Summary
Affected Products
Details
Vulnerability Scoring Details
Impact
Software Versions and Fixes
Workarounds
Obtaining Fixed Software
Exploitation and Public Announcements
Status of this Notice: FINAL
Distribution
Revision History
Cisco Security Procedures
Cisco IOS contains multiple vulnerabilities in the Data-link Switching (DLSw) feature that may result in a reload or memory leaks when processing specially crafted UDP or IP Protocol 91 packets.
Cisco has released free software updates that address these vulnerabilities. Workarounds are available to mitigate the effects of these vulnerabilities.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080326-dlsw.shtml.
Note: The March 26, 2008 publication includes five Security Advisories. The Advisories all affect Cisco's Internetwork Operating System (IOS). Each Advisory lists the releases that correct the vulnerability described in the Advisory, and the Advisories also detail the releases that correct the vulnerabilities in all five Advisories. Please reference the following software table to find a release which fixes all published Security Advisories as of March 26th, 2008.
Individual publication links are listed below:
This security advisory applies to all Cisco products that run any version of affected Cisco IOS software configured for DLSw. Systems that contain the DLSw feature, but do not have it enabled, are not affected.
Routers enabled for DLSw contain a line in the configuration defining a local DLSw peer. This configuration can be observed by issuing the command show running-config. Systems configured for DLSw contain lines similar to the following:
dlsw local-peer
or
dlsw local-peer peer-id <IP address>
Any version of Cisco IOS prior to the versions which are listed in the Software Versions and Fixes section below is vulnerable.
To determine the version of Cisco IOS software running on a Cisco product, log in to the device and issue the show version command to display the system banner. Cisco IOS Software will identify itself as "Internetwork Operating System Software" or simply "IOS". On the next line of output, the image name will be displayed between parentheses, followed by "Version" and the IOS release name. Other Cisco devices will not have the show version command or will give different output.
The following example identifies a Cisco product running Cisco IOS Software Release 12.3(6) with an installed image name of C3640-IS-M:
Cisco Internetwork Operating System Software IOS (tm) 3600 Software (C3640-IS-M), Version 12.3(6), RELEASE SOFTWARE (fc3)
The next example shows a product running Cisco IOS Software Release 12.3(11)T3 with an image name of C3845-ADVIPSERVICESK9-M:
Cisco IOS Software, 3800 Software (C3845-ADVIPSERVICESK9-M), Version 12.3(11)T3, RELEASE SOFTWARE (fc4) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2005 by Cisco Systems, Inc.
Additional information about Cisco IOS release naming can be found at http://www.cisco.com/warp/public/620/1.html.
Cisco IOS devices that are not configured for DLSw are not vulnerable.
No other Cisco products are currently known to be affected by these vulnerabilities.
Data-link switching (DLSw) provides a means of transporting IBM Systems Network Architecture (SNA) and network basic input/output system (NetBIOS) traffic over an IP network. Cisco implementation of DLSw also uses UDP port 2067 and IP Protocol 91 for Fast Sequenced Transport (FST).
Multiple vulnerabilities exists in Cisco IOS when processing UDP and IP protocol 91 packets. These vulnerabilities do not affect TCP packet processing. A successful exploitation may result in a reload of the system or a memory leak on the device, leading to a denial of service (DoS) condition.
Cisco IOS devices configured for DLSw with dlsw local-peer automatically listen for IP protocol 91 packets. A Cisco IOS device that is configured for DLSw with the dlsw local-peer peer-id <IP-address> command listen for IP protocol 91 packets and UDP port 2067.
Cisco IOS devices listen to IP protocol 91 packets when DLSw is configured. However, it is only used if DLSw is configured for Fast Sequenced Transport (FST). A DLSw FST peer configuration will contain the following line:
dlsw remote-peer 0 fst <ip-address>
It is possible to disable UDP processing in DLSw with the dlsw udp-disable command. However, disabling UDP only prevents the sending of UDP packets, it does not prevent the device from receiving and processing incoming UDP packets.
