信息提供: | 安全公告(或线索)提供热线:51cto.editor@gmail.com |
漏洞类别: | 有效性检查错误 |
攻击类型: | 拒绝服务攻击 |
发布日期: | 2003-05-15 |
更新日期: | 2003-05-20 |
受影响系统: | Cisco 1000 Cisco 12000 Cisco 1400 Cisco 1500 Cisco 1600 Cisco 1700 Cisco 2500 Cisco 2600 Cisco 3000 Cisco 3600 Cisco 3800 Cisco 4000 Cisco 4500 Cisco 4700 Cisco 6400 Cisco 6400 Cisco 6400 NRP2 Cisco 7000 Cisco 7200 Cisco 800 Cisco IOS 12.2 YH Cisco IOS 12.2 YG Cisco IOS 12.2 YF Cisco IOS 12.2 YC Cisco IOS 12.2 YB Cisco IOS 12.2 YA Cisco IOS 12.2 XM Cisco IOS 12.2 XL Cisco IOS 12.2 XK Cisco IOS 12.2 XJ Cisco IOS 12.2 XI Cisco IOS 12.2 XH Cisco IOS 12.2 XE Cisco IOS 12.2 XD Cisco IOS 12.2 XC Cisco IOS 12.2 S Cisco IOS 12.2 MB Cisco IOS 12.2 DA Cisco IOS 12.2 BZ Cisco IOS 12.2 BY Cisco IOS 12.2 BC Cisco IOS 12.2 (7a) Cisco IOS 12.2 (7)DA Cisco IOS 12.2 (7) Cisco IOS 12.2 (4)B Cisco IOS 12.2 Cisco IOS 12.1 YC Cisco IOS 12.1 YB Cisco IOS 12.1 XG Cisco IOS 12.1 XF Cisco IOS 12.1 EY Cisco IOS 12.1 EX Cisco IOS 12.1 EW Cisco IOS 12.1 EC Cisco IOS 12.1 EA Cisco IOS 12.1 E Cisco IOS 12.1 (12b) Cisco IOS 12.1 (11b) Cisco IOS 12.1 (11) Cisco IOS 12.1 (10a) Cisco IOS 12.1 (10)E Cisco IOS 12.1 (10)E Cisco IOS 12.1 (10)E Cisco IOS 12.1 Cisco IOS 12.0 XE Cisco IOS 12.0 WC Cisco IOS 12.0 SY Cisco IOS 12.0 SX Cisco IOS 12.0 ST Cisco IOS 12.0 SP Cisco IOS 12.0 SL Cisco IOS 12.0 SC Cisco IOS 12.0 S Cisco IOS 12.0 (21)S Cisco IOS 12.0 (21)S Cisco IOS 12.0 (21)S Cisco IOS 12.0 (19)S Cisco IOS 12.0 (19)S Cisco IOS 12.0 (18)S Cisco IOS 12.0 (17)S Cisco Router 770.0 Cisco Router 760.0 Cisco Router 7500.0 Cisco Router 750.0 Cisco Router 7200.0 Cisco Router 7100.0 Cisco Router 6600.0 Cisco Router 4000.0 Cisco Router 3660.0 Cisco Router 3600.0 Cisco Router 2600.0 Cisco Router 2500.0 |
安全系统: | 无 |
漏洞报告人: | Cisco Security Advisory |
漏洞描述: | BUGTRAQ ID: 7607 Service Assurance Agent (SAA)在CISCO系统中是原来"响应时间报告器Response Time Reporter (RTR)"的新名称。 CISCO路由器在处理畸形Service Assurance Agent包时存在问题,远程攻击者可以利用这个漏洞对设备进行拒绝服务攻击。 RTR允许用户监视网络性能,网络资源和通过衡量响应时间来判断应用程序性能,利用这个特征可以进行故障排除,问题通告,问题分析等操作。攻击者通过发送畸形Service Assurance Agent包,可导致使用RTR的设备崩溃,停止对正常通信的响应。 要验证是否似乎用了RTR responder,可使用如下命令验证: Router>show rtr responder RTR Responder is: Enabled Number of control messages received: 0 Number of errors: 0 Recent sources: Recent error sources: 如果注意到 有"RTR Responder is: Enabled," 一行,说明你的设备存在此漏洞。 用户也可以使用如下过程: Router>show ip socket show ip socket Proto Remote Port Local Port In Out Stat TTY OutputIF .... 17 0.0.0.0 0 10.0.0.1 1967 0 0 89 0 注意到如果路由器监听1967端口,说明你的设备存在此漏洞。 此漏洞CISCO BUG ID为:CSCdx17916和CSCdx61997。 |
