Summary
Fixed Software
Workarounds
Cisco Security Procedures
Related Information
If the udp-small-servers command is enabled, a Cisco IOS® software device may reply to malformed udp echo packets with some of the contents stored in a router's memory. By repeatedly sending malformed udp echo packets and capturing the replies, an attacker can obtain portions of the data that is stored in a router's memory.
Workarounds are available to mitigate the effects.
This vulnerability has been fixed by the Cisco Bug ID CSCdk77834 ( registered customers only) . Below are the first Cisco IOS software releases that are not affected by this vulnerability:
12.1, 12.2, and 12.3-based images are not affected.
The workaround is to disable udp-small-services. The syntax for this command on routers and switches running Cisco IOS software is as follows:
no service udp-small-servers
The udp-small-servers command is disabled by default since Cisco IOS Software Release 11.2(1).
It is always recommended to disable unnecessary services on routers and switches. Refer to Improving Security on Cisco Routers for more information on improving router security.
Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html. This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt.
All contents are Copyright © 1992-2004 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.
| Updated: Oct 13, 2004 | Document ID: 44261 |