These vulnerabilities are documented in Cisco Bug ID CSCsk73104 ( registered customers only) and have been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2008-1152.
Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding CVSS at
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html .
Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at
http://intellishield.cisco.com/security/alertmanager/cvss .
|
CSCsk73104 - Handling of malformed packets by DLSW Calculate the environmental score of CSCsk73104 |
||||||
|---|---|---|---|---|---|---|
|
CVSS Base Score - 7.8 |
||||||
|
Access Vector |
Access Complexity |
Authentication |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
|
|
Network |
Low |
None |
None |
None |
Complete |
|
|
CVSS Temporal Score - 6.4 |
||||||
|
Exploitability |
Remediation Level |
Report Confidence |
||||
|
Functional |
Official-Fix |
Confirmed |
||||
Successful exploitation of these vulnerabilities may result in the reload of the device or memory leaks, leading to a DoS condition.
When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution.
In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance.
Each row of the Cisco IOS software table (below) names a Cisco IOS release train. If a given release train is vulnerable, then the earliest possible releases that contain the fix (along with the anticipated date of availability for each, if applicable) are listed in the "First Fixed Release" column of the table. The "Recommended Release" column indicates the releases which have fixes for all the published vulnerabilities at the time of this Advisory. A device running a release in the given train that is earlier than the release in a specific column (less than the First Fixed Release) is known to be vulnerable. Cisco recommends upgrading to a release equal to or later than the release in the "Recommended Releases" column of the table.
|
Major Release |
Availability of Repaired Releases |
|
|---|---|---|
|
Affected 12.0-Based Releases |
First Fixed Release |
Recommended Release |
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Releases prior to 12.0(8)DA3 are vulnerable, release 12.0(8)DA3 and later are not vulnerable; migrate to any release in 12.2DA |
||
|
Releases prior to 12.0(7)DB are vulnerable, release 12.0(7)DB and later are not vulnerable; first fixed in 12.4 |
12.4(18a) |
|
|
Releases prior to 12.0(7)DC are vulnerable, release 12.0(7)DC and later are not vulnerable; first fixed in 12.4 |
12.4(18a) |
|
|
Releases prior to 12.0(17)S5 are vulnerable, release 12.0(17)S5 and later are not vulnerable; |
||
|
Not Vulnerable |
||
|
Not Vulnerable |
||
|
Not Vulnerable |
||
|
Not Vulnerable |
||
|
Not Vulnerable |
||
|
Not Vulnerable |
||
|
Not Vulnerable |
||
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Vulnerable; contact TAC |
12.0(3c)W5(8) |
|
|
Vulnerable; contact TAC |
||
|
Not Vulnerable |
||
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Not Vulnerable |
||
|
Releases prior to 12.0(2)XC2 are vulnerable, release 12.0(2)XC2 and later are not vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Vulnerable; first fixed in 12.1E |
||
|
Not Vulnerable |
||
