I have been happy with 6.3(4). I would want to hold off on the 7.1(1). No experience with it, but it seems on the Cats early revisions can sometimes be flaky.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Tay Chee Yong Sent: Wednesday, January 30, 2002 8:00 AM To: [EMAIL PROTECTED] Subject: Re: FW: [INFOCON] - UNIRAS Briefing - 23/02 - Cisco - CatOS [7:33684] Hi, Someone has any idea which CatOS for Cat6k is a stable release? I am currently using Release 6.1(1d), and I need to upgrade it. I am also looking at Release 7.1(1) with SSH support. Any advise from the experts out there?? Thanks Regards, Cheeyong At 08:48 AM 1/30/02 -0500, Hire, Ejay wrote: >-----BEGIN PGP SIGNED MESSAGE----- > >- ------------------------------------------------------------------------- - >-------- > UNIRAS (UK Govt CERT) Briefing Notice - 23/02 dated 30.01.02 Time: 09:32 > UNIRAS is part of NISCC(National Infrastructure Security Co-ordination >Centre) >- ------------------------------------------------------------------------- - >-------- > UNIRAS material is also available from its website at www.uniras.gov.uk >and > Information about NISCC is available from www.niscc.gov.uk >- ------------------------------------------------------------------------- - >-------- > >Title >===== >Cisco CatOS Telnet Buffer Vulnerability > >Detail >====== > >- -----BEGIN PGP SIGNED MESSAGE----- > >Cisco Security Advisory: Cisco CatOS Telnet Buffer Vulnerability >================================================================ > >Revision 1.0 > >For Public Release 2002 January 29 at 1500 UTC > >- - ----------------------------------------------------------------------- - >------- > >Summary >- - ------- >Some Cisco Catalyst switches, running certain CatOS based software releases, >have a vulnerability wherein a buffer overflow in the telnet option handling >can cause the telnet daemon to crash and result in a switch reload. This >vulnerability can be exploited to initiate a denial of service (DoS) attack. > >This vulnerability is documented as Cisco bug ID CSCdw19195. There are >workarounds available to mitigate the vulnerability. > >This advisory will be posted at http://www.cisco.com/warp/public/707/ >catos-telrcv-vuln-pub.shtml . > >Affected Products >- - ----------------- >Cisco's various Catalyst family of switches run CatOS-based releases or >IOS-based releases. IOS-based releases are not vulnerable. > >The following Cisco Catalyst Switches are vulnerable : > > * Catalyst 6000 series > * Catalyst 5000 series > * Catalyst 4000 series > * Catalyst 2948G > * Catalyst 2900 > >For the switches above, the following CatOS based switch software revisions >are >vulnerable. > >+-------------------------------------------------------------------------- - >--+ >| | Release 4 | Release 5 | Release 6 | Release 7 >| >| | code base | code base | code base | code base >| >|---------------+---------------+---------------+--------------+----------- - >--| >| Catalyst 6000 | Not | earlier than | earlier than | earlier >than | >| series | Applicable | 5.5(13) | 6.3(4) | 7.1(2) >| >|---------------+---------------+---------------+--------------+----------- - >--| >| Catalyst 5000 | earlier than | earlier than | earlier than | Not >| >| series | 4.5(13a) | 5.5(13) | 6.3(4) | Applicable >| >|---------------+---------------+---------------+--------------+----------- - >--| >| Catalyst 4000 | All releases | earlier than | earlier than | earlier >than | >| series | | 5.5(13) | 6.3(4) | 7.1(2) >| >+-------------------------------------------------------------------------- - >--+ > >To determine your software revision, type show version at the command line >prompt. > >Not Affected Products >- - --------------------- >The following Cisco Catalyst Switches are not vulnerable : > > * Catalyst 8500 series > * Catalyst 4800 series > * Catalyst 4200 series > * Catalyst 3900 series > * Catalyst 3550 series > * Catalyst 3500 XL series > * Catalyst 4840G > * Catalyst 4908G-l3 > * Catalyst 2948G-l3 > * Catalyst 2950 > * Catalyst 2900 XL > * Catalyst 2900 LRE XL > * Catalyst 2820 > * Catalyst 1900 > >No other Cisco product is currently known to be affected by this >vulnerability. > >Details >- - ------- >Some Cisco Catalyst switches, running certain CatOS-based software releases, >have a vulnerability wherein a buffer overflow in the telnet option handling >can cause the telnet daemon to crash and result in a switch reload. This >vulnerability can be exploited to initiate a denial of service (DoS) attack. >Once the switch has reloaded, it is still vulnerable and the attack can be >repeated as long as the switch is IP reachable on port 23 and has not been >upgraded to a fixed version of CatOS switch software. > >This vulnerability is documented as Cisco bug ID CSCdw19195, which requires >a >CCO account to view and can be viewed after 2002 January 30 at 1500 UTC. > >Impact >- - ------ >This vulnerability can be exploited to produce a denial of service (DoS) >attack. When the vulnerability