾调查
 百态   2023-09-13
上海、济南、武汉等多地出现不明坠落物
 探索   2023-09-06
印度或要将国名改为“巴拉特”
 百态   2023-09-06
男子为女友送行,买票不登机被捕
 百态   2023-08-20
手机地震预警功能怎么开?
 干货   2023-08-06
女子4年卖2套房花700多万做美容:不但没变美脸,面部还出现变形
 百态   2023-08-04
住户一楼被水淹 还冲来8头猪
 百态   2023-07-31
女子体内爬出大量瓜子状活虫
 百态   2023-07-25
地球连续35年收到神秘规律性信号,网友:不要回答!
 探索   2023-07-21
全球镓价格本周大涨27%
 探索   2023-07-09
钱都流向了那些不缺钱的人,苦都留给了能吃苦的人
 探索   2023-07-02
倩女手游刀客魅者强控制(强混乱强眩晕强睡眠)和对应控制抗性的关系
 百态   2020-08-20
美国5月9日最新疫情:美国确诊人数突破131万
 百态   2020-05-09
荷兰政府宣布将集体辞职
 干货   2020-04-30
倩女幽魂手游师徒任务情义春秋猜成语答案逍遥观:鹏程万里
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案神机营:射石饮羽
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案昆仑山:拔刀相助
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案天工阁:鬼斧神工
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案丝路古道:单枪匹马
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:与虎谋皮
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:李代桃僵
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:指鹿为马
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案金陵:小鸟依人
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案金陵:千金买邻
 干货   2019-11-12
 
推荐阅读
 
 
 
>>返回首頁<<
 
靜靜地坐在廢墟上,四周的荒凉一望無際,忽然覺得,淒涼也很美
© 2005- 王朝網路 版權所有