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Releases prior to 12.0(4)XI2 are vulnerable, release 12.0(4)XI2 and later are not vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Releases prior to 12.0(4)XJ5 are vulnerable, release 12.0(4)XJ5 and later are not vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Not Vulnerable |
||
|
Not Vulnerable |
||
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Not Vulnerable |
||
|
Not Vulnerable |
||
|
Not Vulnerable |
||
|
Affected 12.1-Based Releases |
First Fixed Release |
Recommended Release |
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Not Vulnerable |
||
|
Releases prior to 12.1(22)AY1 are vulnerable, release 12.1(22)AY1 and later are not vulnerable; |
12.1(22)EA11 |
|
|
Not Vulnerable |
||
|
Not Vulnerable |
||
|
Not Vulnerable |
||
|
Releases prior to 12.1(4)DB1 are vulnerable, release 12.1(4)DB1 and later are not vulnerable; first fixed in 12.4 |
12.4(18a) |
|
|
Releases prior to 12.1(4)DC2 are vulnerable, release 12.1(4)DC2 and later are not vulnerable; first fixed in 12.4 |
12.4(18a) |
|
|
12.1(27b)E4 |
||
|
Releases prior to 12.1(11)EA1 are vulnerable, release 12.1(11)EA1 and later are not vulnerable; |
12.1(22)EA11 |
|
|
Not Vulnerable |
||
|
Vulnerable; migrate to any release in 12.2BC |
12.3(23)BC1 |
|
|
Not Vulnerable |
||
|
Not Vulnerable |
||
|
Not Vulnerable |
||
|
Not Vulnerable |
||
|
Vulnerable; first fixed in 12.1E |
||
|
Not Vulnerable |
||
|
Vulnerable; first fixed in 12.1E |
||
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Not Vulnerable |
||
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Not Vulnerable |
||
|
Not Vulnerable |
||
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Not Vulnerable |
||
|
Not Vulnerable |
||
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Not Vulnerable |
||
|
Not Vulnerable |
||
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Not Vulnerable |
||
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Releases prior to 12.1(3)XT2 are vulnerable, release 12.1(3)XT2 and later are not vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Not Vulnerable |
||
|
Releases prior to 12.1(5)XV1 are vulnerable, release 12.1(5)XV1 and later are not vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Not Vulnerable |
||
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Releases prior to 12.1(5)YE1 are vulnerable, release 12.1(5)YE1 and later are not vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Not Vulnerable |
||
|
Not Vulnerable |
||
|
Not Vulnerable |
||
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Not Vulnerable |
||
|
Affected 12.2-Based Releases |
First Fixed Release |
Recommended Release |
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Vulnerable; first fixed in 12.4 |
12.4(18a) |
|
|
Not Vulnerable |
||
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Vulnerable; first fixed in 12.4 |
12.4(18a) |
|
|
Not Vulnerable |
||
|
Not Vulnerable |
||
|
Not Vulnerable |
||
|
Not Vulnerable |
||
|
Not Vulnerable |
||
|
Vulnerable; first fixed in 12.4 |
12.4(18a) |
|
|
Vulnerable; first fixed in 12.4 |
12.4(18a) |
|
|
Not Vulnerable |
||
|
Not Vulnerable |
||
|
Not Vulnerable |
||
|