is exploited it can cause the Cisco Catalyst >switch to crash and reload. > >Software Versions and Fixes >- - --------------------------- >This vulnerability has been fixed in the following switch software revisions >and the fix will be carried forward in all future releases. > >+-------------------------------------------------------------------------- - >----+ >| | Release 4 | Release 5 | Release 6 | Release >7 | >| | code base | code base | code base | code >base | >|---------------+---------------+---------------+---------------+---------- - >----| >| Catalyst 6000 | Not | 5.5(13) and | 6.3(4) and | 7.1(2) >and | >| series | Applicable | later | later | later >| >|---------------+---------------+---------------+---------------+---------- - >----| >| Catalyst 5000 | 4.5(13a) | 5.5(13) and | 6.3(4) and | Not >| >| series | | later | later | >Applicable | >|---------------+---------------+---------------+---------------+---------- - >----| >| Catalyst 4000 | Not Available | 5.5(13) and | 6.3(4) and | 7.1(2) >and | >| series | | later | later | later >| >+-------------------------------------------------------------------------- - >----+ > >All previous releases must upgrade to the above releases. CatOS switch >software >release 4.5(13a) for the Catalyst 5000 series is expected on CCO by 2002 >February 4. CatOS switch software release 7.1(2) is expected on CCO by 2002 >February 4. > >Software upgrade can be performed via the console interface. Please refer to >software release notes for instructions. > >Obtaining Fixed Software >- - ------------------------ >Cisco is offering free software upgrades to remedy this vulnerability for >all >affected customers. Customers with service contracts may upgrade to any >software release containing the feature sets they have purchased. > >Customers with contracts should obtain upgraded software through their >regular >update channels. For most customers, this means that upgrades should be >obtained through the Software Center on Cisco's Worldwide Web site at >http:// >www.cisco.com . > >Customers whose Cisco products are provided or maintained through prior or >existing agreement with third-party support organizations such as Cisco >Partners, authorized resellers, or service providers should contact that >support organization for assistance with the upgrade, which should be free >of >charge. > >Customers who purchased directly from Cisco but who do not hold a Cisco >service >contract, and customers who purchase through third party vendors but are >unsuccessful at obtaining fixed software through their point of sale, should >get their upgrades by contacting the Cisco Technical Assistance Center >(TAC). >TAC contacts are as follows: > > * +1 800 553 2447 (toll free from within North America) > * +1 408 526 7209 (toll call from anywhere in the world) > * e-mail: [EMAIL PROTECTED] > >See http://www.cisco.com/warp/public/687/Directory.shtml for additional TAC >contact information, including instructions and e-mail addresses for use in >various languages. > >Please have your product serial number available and give the URL of this >notice as evidence of your entitlement to a free upgrade. Free upgrades for >non >contract customers must be requested through the TAC. > >Please do not contact either "[EMAIL PROTECTED]" or "[EMAIL PROTECTED]" >for software upgrades. > >Workarounds >- - ----------- >The following workarounds can be implemented. > > * If ssh is available in the code base use ssh instead of Telnet and >disable > Telnet. > > For instructions how to do this please refer http://www.cisco.com/warp/ > public/707/ssh_cat_switches.html > > * Apply Access Control Lists (ACLs) on routers / switches / firewalls in > front of the vulnerable switches such that traffic destined for the >Telnet > port 23 on the vulnerable switches is only allowed from the network > management subnets. > > For an example see http://www.cisco.com/univercd/cc/td/doc/product/lan/ > cat6000/sw_5_4/msfc/acc_list.htm > >Exploitation and Public Announcements >- - ------------------------------------- >This vulnerability has been exploited to initiate Denial of Service (DoS) >attacks. > >This vulnerability was reported by TESO and is detailed at >http://www.cert.org/ >advisories/CA-2001-21.html > >Status of This Notice: Final >- - ---------------------------- >This is a final notice. Although Cisco cannot guarantee the accuracy of all >statements in this notice, all of the facts have been checked to the best of >our ability. Cisco does not anticipate issuing updated versions of this >notice >unless there is some material change in the facts. Should there be a >significant change in the facts, Cisco may update this notice. > >A standalone copy or paraphrase of the text of this security advisory that >omits the distribution URL in the following section is an uncontrolled copy, >and may lack important information or contain factual errors. > >Distribution >- - ------------ >This notice will be posted on Cisco's