测试方法: | 无 |
解决方法: | 临时解决方法: 如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁: * 使用如下命令不使用RTR: Router#conf t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#no rtr responder Router(config)#exit Router#copy running-config startup-config 或设置规则过滤来自不信任网络到UDP 1967的端口: Router#conf t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#access-list 101 deny udp any any eq 1967 Router(config)#interface eth0 Router(config)#ip access-group 101 in 厂商补丁: Cisco ----- Cisco已经为此发布了一个安全公告(cisco-sa-20030515-saa)以及相应补丁: cisco-sa-20030515-saa:Cisco Security Advisory:燙isco Security Advisory: Cisco IOS Software Processing of SAA Packets 链接:http://www.cisco.com/warp/public/707/cisco-sa-20030515-saa.shtml 联系供应商升级固件: Cisco IOS 12.0 XE: Cisco Upgrade IOS 12.2 Cisco IOS 12.0 WC: Cisco Upgrade IOS 12.0(5)WCa http://www.cisco.com/ Cisco IOS 12.0 SY: Cisco Upgrade IOS 12.0(22)SY http://www.cisco.com/ Cisco IOS 12.0 ST: Cisco Upgrade IOS 12.0(19)ST5 Cisco Upgrade IOS 12.0(21)ST2 Cisco IOS 12.0 SL: Cisco Upgrade IOS 12.0ST Cisco Upgrade IOS 12.0S Cisco IOS 12.0 SC: Cisco Upgrade IOS 12.1EC Cisco IOS 12.0 S: Cisco Upgrade IOS 12.0(21)S3 Cisco IOS 12.1 YC: Cisco Upgrade IOS 12.1(4)T http://www.cisco.com/ Cisco IOS 12.1 YB: Cisco Upgrade IOS 12.1(2)T http://www.cisco.com/ Cisco IOS 12.1 XG: Cisco Upgrade IOS 12.2 Cisco Upgrade IOS 12.1(1)T http://www.cisco.com/ Cisco IOS 12.1 XF: Cisco Upgrade IOS 12.2 Cisco IOS 12.1 EX: Cisco Upgrade IOS 12.1(11b)EX http://www.cisco.com/ Cisco IOS 12.1 EW: Cisco Upgrade IOS 12.1(11b)EW(0.46) http://www.cisco.com/ Cisco Upgrade IOS 12.1(11b)EW http://www.cisco.com/ Cisco IOS 12.1 EC: Cisco Upgrade IOS 12.1(12c)EC http://www.cisco.com/ Cisco IOS 12.1 EA: Cisco Upgrade IOS 12.1(8)EA1c http://www.cisco.com/ Cisco IOS 12.1 E: Cisco Upgrade IOS 12.1(13)E http://www.cisco.com/ Cisco IOS 12.1: Cisco Upgrade IOS 12.1(18) Cisco IOS 12.2 YH: Cisco Upgrade IOS 12.2(4)YH http://www.cisco.com/tac Cisco IOS 12.2 YG: Cisco Upgrade IOS 12.2(4)YG http://www.cisco.com/tac Cisco IOS 12.2 YC: Cisco Upgrade IOS 12.2(4)YC4 http://www.cisco.com/tac Cisco IOS 12.2 YA: Cisco Upgrade IOS 12.2(4)YA3 http://www.cisco.com/tac