安全研究

安全漏洞
Cisco Internet Operating System SNMP消息处理远程拒绝服务漏洞

发布日期:2004-04-20
更新日期:2004-04-26

受影响系统:
Cisco IOS 12.3 (6)
Cisco IOS 12.3 (5b)
Cisco IOS 12.3 (5a)b
Cisco IOS 12.3 (5a)
Cisco IOS 12.3 (5)
Cisco IOS 12.3 (4)XD1
Cisco IOS 12.3 (4)XD
Cisco IOS 12.3 (4)T3
Cisco IOS 12.3 (4)T2
Cisco IOS 12.3 (4)T1
Cisco IOS 12.3 (4)T
Cisco IOS 12.3 (2)XC2
Cisco IOS 12.3 (2)XC1
Cisco IOS 12.3 (2)T3
Cisco IOS 12.2 (23)
Cisco IOS 12.2 (21a)
Cisco IOS 12.2 (21)
Cisco IOS 12.2 (20)S1
Cisco IOS 12.2 (20)S
Cisco IOS 12.2 (12h)
Cisco IOS 12.2 (12g)
Cisco IOS 12.1(20)EO
Cisco IOS 12.1 (20)EW1
Cisco IOS 12.1 (20)EW
Cisco IOS 12.1 (20)EC1
Cisco IOS 12.1 (20)EC
Cisco IOS 12.1 (20)EA1
Cisco IOS 12.1 (20)E2
Cisco IOS 12.1 (20)E1
Cisco IOS 12.1 (20)E
Cisco IOS 12.0 (27)SV1
Cisco IOS 12.0 (27)SV
Cisco IOS 12.0 (27)S
Cisco IOS 12.0 (26)S1
Cisco IOS 12.0 (24)S5
Cisco IOS 12.0 (24)S4
Cisco IOS 12.0 (23)S5
Cisco IOS 12.0 (23)S4
Cisco ONS 15454 Optical Transport Platform 4.1 (3)
Cisco ONS 15454 Optical Transport Platform 4.1 (2)
Cisco ONS 15454 Optical Transport Platform 4.1 (1)
Cisco ONS 15454 Optical Transport Platform 4.1
Cisco ONS 15454 Optical Transport Platform 4.0 (2)
Cisco ONS 15454 Optical Transport Platform 4.0 (1)
Cisco ONS 15454 Optical Transport Platform 4.0
Cisco ONS 15454 Optical Transport Platform 3.4
Cisco ONS 15454 Optical Transport Platform 3.3
Cisco ONS 15454 Optical Transport Platform 3.2.0
Cisco ONS 15454 Optical Transport Platform 3.1.0
Cisco ONS 15454 Optical Transport Platform 3.0
不受影响系统:
Cisco IOS 12.3 (9)
Cisco IOS 12.3 (7.7)
Cisco IOS 12.3 (7)T
Cisco IOS 12.3 (6a)
Cisco IOS 12.3 (5c)
Cisco IOS 12.3 (5)B1
Cisco IOS 12.3 (4)XQ
Cisco IOS 12.3 (4)XK
Cisco IOS 12.3 (4)XH
Cisco IOS 12.3 (4)XG1
Cisco IOS 12.3 (4)XD2
Cisco IOS 12.3 (4)T4
Cisco IOS 12.3 (4)EO1
Cisco IOS 12.3 (2)XC3
Cisco IOS 12.2 (24)
Cisco IOS 12.2 (23a)
Cisco IOS 12.2 (23.6)
Cisco IOS 12.2 (22)S
Cisco IOS 12.2 (21b)
Cisco IOS 12.2 (20)S2
Cisco IOS 12.2 (12i)
Cisco IOS 12.1 (22)E1
Cisco IOS 12.1 (20)EW2
Cisco IOS 12.1 (20)EC2
Cisco IOS 12.1 (20)EA1a
Cisco IOS 12.1 (20)E3
Cisco IOS 12.0 (27)SV2
Cisco IOS 12.0 (27)S1
Cisco IOS 12.0 (26)S2
Cisco IOS 12.0 (24)S6
Cisco IOS 12.0 (23)S6
描述:
BUGTRAQ  ID: 10186
CVE(CAN) ID: CVE-2004-0714

