Document ID: 44226
Revision 1.1
For Public Release 2003 July 30
Contents
Summary
Affected Products
Fixed Software
Workarounds
Cisco Security Procedures
Related Information
Summary
If Hypertext Transfer Protocol (HTTP) server is enabled on a Cisco IOS® software device, it is vulnerable to a malformed HTTP GET request which contains two gigabytes of data. This will cause the router to reload with a buffer overflow condition. It may be exploited to execute arbitrary code on the router.
HTTP server is enabled on a Cisco IOS device if ip http server is present in the configuration.
Affected Products
All Cisco IOS software versions except 12.3 and 12.3T are affected. CatOS and PIX are not affected.
This vulnerability has been assigned the Cisco bug ID CSCeb50339 (registered customers only) . Workarounds are available to mitigate the effects.
This vulnerability has been discovered by FX of Phenoelit.
Fixed Software
This vulnerability is currently fixed or scheduled to be fixed in the following Cisco IOS software versions:
|
Train |
Description |
Interim |
Maintenance |
|---|---|---|---|
|
12.0S |
Core/ISO |
12.0(25.4)S1 |
12.0(26)S (2003-Aug) |
|
12.1 |
General Deployment |
12.1(22) (2003-Dec) |
|
|
12.lE |
Enterprise Support |
12.1(19.3)E (2003-Aug-01) |
12.1(20)E (2003-Sep-29) |
|
12.2 |
12.2 Mainline |
12.2(18.2) |
12.2(19) (2003-Aug-25) |
|
12.2T |
Technology Train |
12.2(15)T |
12.2(15)T5 |
|
12.2JA |
Access Point Special |
12.2(11)JA1 |
12.2(11)JA1 |
|
Note: 12.3 and 12.3T-based images are not vulnerable. |
|||
Workarounds
The workaround is to configure access lists to explicitly permit authorized hosts or networks to the http service.
The syntax for this command for routers and switches running Cisco IOS software is:
ip http access-class access-list number access-list access-list number permit host authorized host #1 access-list access-list number permit host authorized host #2 ..... access-list access-list number deny any
The access-list number in the above example needs to be in the range of 1-99.
Cisco Security Procedures
Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html. This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt.
Related Information
| Updated: Oct 13, 2004 | Document ID: 44226 |