Cisco IOS 12.2 XL: Cisco Upgrade IOS 12.2(4)XL5 http://www.cisco.com/tac Cisco IOS 12.2 XK: Cisco Upgrade IOS 12.2(2)XK3 http://www.cisco.com/tac Cisco IOS 12.2 XC: Cisco Upgrade IOS 12.2(1a)XC5 http://www.cisco.com/tac Cisco IOS 12.2 S: Cisco Upgrade IOS 12.2(11.1)S http://www.cisco.com/tac Cisco IOS 12.2 MB: Cisco Upgrade IOS 12.2(4)MB5 http://www.cisco.com/tac Cisco IOS 12.2 DA: Cisco Upgrade IOS 12.2(12)DA http://www.cisco.com/tac Cisco IOS 12.2 BZ: Cisco Upgrade IOS 12.2(15)BZ http://www.cisco.com/tac Cisco IOS 12.2 (4)B: Cisco Upgrade IOS 12.2(13.3)B http://www.cisco.com/tac Cisco IOS 12.2: Cisco Upgrade IOS 12.2(10) http://www.cisco.com/tac Cisco为所有受影响客户提供免费的软件升级来修正这些漏洞,客户只能获得和安装他们所购买的功能类别相关的技术支持。通过安装,下载,访问或使用这些软件升级,客户必须同意CISCO软件许可条例中的条例: http://www.cisco.com/public/sw-license-agreement.html 或由Cisco连接在线软件中心的声明: http://www.cisco.com/public/sw-center/sw-usingswc.shtm. 拥有服务合同的客户必须连接他们常规升级渠道获得由此公告指定的免费升级软件。对于大多数拥有服务合同的客户,这意味着升级必须通过CISCO全球WEB站软件中心获得: http://www.cisco.com/tacpage/sw-center/. 要访问此下载URL,你必须是注册用户和必须登录后才能使用。 事先或目前与第三方支持组织,如Cisco合作伙伴、授权零售商或服务商之间已有协议,由第三方组织提供Cisco产品或技术支持的用户可免费获得升级支持。 直接从Cisco购买产品但没有Cisco服务合同的用户和由第三方厂商购买产品但无法从销售方获得已修复软件的用户可从Cisco技术支持中心(TAC)获取升级软件。TAC联系方法: * +1 800 553 2447 (北美地区免话费) * +1 408 526 7209 (全球收费) * e-mail: tac@cisco.com 查看 http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml 获取额外的TAC联系信息,包括特别局部的电话号码,各种语言的指南和EMAIL地址。 |
【相 关 文 章】
相关专题
- Cisco IOS (3014篇文章)
- DoS 拒绝服务攻击 (848篇文章)
- Cisco路由器配置手册 (4829篇文章)
- Cisco交换机专题 (4303篇文章)
- 思科交换机配置 (4305篇文章)
- Cisco防火墙专题 (4625篇文章)
- Cisco认证 (2791篇文章)
- Cisco密码恢复专题 (2277篇文章)
- DDoS攻击防御与分析 (932篇文章)
- ARP攻击防范与解决方案 (1156篇文章)
论坛精华
阅读排行榜
- Cisco IOS 基本命令集(1) (353次浏览)
- Cisco IOS软件中备份和升级 (179次浏览)
- Cisco IOS的Flash Memory故障恢复方法 (129次浏览)
- Cisco IOS 网际操作系统 (121次浏览)
- switch命令汇总(1) (97次浏览)
- Cisco IOS Service Assurance Agent畸形包远 (82次浏览)
- Cisco IOS技术白皮书(1) (58次浏览)
- Cisco IOS OSPF邻居关系不能正常建立的原因和 (55次浏览)
- Cisco IOS 软件版本简介 (49次浏览)
- 简介删除IOS的CISCO IFS (48次浏览)
最新技术文档
- Cisco IOS的Flash Memory故障恢复方法 12-23
- Cisco IOS 基本命令集(1) 12-20
- Cisco IOS软件中备份和升级 12-14
- Cisco IOS Service Assurance Agent畸形包远程拒绝 07-01
- Cisco IOS OSPF路由表破坏漏洞 07-01
- Cisco IOS OSPF远程缓冲区溢出漏洞 07-01
- Cisco IOS Easy VPN Server XAUTH可绕过认证漏洞 07-01
- Cisco IOS非授权创建安全关联漏洞 07-01
- Cisco IOS RST-ACK包访问控制绕过漏洞 07-01
- Cisco IOS畸形BGP包远程拒绝服务漏洞 07-01
热门关键字导读