[apops] FYI: Major Cisco security notice (CSCdj43337) Wednesday

  • To: <bgreene at cisco dot com>
  • Subject: [apops] FYI: Major Cisco security notice (CSCdj43337) Wednesday
  • From: "Barry Raveendran Greene" <bgreene at cisco dot com>
  • Date: Sun, 16 Aug 1998 09:15:45 +0800
  • Importance: Normal
  • Reply-to: <bgreene@cisco.com>
  • Sender: owner-apops@apnic.net
    • 
      [Apologies for duplicates.]
      
      Hello Everyeone,
      
      In case you have not seen this Security notice on the CERT, FIRST, NANOG, or
      BUGTRAQ mailing list ..... I've forward this to the various ISP Operations
      list
      in the region.
      
      An error in Cisco IOS software makes it possible for untrusted,
      unauthenticated
      users who can gain access to the login prompt of a router or other Cisco IOS
      device, via any means, to cause that device to crash and reload.
      
      This applies only to devices running classic Cisco IOS software. This
      includes
      most Cisco routers with model numbers greater than or equal to 1000, but
      does
      not include the 7xx series, the Catalyst LAN switches, WAN switching
      products
      in the IGX or BPX lines, the AXIS shelf, early models of the LS1010 or
      LS2020
      ATM switches, or any host-based software.
      
      Who Is Affected
      - ---------------
      
      All users of classic Cisco IOS software versions 9.1 and later, but earlier
      than the repaired versions listed in the "Details" section of this notice,
      whose devices can be connected to interactively by untrusted users, are
      affected by this vulnerability. It is not necessary to be able to actually
      log
      in to exploit this vulnerability; simply establishing a terminal connection
      is
      sufficient.
      
      Note that some of the repaired software has been in the field for some time;
      you may already have installed it. Please check your software version number
      before assuming that you are affected.
      
      Most ISPs using the 11.1CA/11.1CC code train are not effected. This has been
      fixed for some time in those IOS code trains.
      
      It will be released at 08:00 US/Pacific.
      
      Text is at:
      
      http://www-tac.cisco.com/Support_Library/Software/Ios/General/Alerts/ioslogi
      n-p
      ub.html
      
      or via the CERT Vendor-Initiated Bulletin VB-98.08
      
      
      ISP Whitepaper w/ Security Section
      - ----------------------------------
      
      A new version of the whitepaper "Essentical IOS Features Every ISP Should
      Consider" is pre-posted on my www.employees.org Web site. It has a huge
      section
      on security for ISPs and special adendium for using ACLs to close off access
      to
      your login in prompt.
      
      http://www.employees.org/~bgreene/IOSEssentialsPDF.zip
      
      If you have any questions, please contact your local Cisco SE.
      
      Barry
      
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      Help Map the Internet - RFC 1876 - http://www.caida.org/Tools/iptll.html
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      --
      Barry Raveendran Greene                    |       ||        ||        |
      Senior Consultant                          |       ||        ||        |
      Corporate Consulting                       |      ||||      ||||       |
      Office of the CTO                          |  ..:||||||:..:||||||:..   |
      e-mail: bgreene at cisco dot com                  |  C i s c o S y s t e m s  |
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      PGP Public Key is registered at http://pgp5.ai.mit.edu/
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      *             APOPS: Asia Pacific Operations Forum              *
      * To unsubscribe: send "unsubscribe" to apops-request at apnic dot net *