Worldwide Web site at http:// >www.cisco.com/warp/public/707/catos-telrcv-vuln-pub.shtml . > >In addition to Worldwide Web posting, a text version of this notice is >clear-signed with the Cisco PSIRT PGP key and is posted to the following >e-mail >and Usenet news recipients: > > * [EMAIL PROTECTED] > * [EMAIL PROTECTED] > * [EMAIL PROTECTED] > * [EMAIL PROTECTED] (includes CERT/CC) > * [EMAIL PROTECTED] > * [EMAIL PROTECTED] > * comp.dcom.sys.cisco > * Various internal Cisco mailing lists > >Future updates of this notice, if any, will be placed on Cisco's Worldwide >Web >server, but may or may not be actively announced on mailing lists or >newsgroups. Users concerned about this problem are encouraged to check the >above URL for any updates. > >Revision History >- - ---------------- >+-------------------------------------------------------------------------- - >--+ >| Revision 1.0 | 2002-Jan-29 | For Public Release 2002 January 29 at 1500 >UTC | >+-------------------------------------------------------------------------- - >--+ > >Cisco Security Procedures >- - ------------------------- >Complete information on reporting security vulnerabilities in Cisco >products, >obtaining assistance with security incidents, and registering to receive >security information from Cisco, is available on Cisco's Worldwide Web site >at >http://www.cisco.com/go/psirt . This includes instructions for press >inquiries >regarding Cisco security notices. >- - ----------------------------------------------------------------------- - >------- >This notice is copyright 2002 by Cisco Systems, Inc. This notice may be >redistributed freely after the release date given at the top of the text, >provided that redistributed copies are complete and unmodified, including >all >date and version information. >- - ----------------------------------------------------------------------- - >------- > >- -----BEGIN PGP SIGNATURE----- >Version: PGP 6.5.8 >Comment: Signed by Sharad Ahlawat, Cisco Systems PSIRT > >iQEVAwUBPFa4iw/VLJ+budTTAQGkywf9GkyUO77MFWJHqhGR+ZtNpk63NAzK4ath >TGE/GyRJlht4YXvP4sTuKgRmsBkefXRoFttN0T8G1HytxTfFP75THbh5kk2kRFYo >R4qcxM6QExs1FbJwx42MOjmD5Cyds8pdZ8ZSGdVTDe96k/0D+BNiN1oe672x1hkM >6Nrt1wnyRzKj7ZfF7NRnlN7DsR4gAPIIP0yLiP2KLJheqDnZNThANng97i9YP1Mz >gve9jAwZtiKij6mv0LDG/Jkk/NUl5VijxfuoRFM4ZvAEn8hFYDLnvPJUVb+CvKpt >3AJ3/J+MBS8EAKTM98sGr5ywp7/cQfXWZsoJAYgHbGtEs3Qy6xbK+w== >=1bxQ >- -----END PGP SIGNATURE----- > > >- ------------------------------------------------------------------------- - >-------- > >For additional information or assistance, please contact the HELP Desk by >telephone or Not Protectively Marked information may be sent via EMail to: > >[EMAIL PROTECTED] >Tel: 020 7821 1330 Ext 4511 >Fax: 020 7821 1686 > >- ------------------------------------------------------------------------- - >-------- >UNIRAS wishes to acknowledge the contributions of CISCO Systems PSIRT for >the >information contained in this briefing. >- ------------------------------------------------------------------------- - >-------- >This Briefing contains the information released by the original author. Some >of the information may have changed since it was released. If the >vulnerability >affects you, it may be prudent to retrieve the advisory from the canonical >site >to ensure that you receive the most current information concerning that >problem. > >Reference to any specific commercial product, process, or service by trade >name, trademark manufacturer, or otherwise, does not constitute or imply >its endorsement, recommendation, or favouring by UNIRAS or NISCC. The views >and opinions of authors expressed within this notice shall not be used for >advertising or product endorsement purposes. > >Neither UNIRAS or NISCC shall also accept responsibility for any errors >or omissions contained within this briefing notice. In particular, they >shall >not be liable for any loss or damage whatsoever, arising from or in >connection >with the usage of information contained within this notice. > >UNIRAS is a member of the Forum of Incident Response and Security Teams >(FIRST) >and has contacts with other international Incident Response Teams (IRTs) in >order to foster cooperation and coordination in incident prevention, to >prompt >rapid reaction to incidents, and to promote information sharing amongst its >members and the community at large. >- ------------------------------------------------------------------------- - >-------- > >-----BEGIN PGP SIGNATURE----- >Version: PGPfreeware 7.0.3 for non-commercial use > >iQCVAwUBPFe984pao72zK539AQF8JwP+IG957P0OLRBlKuCUx6K+YViGLHtYn+EI >h/iKR/RT4YVH0tck+jBPtkit88Qn+cXD5QDm5TeqPP3P/8FyYJZW6z6sqdPXRQbf >JJSQFt8XJBdVLAu1GsS1SFiF47p91G8FK1RVX68GIxCJy90jx1qbyddq1gqXU5lp >RvdoDN+TSE0= >=Mwes >-----END PGP SIGNATURE----- > > > > >IWS INFOCON Mailing List >@ IWS - The Information Warfare Site >http://www.iwar.org.uk Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33727&t=33727 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]