Releases prior to 12.2(20)EX are vulnerable, release 12.2(20)EX and later are not vulnerable; migrate to any release in 12.2SEA |
12.2(40)EX1 |
|
|
Not Vulnerable |
||
|
Not Vulnerable |
||
|
Not Vulnerable |
||
|
Not Vulnerable |
||
|
Not Vulnerable |
||
|
Vulnerable; contact TAC |
||
|
Vulnerable; contact TAC |
||
|
Vulnerable; contact TAC |
||
|
Vulnerable; contact TAC |
||
|
Vulnerable; migrate to any release in 12.2IXF |
12.2(18)IXF; Available on 31-MAR-08 |
|
|
Not Vulnerable |
||
|
Not Vulnerable |
||
|
Not Vulnerable |
||
|
12.2(15)MC2h |
12.2(15)MC2k |
|
|
12.2(25)S15 |
12.2(25)S15 |
|
|
12.2(28)SB10 12.2(31)SB9 12.2(33)SB; Available on 31-MAR-2008 |
12.2(31)SB11 |
|
|
Vulnerable; first fixed in 12.2SB; Available on 31-MAR-2008 |
12.2(31)SB11 |
|
|
Not Vulnerable |
||
|
Not Vulnerable |
||
|
Not Vulnerable |
||
|
Not Vulnerable |
||
|
Not Vulnerable |
||
|
Not Vulnerable |
||
|
Not Vulnerable |
||
|
Not Vulnerable |
||
|
Not Vulnerable |
||
|
12.2(44)SG |
12.2(44)SG |
|
|
Not Vulnerable |
||
|
Not Vulnerable |
||
|
Not Vulnerable |
||
|
Not Vulnerable |
||
|
12.2(33)SRA6 |
12.2(33)SRA7 |
|
|
12.2(33)SRB3; Available on 07-APR-2008 |
12.2(33)SRB3; Available on 14-APR-08 |
|
|
Not Vulnerable |
||
|
Vulnerable; first fixed in 12.4 |
12.4(18a) |
|
|
Releases prior to 12.2(29a)SV1 are vulnerable, release 12.2(29a)SV1 and later are not vulnerable; migrate to any release in 12.2SVA |
12.2(29b)SV |
|
|
Not Vulnerable |
||
|
Not Vulnerable |
||
|
Not Vulnerable |
||
|
Releases prior to 12.2(25)SW10 are vulnerable, release 12.2(25)SW10 and later are not vulnerable; |
||
|
Vulnerable; first fixed in 12.2SXF |
12.2(18)SXF13 |
|
|
Vulnerable; first fixed in 12.2SXF |
12.2(18)SXF13 |
|
|
Vulnerable; first fixed in 12.2SXF |
12.2(18)SXF13 |
|
|
Vulnerable; first fixed in 12.2SXF |
12.2(18)SXF13 |
|
|
Vulnerable; first fixed in 12.2SXF |
12.2(18)SXF13 |
|
|
12.2(18)SXF12 12.2(18)SXF12a |
12.2(18)SXF13 |
|
|
12.2(33)SXH1 |
12.2(33)SXH2 |
|
|
Vulnerable; first fixed in 12.2SXF |
12.2(18)SXF13 |
|
|
Vulnerable; first fixed in 12.2S |
12.2(25)S15 12.2(31)SB11 12.2(33)SRC |
|
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
12.2(8)TPC10d |
||
|
Not Vulnerable |
||
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Vulnerable; first fixed in 12.4 |
12.4(18a) |
|
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Not Vulnerable |
||
|
Not Vulnerable |
||
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Not Vulnerable |
||
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
12.2(33)XN1 |
12.3(26) |
|
|
Not Vulnerable |
||
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Not Vulnerable |
||
|
Not Vulnerable |
||
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Releases prior to 12.2(4)YA8 are vulnerable, release 12.2(4)YA8 and later are not vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Vulnerable; first fixed in 12.4 |
12.4(18a) |
|
|
Vulnerable; first fixed in 12.2S |
12.2(25)S15 12.2(31)SB11 12.2(33)SRC |
|
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Not Vulnerable |
||
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Releases prior to 12.2(8)YJ1 are vulnerable, release 12.2(8)YJ1 and later are not vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Not Vulnerable |
