Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

   


   


   

















      :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] New cisco vulnerabilities



http://isc.sans.org/diary.html?n&storyid=3250

 Cisco is back, so you can go read up on their new advisories (<--- See! 
English)
Published: 2007-08-08,
Last Updated: 2007-08-08 22:19:56 UTC
by Tom Liston (Version: 1)

Here they are:

1: Cisco Security Advisory: Cisco IOS Secure Copy Authorization Bypass 
Vulnerability
2: Cisco Security Advisory: Cisco IOS Next Hop Resolution Protocol Vulnerability
3: Cisco Security Advisory: Cisco IOS Information Leakage Using IPv6 Routing 
Header
4: Cisco Security Advisory: Voice Vulnerabilities in Cisco IOS and Cisco 
Unified Communications Manager

Issue 1:
IOS has the capability to act as an SCP server (through the addition of the IOS 
Secure Copy Server service).  There is a flaw in this service that allows any 
valid user to access any file on the Cisco device (including device 
configuration files).

Issue 2:
There is an issue with Cisco's implementation of the Next Hop Resolution 
Protocol (NHRP) that could potentially cause a device restart or (possibly) 
code execution on the device.  The issue affects NHRP running at all layers 
(Layer 2, GRE / mGRE, or at the IP layer).

Issue 3:
Specially crafted IPv6 packets with a type 0 routing header can cause 
information leakage or a crash of the affected IOS or IOS XR devices.

Issue 4:
There are issues with voice-related vulnerabilities in multiple protocols 
[Session Initiation Protocol (SIP), Media Gateway Control Protocol (MGCP), 
Signaling protocols H.323, H.254, Real-time Transport Protocol (RTP), and 
Facsimile reception]. These issues affect IOS (if voice services are enabled) 
and one (SIP related) is found in Cisco Unified Communications Manager.

Mitigating issues:

1: Not much... user needs a login, but after that, it's pretty much game-over.
2: Layer 2 only... attacker needs to be on the same link
3: Only the IPv6 subsystem crashes... IPv4 appears (from the advisory) to still 
function
4: Uh... not much... patch this 'un now.. The others can potentially wait for 
testing, this one can't.

If you're doing VoIP stuff w/Cisco hardware, then Issue #4 is a definite 
must-do... other than that, prioritizing these is difficult because they all 
are very "configuration-centric."  Sorry...



 




Copyright © Lexa Software, 1996-2009.