Cisco IOS是部署非常广泛的网络操作系统。很多Cisco设备都运行IOS。

Cisco IOS在处理远程SNMP消息时存在设计问题,远程攻击者利用这个漏洞发送畸形SNMP消息引起内存破坏而导致拒绝服务。

SNMP是用于监视和管理网络设备的协议,其中消息使用UDP来对SNMP代理和管理器之间进行通信。Cisco IOS SNMP服务在处理特殊SNMP消息时不正确,可引起设备重载。

一般SNMP操作使用161/udp和162/udp端口,另外除了这些知名端口,Cisco IOS使用随机选择的范围在49152及59152/udp之间的UDP端口监听其他类型的SNMP消息。特殊构建的畸形SNMPv1和SNMPv2可触发此漏洞,而且更危险的是任何SNMPv3"恳谈"操作发感到此类端口可引起内存破坏而使设备重载,造成拒绝服务。

<*来源:Cisco PSIRT (psirt@cisco.com
  
  链接:http://www.cisco.com/warp/public/707/cisco-sa-20040420-snmp.shtml
*>

建议:
临时解决方法:

如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁:

* 关闭设备上的SNMP服务。

* 对这些端口进行访问控制。

厂商补丁:

Cisco
-----
Cisco已经为此发布了一个安全公告(cisco-sa-20040420-snmp)以及相应补丁:
cisco-sa-20040420-snmp:Vulnerabilities in SNMP Message Processing
链接:http://www.cisco.com/warp/public/707/cisco-sa-20040420-snmp.shtml

如下Cisco IOS版本不受此漏洞影响:

Cisco IOS 12.0 (27)SV2
Cisco IOS 12.0 (27)S1
Cisco IOS 12.0 (26)S2
Cisco IOS 12.0 (24)S6
Cisco IOS 12.0 (23)S6
Cisco IOS 12.1 (22)E1
Cisco IOS 12.1 (20)EW2
Cisco IOS 12.1 (20)EC2
Cisco IOS 12.1 (20)EA1a
Cisco IOS 12.1 (20)E3
Cisco IOS 12.2 (24)
Cisco IOS 12.2 (23a)
Cisco IOS 12.2 (23.6)
Cisco IOS 12.2 (22)S
Cisco IOS 12.2 (21b)
Cisco IOS 12.2 (20)S2
Cisco IOS 12.2 (12i)
Cisco IOS 12.3 (9)
Cisco IOS 12.3 (7.7)
Cisco IOS 12.3 (7)T
Cisco IOS 12.3 (6a)
Cisco IOS 12.3 (5c)
Cisco IOS 12.3 (5)B1
Cisco IOS 12.3 (4)XQ
Cisco IOS 12.3 (4)XK
Cisco IOS 12.3 (4)XH
Cisco IOS 12.3 (4)XG1
Cisco IOS 12.3 (4)XD2
Cisco IOS 12.3 (4)T4
Cisco IOS 12.3 (4)EO1
Cisco IOS 12.3 (2)XC3

拥有服务合同的客户必须连接他们常规升级渠道获得由此公告指定的免费升级软件。对于大多数拥有服务合同的客户,这意味着升级必须通过CISCO全球WEB站软件中心获得:

http://www.cisco.com/public/sw-center/.

要访问此下载URL,你必须是注册用户和必须登录后才能使用。

事先或目前与第三方支持组织,如Cisco合作伙伴、授权零售商或服务商之间已有协议,由第三方组织提供Cisco产品或技术支持的用户可免费获得升级支持。

直接从Cisco购买产品但没有Cisco服务合同的用户和由第三方厂商购买产品但无法从销售方获得已修复软件的用户可从Cisco技术支持中心(TAC)获取升级软件。TAC联系方法:

     * +1 800 553 2447 (北美地区免话费)
     * +1 408 526 7209 (全球收费)
     * e-mail: tac@cisco.com
    
查看 http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml 获取额外的TAC联系信息,包括特别局部的电话号码,各种语言的指南和EMAIL地址。

浏览次数:3568
严重程度:0(网友投票)
本安全漏洞由绿盟科技翻译整理,版权所有,未经许可,不得转载
绿盟科技给您安全的保障