||
|
Vulnerable; first fixed in 12.4 |
12.4(18a) |
|
|
Vulnerable; first fixed in 12.4 |
12.4(18a) |
|
|
Vulnerable; first fixed in 12.4 |
12.4(18a) |
|
|
Vulnerable; first fixed in 12.2SXF |
12.2(18)SXF13 |
|
|
Not Vulnerable |
||
|
Not Vulnerable |
||
|
Not Vulnerable |
||
|
Not Vulnerable |
||
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Vulnerable; first fixed in 12.4 |
12.4(18a) |
|
|
Releases prior to 12.2(11)YV1 are vulnerable, release 12.2(11)YV1 and later are not vulnerable; first fixed in 12.4 |
12.4(18a) |
|
|
Vulnerable; first fixed in 12.4 |
12.4(18a) |
|
|
Vulnerable; first fixed in 12.4 |
12.4(18a) |
|
|
Vulnerable; first fixed in 12.4 |
12.4(18a) |
|
|
Vulnerable; first fixed in 12.2S |
12.2(25)S15 12.2(31)SB11 12.2(33)SRC |
|
|
Vulnerable; first fixed in 12.2SXF |
12.2(18)SXF13 |
|
|
Vulnerable; first fixed in 12.4 |
12.4(18a) |
|
|
Not Vulnerable |
||
|
Vulnerable; contact TAC |
||
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Vulnerable; first fixed in 12.4 |
12.4(18a) |
|
|
Not Vulnerable |
||
|
Releases prior to 12.2(13)ZH6 are vulnerable, release 12.2(13)ZH6 and later are not vulnerable; first fixed in 12.4 |
12.2(13)ZH11 |
|
|
Vulnerable; first fixed in 12.4 |
12.4(18a) |
|
|
Vulnerable; first fixed in 12.4 |
12.4(15)T4 12.4(18a) |
|
|
Not Vulnerable |
||
|
Vulnerable; first fixed in 12.2SXH |
12.2(33)SXH2 |
|
|
12.2(18)ZY2 |
12.2(18)ZY2 |
|
|
Affected 12.3-Based Releases |
First Fixed Release |
Recommended Release |
|
12.3(24) |
12.3(26) |
|
|
Vulnerable; first fixed in 12.4 |
12.4(18a) |
|
|
Not Vulnerable |
||
|
Vulnerable; first fixed in 12.4 |
12.4(18a) |
|
|
Not Vulnerable |
||
|
Not Vulnerable |
||
|
Not Vulnerable |
||
|
Not Vulnerable |
||
|
Not Vulnerable |
||
|
Releases prior to 12.3(8)JK1 are vulnerable, release 12.3(8)JK1 and later are not vulnerable; |
12.3(8)JK1 |
|
|
Not Vulnerable |
||
|
Not Vulnerable |
||
|
Vulnerable; first fixed in 12.4 |
12.4(18a) |
|
|
Not Vulnerable |
||
|
Vulnerable; contact TAC |
||
|
12.3(2)XA7; Available on 31-MAR-2008 |
12.3(2)XA7; Available on 31-MAR-08 |
|
|
Vulnerable; first fixed in 12.4 |
12.4(18a) |
|
|
12.3(2)XC5 |
12.4(15)T4 12.4(18a) |
|
|
Vulnerable; first fixed in 12.4 |
12.4(18a) |
|
|
12.3(2)XE6; Available on 31-MAR-2008 |
12.4(15)T4 12.4(18a) |
|
|
Vulnerable; first fixed in 12.4 |
12.4(18a) |
|
|
Vulnerable; first fixed in 12.3YG; Available on 16-JUN-2008 |
12.4(15)T4 12.4(18a) |
|
|
Vulnerable; first fixed in 12.4 |
12.4(18a) |
|
|
12.3(7)XI11; Available on 18-SEP-2008 |
||
|
Vulnerable; first fixed in 12.3YX |
12.3(14)YX11 12.4(15)T4 |
|
|
Vulnerable; first fixed in 12.4 |
12.4(18a) |
|
|
Vulnerable; first fixed in 12.4 |
12.4(18a) |
|
|
12.3(7)XR8; Available on 31-MAR-2008 |
12.3(7)XR8; Available on 31-MAR-08 |
|
|
Not Vulnerable |
||
|
Vulnerable; first fixed in 12.4T |
12.4(15)T4 |
|
|
Vulnerable; first fixed in 12.3YX |
12.3(14)YX11 12.4(15)T4 |
|
|
Not Vulnerable |
||
|
Not Vulnerable |
||
|
Not Vulnerable |
||
|
Vulnerable; first fixed in 12.3YX |
12.3(14)YX11 12.4(15)T4 |
|
|
12.3(8)YG7; Available on 16-JUN-2008 |
12.4(15)T4 |
|
|
Vulnerable; first fixed in 12.4T |
