Lexa Software: Security-Alerts@yandex-team.ru archive

		Apache-Talk @lexa.ru
		Inet-Admins @info.east.ru
		Filmscanners @halftone.co.uk
		Security-alerts @yandex-team.ru
		nginx-ru @sysoev.ru

СТАТЬИ

ПЕРСОНАЛЬНОЕ

ПРОГРАММЫ

ПИШИТЕ
ПИСЬМА

АРХИВ :: Security-alerts

Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] New cisco vulnerabilities

To: "security-alerts@xxxxxxxxxxxxxx" <security-alerts@xxxxxxxxxxxxxx>
Subject: [security-alerts] New cisco vulnerabilities
From: "Kazennov, Vladimir" <Vladimir.Kazennov@xxxxxxxxxx>
Date: Thu, 9 Aug 2007 10:51:21 +0400
Accept-language: ru-RU, en-US
Acceptlanguage: ru-RU, en-US
Content-language: ru-RU
List-archive: <http://www.lexa.ru/security-alerts/> (Web Archive)
List-id: <security-alerts.yandex-team.ru>
List-subscribe: <mailto:majordomo@yandex-team.ru?body=subscribe%20security-alerts>
List-unsubscribe: <mailto:majordomo@yandex-team.ru?body=unsubscribe%20security-alerts>
Thread-index: AcfaUbGOSSOU88FURHWExUPo2VS/wA==
Thread-topic: New cisco vulnerabilities

http://isc.sans.org/diary.html?n&storyid=3250

 Cisco is back, so you can go read up on their new advisories (<--- See! 
English)
Published: 2007-08-08,
Last Updated: 2007-08-08 22:19:56 UTC
by Tom Liston (Version: 1)

Here they are:

1: Cisco Security Advisory: Cisco IOS Secure Copy Authorization Bypass 
Vulnerability
2: Cisco Security Advisory: Cisco IOS Next Hop Resolution Protocol Vulnerability
3: Cisco Security Advisory: Cisco IOS Information Leakage Using IPv6 Routing 
Header
4: Cisco Security Advisory: Voice Vulnerabilities in Cisco IOS and Cisco 
Unified Communications Manager

Issue 1:
IOS has the capability to act as an SCP server (through the addition of the IOS 
Secure Copy Server service).  There is a flaw in this service that allows any 
valid user to access any file on the Cisco device (including device 
configuration files).

Issue 2:
There is an issue with Cisco's implementation of the Next Hop Resolution 
Protocol (NHRP) that could potentially cause a device restart or (possibly) 
code execution on the device.  The issue affects NHRP running at all layers 
(Layer 2, GRE / mGRE, or at the IP layer).

Issue 3:
Specially crafted IPv6 packets with a type 0 routing header can cause 
information leakage or a crash of the affected IOS or IOS XR devices.

Issue 4:
There are issues with voice-related vulnerabilities in multiple protocols 
[Session Initiation Protocol (SIP), Media Gateway Control Protocol (MGCP), 
Signaling protocols H.323, H.254, Real-time Transport Protocol (RTP), and 
Facsimile reception]. These issues affect IOS (if voice services are enabled) 
and one (SIP related) is found in Cisco Unified Communications Manager.

Mitigating issues:

1: Not much... user needs a login, but after that, it's pretty much game-over.
2: Layer 2 only... attacker needs to be on the same link
3: Only the IPv6 subsystem crashes... IPv4 appears (from the advisory) to still 
function
4: Uh... not much... patch this 'un now.. The others can potentially wait for 
testing, this one can't.

If you're doing VoIP stuff w/Cisco hardware, then Issue #4 is a definite 
must-do... other than that, prioritizing these is difficult because they all 
are very "configuration-centric."  Sorry...

Prev by Date: [security-alerts] FW: @RISK: The Consensus Security Vulnerability Alert Vol. 6 No. 32
Next by Date: [security-alerts] FW: [SA25215] Symantec Products NavComUI ActiveX Control Code Execution
Previous by thread: [security-alerts] FW: @RISK: The Consensus Security Vulnerability Alert Vol. 6 No. 32
Next by thread: [security-alerts] FW: [SA25215] Symantec Products NavComUI ActiveX Control Code Execution
Index(es):
- Date
- Thread