|
Full Disclosure
mailing list archives
April 1st is here (joy). Subject: FW:*ALERT* NEW BID 10025 (URGENCY 9.3): Cisco CatOS Password
From: "Kurt Seifried" <listuser () seifried org>
Date: Wed, 31 Mar 2004 23:53:56 -0700
If you're going to pull an Apil 1st hoax it's gotta be a bit less obvious
then this. Although I have no doubt this will send at least a few list
members into dizzying heights of excitement (I suppose it's cheaper then a
subscription to playboy ;).
The :
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
at the top is a nice touch though, I bet some people will fall for it even
though there's nothing at the bottom.
Kurt Seifried, kurt () seifried org
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://seifried.org/security/
----- Original Message -----
From: "flair loops" <flairloops () hotmail com>
To: <full-disclosure () lists netsys com>
Sent: Wednesday, March 31, 2004 22:42
Subject: [Full-disclosure] Subject: FW:*ALERT* NEW BID 10025 (URGENCY 9.3):
Cisco CatOS Password
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Symantec Vulnerability Alert
Cisco IOS Password Prompt Unauthorized Remote Command Execution
Vulnerability
Bugtraq ID 10025
CVE CVE-MAP-NOMATCH
Published Apr 01 2004 6:22:69 PM GMT
Remote Yes
Local No
Credibility Vendor Confirmed
Classification Access Validation Error
Ease No Exploit Required
Availability Always
Authentication Not Required
Impact 9.2 Severity 8.9 Urgency Rating 9.3
Last Change Cisco has responded to this issue; see Technical
Information and References for details.
Vulnerable Systems
- ------------------
Cisco IOS 11.0
Cisco IOS 11.1 CC
Cisco IOS 11.1 CA
Cisco IOS 11.1 AA
Cisco IOS 11.1
Cisco IOS 11.2 SA
Cisco IOS 11.2 P
Cisco IOS 11.2
Cisco IOS 11.3 T
Cisco IOS 11.3
Cisco IOS 12.0 XW
Cisco IOS 12.0 XV
Cisco IOS 12.0 XU
Cisco IOS 12.0 XS
Cisco IOS 12.0 XR
Cisco IOS 12.0 XQ
Cisco IOS 12.0 XP
Cisco IOS 12.0 XN
Cisco IOS 12.0 XM
Cisco IOS 12.0 XL
Cisco IOS 12.0 XK
Cisco IOS 12.0 XJ
Cisco IOS 12.0 XI
Cisco IOS 12.0 XH
Cisco IOS 12.0 XG
Cisco IOS 12.0 XF
Cisco IOS 12.0 XE
Cisco IOS 12.0 XD
Cisco IOS 12.0 XC
Cisco IOS 12.0 XB
Cisco IOS 12.0 XA
Cisco IOS 12.0 WT
Cisco IOS 12.0 WC
Cisco IOS 12.0 W5
Cisco IOS 12.0 T
Cisco IOS 12.0 SZ
Cisco IOS 12.0 SY
Cisco IOS 12.0 SX
Cisco IOS 12.0 ST
Cisco IOS 12.0 SP
Cisco IOS 12.0 SL
Cisco IOS 12.0 SC
Cisco IOS 12.0 S
Cisco IOS 12.0 DC
Cisco IOS 12.0 DB
Cisco IOS 12.0 DA
Cisco IOS 12.0
Cisco IOS 12.1 YJ
Cisco IOS 12.1 YI
Cisco IOS 12.1 YH
Cisco IOS 12.1 YF
Cisco IOS 12.1 YE
Cisco IOS 12.1 YD
Cisco IOS 12.1 YC
Cisco IOS 12.1 YB
Cisco IOS 12.1 XZ
Cisco IOS 12.1 XY
Cisco IOS 12.1 XX
Cisco IOS 12.1 XW
Cisco IOS 12.1 XV
Cisco IOS 12.1 XU
Cisco IOS 12.1 XT
Cisco IOS 12.1 XS
Cisco IOS 12.1 XR
Cisco IOS 12.1 XQ
Cisco IOS 12.1 XP
Cisco IOS 12.1 XM
Cisco IOS 12.1 XL
Cisco IOS 12.1 XK
Cisco IOS 12.1 XJ
Cisco IOS 12.1 XI
Cisco IOS 12.1 XH
Cisco IOS 12.1 XG
Cisco IOS 12.1 XF
Cisco IOS 12.1 XE
Cisco IOS 12.1 XD
Cisco IOS 12.1 XC
Cisco IOS 12.1 XB
Cisco IOS 12.1 XA
Cisco IOS 12.1 T
Cisco IOS 12.1 M
Cisco IOS 12.1 EY
Cisco IOS 12.1 EX
Cisco IOS 12.1 EW
Cisco IOS 12.1 EV
Cisco IOS 12.1 EC
Cisco IOS 12.1 EB
Cisco IOS 12.1 EA
Cisco IOS 12.1 E
Cisco IOS 12.1 DC
Cisco IOS 12.1 DB
Cisco IOS 12.1 DA
Cisco IOS 12.1 AY
Cisco IOS 12.1 AX
Cisco IOS 12.1 AA
Cisco IOS 12.1
Cisco IOS 12.2 ZJ
Cisco IOS 12.2 ZH
Cisco IOS 12.2 ZG
Cisco IOS 12.2 ZF
Cisco IOS 12.2 ZE
Cisco IOS 12.2 ZD
Cisco IOS 12.2 ZC
Cisco IOS 12.2 ZB
Cisco IOS 12.2 ZA
Cisco IOS 12.2 YZ
Cisco IOS 12.2 YY
Cisco IOS 12.2 YX
Cisco IOS 12.2 YW
Cisco IOS 12.2 YV
Cisco IOS 12.2 YU
Cisco IOS 12.2 YT
Cisco IOS 12.2 YS
Cisco IOS 12.2 YR
Cisco IOS 12.2 YQ
Cisco IOS 12.2 YP
Cisco IOS 12.2 YO
Cisco IOS 12.2 YN
Cisco IOS 12.2 YM
Cisco IOS 12.2 YL
Cisco IOS 12.2 YK
Cisco IOS 12.2 YJ
Cisco IOS 12.2 YH
Cisco IOS 12.2 YG
Cisco IOS 12.2 YF
Cisco IOS 12.2 YD
Cisco IOS 12.2 YC
Cisco IOS 12.2 YB
Cisco IOS 12.2 YA
Cisco IOS 12.2 XW