12.4(15)T4 |
|
|
Vulnerable; first fixed in 12.4T |
12.4(15)T4 |
|
|
Vulnerable; first fixed in 12.4T |
12.4(15)T4 |
|
|
Vulnerable; first fixed in 12.4T |
12.4(15)T4 |
|
|
12.3(14)YM12 |
12.3(14)YM12 |
|
|
Vulnerable; first fixed in 12.4T |
12.4(15)T4 |
|
|
12.3(11)YS3; Available on 31-MAR-2008 |
12.4(15)T4 |
|
|
Vulnerable; first fixed in 12.4T |
12.4(15)T4 |
|
|
Vulnerable; first fixed in 12.4XB |
||
|
12.3(14)YX11 |
12.3(14)YX11 |
|
|
12.3(11)YZ3 |
||
|
Affected 12.4-Based Releases |
First Fixed Release |
Recommended Release |
|
12.4(10c) 12.4(13e) 12.4(16b) 12.4(17) 12.4(3h) 12.4(8d) |
12.4(18a) |
|
|
Not Vulnerable |
||
|
Not Vulnerable |
||
|
Not Vulnerable |
||
|
Not Vulnerable |
||
|
Not Vulnerable |
||
|
Not Vulnerable |
||
|
Not Vulnerable |
||
|
Not Vulnerable |
||
|
Vulnerable; contact TAC |
12.4(15)SW |
|
|
12.4(15)T2 12.4(6)T10 12.4(9)T7 |
12.4(15)T4 |
|
|
Vulnerable; first fixed in 12.4T |
12.4(15)T4 |
|
|
12.4(2)XB6 |
||
|
Vulnerable; contact TAC |
||
|
12.4(4)XD10 |
12.4(4)XD10 |
|
|
12.4(6)XE2 |
12.4(15)T4 |
|
|
Not Vulnerable |
||
|
12.4(9)XG2 |
12.4(9)XG2 |
|
|
Vulnerable; first fixed in 12.4T |
12.4(15)T4 |
|
|
Vulnerable; first fixed in 12.4T |
12.4(15)T4 |
|
|
12.4(15)XL2 |
12.4(15)XL2 |
|
|
Not Vulnerable |
||
|
Not Vulnerable |
||
|
12.4(6)XT2 |
12.4(6)XT2 |
|
|
12.4(11)XV |
||
|
Vulnerable; contact TAC |
12.4(11)XW6 |
|
|
Not Vulnerable |
||
A special patch for Cisco IOS Software Modularity is also available for 12.2(18)SXF11 and can be downloaded from the Cisco IOS Software Modularity Patch Navigator at http://tools.cisco.com/swdf/ionpn/jsp/result.jsp?s_tarballWild=mp001-p.122-18.SXF11&reqType=cWork.
The workaround consists of filtering UDP packets to port 2067 and IP protocol 91 packets. Filters can be applied at network boundaries to filter all IP protocol 91 packets and UDP packets to port 2067 or can be applied on individual affected devices to permit such traffic only from trusted peer IP addresses. However, since both of the protocols are connectionless, it is possible for an attacker to spoof malformed packets from legitimate peer IP addresses.
As soon as DLSw is configured, the Cisco IOS device begins listening on IP protocol 91. However, this protocol is only used if DLSw is configured for Fast Sequenced Transport (FST). A DLSw FST peer configuration will contain the following line:
dlsw remote-peer 0 fst <ip-address>
If FST is used, filtering IP protocol 91 will break the operation, so filters need to permit protocol 91 traffic from legitimate peer IP addresses.
It is possible to disable UDP processing in DLSw with the dlsw udp-disable command. However, disabling UDP only prevents the sending of UDP packets, it does not prevent the receiving and processing of incoming UDP packets. To protect a vulnerable device from malicious packets via UDP port 2067, both of the following actions must be taken:
Additional mitigation techniques that can be deployed on Cisco devices within the network are available in the Cisco Applied Mitigation Bulletin companion document for this advisory:
http://www.cisco.com/warp/public/707/cisco-amb-20080326-dlsw.shtml
Control Plane Policing (CoPP) can be used to