Document ID: 52342
Alleged Bypassing Access Control List in Cisco IOS
For Public Release 2004 May 27
Status of This Notice: FINAL
Cisco Security Procedures
This Security Notice is to address the issue reported by Igor U. Miturin originally posted at http://www.security.nnov.ru . It was alleged that Access Control Lists (ACLs) can be bypassed by sending a TCP packet with RST and ACK flags set. After working with Mr. Miturin, it has been proven that this issue was a false alarm.
The original report by Mr Miturin indicated that in Cisco IOS® 11.2(11) it was possible to bypass the ACL by sending a TCP packet with RST and ACK flags set. This was originally posted (in Russian) at http://www.security.nnov.ru/search/document.asp?docid=5974 and subsequently re-posted by several other Internet security portals and companies.
After working with Mr. Miturin, it has been proven that this issue was a false alarm. It is not possible to bypass an ACL with any packet and flag combination. 3ARA3A (the maintainer of www.security.nnov.ru site) and ISS have removed reports from their sites.
This Notice is provided on an "as is" basis and does not imply any kind of guarantee or warranty of any kind. Your use of the information on the Notice or materials linked from the Notice is at your own risk. Cisco reserves the right to change or update this notice at anytime.
Initial public release.
Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html. This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt.
- http://www.security.nnov.ru/search/document.asp?docid=5974 (in Russian)
|Updated: May 27, 2004||Document ID: 52342|