Cisco IOS 12.2 XT
Cisco IOS 12.2 XS
Cisco IOS 12.2 XR
Cisco IOS 12.2 XQ
Cisco IOS 12.2 XN
Cisco IOS 12.2 XM
Cisco IOS 12.2 XL
Cisco IOS 12.2 XK
Cisco IOS 12.2 XJ
Cisco IOS 12.2 XI
Cisco IOS 12.2 XH
Cisco IOS 12.2 XG
Cisco IOS 12.2 XF
Cisco IOS 12.2 XE
Cisco IOS 12.2 XD
Cisco IOS 12.2 XC
Cisco IOS 12.2 XB
Cisco IOS 12.2 XA
Cisco IOS 12.2 T
Cisco IOS 12.2 SZ
Cisco IOS 12.2 SY
Cisco IOS 12.2 SX
Cisco IOS 12.2 S
Cisco IOS 12.2 MX
Cisco IOS 12.2 MC
Cisco IOS 12.2 MB
Cisco IOS 12.2 JA
Cisco IOS 12.2 DX
Cisco IOS 12.2 DD
Cisco IOS 12.2 DA
Cisco IOS 12.2 CY
Cisco IOS 12.2 CX
Cisco IOS 12.2 BZ
Cisco IOS 12.2 BX
Cisco IOS 12.2 BW
Cisco IOS 12.2 BC
Cisco IOS 12.2 B
Cisco IOS 12.2 12.2XU
Cisco IOS 12.2
Short Summary
- -------------
Some Cisco IOS versions are allegedly prone to an issue that may
permit remote attackers ot execute arbitrary commands from a password
prompt.
Impact
- ------
Remote attackers may allegedly execute shell commands on a vulnerable
device without needing to authenticate.
Technical Description
- ---------------------
It has been alleged that it is possible for remote attackers to execute
arbitrary commands without proper authorization. Reportedly it is
possible to execute shell commands from the password prompt on a device
running a vulnerable version of Cisco IOS. The attacker must be able to
connect to a vulnerable device via telnet, though it has not been ruled
out that other remote administrative services such as SSH do not also
present attack vectors.
The discoverer of this vulnerability has stated that it is possible to
exploit this issue by submitting a shell command to the password prompt,
followed by a colon and a right bracket.
Cisco has replied to this issue stating that it can be used to
execute commands, retrieve information from the device and reveal
information about traffic processed by the device. Details are available
to registered Cisco users at:
http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCdr10025
Attack Scenarios
- ----------------
The attacker must identify a vulnerable device and be able to connect to
the device via telnet.
The attacker exploits the vulnerability by submitting a properly
formatted command via the "Enter password:" prompt. This command may be
executed, potentially allowing the attacker to perform administrative
actions on the device.
Exploits
- --------
There is no exploit required.
Mitigating Strategies
- ---------------------
Block external access at the network boundary, unless service is
required by external parties.
Filter external access to devices through use of network access controls
and by only allowing trusted or internal networks and hosts to connect to
devices.
Disable any services that are not needed.
Disable remote administration services such as telnet or SSH if they are
not explicitly required to manage devices.
Solutions
- ---------
Currently we are not aware of any vendor-supplied patches for this
issue. If you feel we are in error or are aware of more recent
information, please mail us at: vuldb () securityfocus com
<mailto:vuldb () securityfocus com>.
Credit
- ------
Discovery is credited to flairloops () hotmail com
For help with interpreting the meaning of any of the sections or labels
in the alert, please visit:
https://alerts.symantec.com/help/sia-users/vulnerability-alert-pdf.htm
View public key at:
https://alerts.symantec.com/Members/gnupg-sigkey.asp
Symantec Corporation
The World Leader in Internet Security Technology and Early Warning
Solutions
Visit our website at www.symantec.com
_______________________________
Symantec Deepsight Alert Services
Powered by EnvoyWorldWide, Inc.
_________________________________________________________________
Find a cheaper internet access deal - choose one to suit you.
http://www.msn.co.uk/internetaccess
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
 By Date 
By Thread
Current thread:
| 
Intro
