January 31, 2003
BBSM Server Version 5.1
BBSM Server Version 5.1 is affected by the Microsoft SQL Slammer Worm Virus.
Note: BBSM Versions 5.0 and 5.2 are not affected by the Microsoft SQL Slammer Worm Virus.
The Slammer Worm virus only affects products using Microsoft SQL/MSDE Server 2000. Only BBSM versions 5.1 and 5.2 use an embedded version of Microsoft MSDE 2000 server. Earlier versions of BBSM prior to 5.1 use an embedded version of Microsoft SQL Server 7.0. Due to additional security features in BBSM Version 5.2, BBSM Version 5.2 server is not affected by the Slammer Worm virus and BBSM Version 5.1 is the only vulnerable release in the BBSM product family.
Additional Cisco BBSM updates are available from Cisco.com.
Symptoms may vary. For BBSM Version 5.1 that are affected by the Slammer virus, these servers will experience problems resulting in poor performance or complete losses of functionality.
Tthe Building Broadband Solutions Unit (BBSU) will post the Microsoft fix (MSDE Service Pack 3) as two webpatch files: MSFix4.exe and MSFix5.exe. These files will be available in the Software Center.
Users must download and install these patches to bring their BBSM Version 5.1 servers back to a fully functional and protected state. We advise users to perform this update as soon as possible to prevent any issues from occurring.
Note: Note: Other security vulnerabilities require all versions of BBSM to receive updates from Cisco.com.
No patch is necessary to protect a BBSM Version 5.2 server from the Microsoft SQL Slammer Worm Virus. The BBSU will post other Microsoft security fixes in BBSM Version 5.2 Service Pack 1 to the Software Center.
Users must download and install this patch to bring their BBSM Version 5.2 servers to the latest fully functional and protected state.
It is recommended that users upgrade these servers to BBSM Version 5.1 or later and follow the instructions above.
Customers may also want to install access lists (ACLs) on their site router to further protect the BBSM system from outside attack. The following Cisco router commands will protect the BBSM server from further attacks:
Note: Log statement removed due to load issues on the router. If you are trying to track source addresses, use NetFlow.
access-list 115 deny udp any any eq 1433 access-list 115 deny udp any any eq 1434 access-list 115 permit ip any any int ip access-group 115 in ip access-group 115 out
Example VACL on the 6500
set security acl ip WORM deny udp any eq 1434 any set security acl ip WORM deny udp any any eq 1434 set security acl ip WORM deny udp any eq 1433 any set security acl ip WORM deny udp any any eq 1433 set security acl ip WORM permit any commit security acl WORM set security acl map WORM
Set port to vlan based:
set port qos vlan-based
show security acl info all
clear security acl WORM commit security acl WORM
For those customers running the BBSD software, they can protect their system by applying the following Microsoft patches.
Versions 5.0 and 5.1: Install Microsoft MSDE Service Pack 3, which was released January 27, 2003.
Versions 5.0, 5.1, and 5.2: Install Microsoft SQL Service Pack 3, released last week.
For More Information
If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:
Receive Email Notification For New Field Notices
Product Alert Tool - Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.