on that topic, the following has been circulating regaring Cisco vulnerabilities.
I think the real worry is not that some joker is going to attmept to bring down a couple of routers with a half assed exploit. The very real concern is that some more sinister group or organization might try to destroy data communications with a well thought out well planned attack. as I said previously, nobody should be getting smug or looking down their noses at Microsoft or any other OS. All OS's are vulnerable. > Subject: THREE VULNERABILITIES THREATEN CISCO SOFTWARE > > FYI > > *THREE VULNERABILITIES THREATEN CISCO SOFTWARE > Attackers can leverage a trio of unrelated problems to cause data > compromise, reboot, a denial of service, or execution of arbitrary code in > three separate pieces of Cisco Systems software. > > The first vulnerability affects the CS800 chassis system controller module > (SCM). Since the SCM waits for responses to its pings, an external flood > of SYN packets to the SCM's circuit address can fool the SCM into > rebooting the CS800, causing a denial of service. Such an attack is > possible with only a few TCP sessions over a fast Internet connection. > Cisco recommends users of models 11050, 11150 and 11800 upgrade to WebNS > 5.00.110s. Using access control lists to limit the traffic to the SCM's > circuit address is an effective mitigation. > > The second vulnerability is in the udp-small-servers service on Cisco > devices running IOS 12.0 (3.2) and earlier is the source of another > vulnerability. An attacker sending malformed UDP packets receives replies > that contain portions of the data in router memory, which could include > confidential information. Alternatively, users can disable > udp-small-servers--the default since release 11.2(1). A fix is also > available. > > A third vulnerability in releases up to 12.3 and 12.3T requires a great > deal of effort to exploit: a malformed GET request with more than 2 GB of > data directed to the IOS HTTP server can cause a buffer overflow and could > lead to the execution of arbitrary code. A workaround uses ACLs to limit > which hosts can access the http server. Software fixes and workarounds are > available from Cisco. > http://www.cisco.com/warp/public/707/cisco-sn-20030731-ios-udp-echo.shtml > > > > ""Reimer, Fred"" wrote in message news:[EMAIL PROTECTED] > I agree with you. Again, without naming names, I know several customers > that have not upgraded their IOS software to patch the IPv4 vulnerability, > and some don't even have a plan or schedule to do so! We upgraded to > appropriate code quite quickly after we were aware of the problem. > > Imagine if the recent worm had a timer set not to attack Microsoft's site, > but instead to attack Cisco routers with that vulnerability. Use a > Microsoft bug to DDoS on Cisco gear! That would have been catastrophic. > > Fred Reimer - CCNA > > > Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 > Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 > > > NOTICE; This email contains confidential or proprietary information which > may be legally privileged. It is intended only for the named recipient(s). > If an addressing or transmission error has misdirected the email, please > notify the author by replying to this message. If you are not the named > recipient, you are not authorized to use, disclose, distribute, copy, print > or rely on this email, and should immediately delete it from your computer. > > > -----Original Message----- > From: "Chuck Whose Road is Ever Shorter" [mailto:[EMAIL PROTECTED] > Sent: Saturday, August 16, 2003 11:26 PM > To: [EMAIL PROTECTED] > Subject: Re: OT Microsoft worm [7:74045] > > ""Reimer, Fred"" wrote in message > news:[EMAIL PROTECTED] > > For reasons of confidentiality I won't and can't name any names, but I am > > aware of several hospitals that were affected pretty seriously. Everyone > > here knows that Cisco Call Manager runs on Windows, so imagine what > happens > > to your entire phone infrastructure if you are running VoIP. Network > grinds > > to a halt and admitting can't access the applications to admit people in > the > > ER. Lab orders don't go through, so meds can't be dispersed based on the > > results of tests. Everything goes back to a paper fall-back scheme until > > the Windows administrators patch the systems like they should have done > > weeks ago. > > > > So no, don't assume that even large organizations have a handle on things. > > Especially hospitals which are notoriously on the low end as far as > > adequately staffing, at the right levels, their IT staff. > > > > One thing I sincerely hope is changed in our lexicon is calling Windows > > administrators "network administrators." It makes me physically ill, > > because those folks don't "administer" the "network," if anything they > > actually do can be classified as competent administration. They should be > > called what they are "systems administrators," or, if you want to be more > > specific, "Windows administrators." I personally think they deserve a > > classification of their own. > > > > All I can say is that the Windows systems that our group has to use and is > > responsible for were patched long ago, and did not exhibit any issues. > > > in fairness to all, Cisco is starting to be hit with attacks geared > specifically towards Cisco routers and Cisco IOS. Seems to me I saw a couple > of serious attacks announced the other day. > > We can chuckle and snicker and point fingers at Microsoft, but all vendors > are vulnerable. When the hacker community wants to turn its attention to > Linux, or Solaris, or MacOS, those systems will take it in the shorts too. > > > > > > > Fred Reimer - CCNA > > > > > > Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 > > Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 > > > > > > NOTICE; This email contains confidential or proprietary information which > > may be legally privileged. It is intended only for the named recipient(s). > > If an addressing or transmission error has misdirected the email, please > > notify the author by replying to this message. If you are not the named > > recipient, you are not authorized to use, disclose, distribute, copy, > print > > or rely on this email, and should immediately delete it from your > computer. > > > > > > -----Original Message----- > > From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED] > > Sent: Saturday, August 16, 2003 1:22 PM > > To: [EMAIL PROTECTED] > > Subject: OT Microsoft worm [7:74045] > > > > Just wondering, is this new LOVSAN msblast worm as big as it seems to be? > > I've been helping lots of Windows users clean up their machines. They all > > had the worm. These are mostly home users. I can't believe they would use > > broadband, "always-on" access and not have a firewall, but they didn't! > > > > What are you all seeing? Is this a big one? I suppose enterprise networks > > are much better protected (hopefully) than the home networks I've been > > helping out with. > > > > One has to wonder if the huge power outage could be related. I can imagine > a > > Windows computer somewhere in Ohio that played a surprisingly important > role > > in keeping the grid working and had been infected..... But I read a lot of > > science fiction. :-) > > > > By the way, the stupid worm is attacking the wrong Microsoft URL! So that > > aspect of it isn't going to be as bad as once thought. > > > > Comments? > > > > Priscilla > > **Please support GroupStudy by purchasing from the GroupStudy Store: > > http://shop.groupstudy.com > > FAQ, list archives, and subscription info: > > http://www.groupstudy.com/list/cisco.html > > **Please support GroupStudy by purchasing from the GroupStudy Store: > > http://shop.groupstudy.com > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > **Please support GroupStudy by purchasing from the GroupStudy Store: > http://shop.groupstudy.com > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > **Please support GroupStudy by purchasing from the GroupStudy Store: > http://shop.groupstudy.com > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74134&t=74045 -------------------------------------------------- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
