FYI for anyone using the Arrowpoint content delivery switches ----- Original Message ----- From: "Cisco Systems Product Security Incident Response Team" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Wednesday, April 04, 2001 10:30 AM Subject: Cisco Security Advisory: Cisco Content Services Switch User Account Vulnerability > > > -----BEGIN PGP SIGNED MESSAGE----- > > Cisco Security Advisory: Cisco Content Services Switch User Account > Vulnerability > ========================================================================== > > Revision 1.0 > > For Public Release 2001 April 04 08:00 (UTC -0700) > > ------------------------------------------------------------------------ > > Summary > ======= > > The Cisco Content Services (CSS) switch product, also known as Arrowpoint, > has a security vulnerability in a previous release that allows > non-privileged users to escalate their privilege level, permitting them > configuration ability on affected units. This vulnerability can only be > exercised from a valid user account. > > To remove the vulnerability, Cisco is offering free software upgrades to > revision 4.01B19s for all affected platforms. This defect is documented as > Cisco bug ID CSCdt32570. > > This advisory is available at > http://www.cisco.com/warp/public/707/arrowpoint-useraccnt-debug-pub.shtml. > > Affected Products > ================= > > The CSS switch is also known as the Arrowpoint product, and runs the Cisco > WebNS Software. > > Cisco CSS 11050, CSS 11150, and CSS 11800 hardware platforms are affected > by this vulnerability. No other Cisco products are affected by this > vulnerability. > > If the switch is running a version prior to 4.01B19s, then it is affected > and should be upgraded as soon as possible. You may type version at the > command line to find out software version number. > > Details > ======= > > A non-privileged user can issue a series of keystrokes to enter the debug > mode, and from that mode can gain administrative access. > > Impact > ====== > > This vulnerability allows a non-privileged user to become a super-user, > allowing unauthorized access to important files such as the configuration > files, and directory structure information. If access to the command line > interface is well protected and restricted, these vulnerabilities are > minimized. > > Cisco Bug ID CSCdt32570 describes this vulnerability. > > Software Versions and Fixes > =========================== > > CSCdt32570 is resolved in version 4.01B19s of Cisco WebNS software. > Non-privileged users can no longer enter debug mode. > > Obtaining Fixed Software > ======================== > > Cisco is offering free software upgrades to eliminate this vulnerability > for all affected customers. > > Customers with contracts should obtain upgraded software through their > regular update channels. For most customers, this means that upgrades > should be obtained through the Software Center on Cisco's Worldwide Web > site at http://www.cisco.com. Specifically, this fix can be found at > http://www.cisco.com/cgi-bin/tablebuild.pl/webns. Customers whose Cisco > products are provided or maintained through prior or existing agreement > with third-party support organizations such as Cisco Partners, authorized > resellers, or service providers should contact that support organization > for assistance with the upgrade, which should be free of charge. > > Customers without contracts should get their upgrades by contacting the > Cisco Technical Assistance Center (TAC). TAC contacts are as follows: > > * +1 800 553 2447 (toll-free from within North America) > * +1 408 526 7209 (toll call from anywhere in the world) > * e-mail: [EMAIL PROTECTED] > > See http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml for > additional TAC contact information, including instructions and e-mail > addresses for use in various languages. > > Give the URL of this notice as evidence of your entitlement to a free > upgrade. Free upgrades for non-contract customers must be requested through > the TAC. Please do not contact either "[EMAIL PROTECTED]" or > "[EMAIL PROTECTED]" for software upgrades. > > Workarounds > =========== > > Access control lists can be applied to restrict access to the Cisco CSS > device, as well as additional firewall or access lists to restrict > connection to the management interface. Access control lists also affect > traffic to the Virtual interface of the Cisco CSS device, so must be > applied with care. For further details on configuring access lists, please > refer to the product documentation: > > http://www.cisco.com/univercd/cc/td/doc/product/webscale/css/bsccfggd/profil es > .htm > > http://www.cisco.com/univercd/cc/td/doc/product/webscale/css/advcfggd/sgacle ql > .htm > > Additionally, the use of SSH to prevent snooping of the management traffic > to the device is encouraged. > > Telnet service can also be disabled. This is not a feasible option for many > customers in a co-location environment, but it is included in this section > for customers that may have the ability to implement this configuration. > > CS150(config)# telnet access disabled > > Exploitation and Public Announcements > ===================================== > > Cisco knows of no public announcements or discussion of this vulnerability > before the date of this notice. Cisco has had no reports of malicious > exploitation of this vulnerability. This bug was identified and reported by > Cisco's own technical support staff. > > Status of This Notice: FINAL > ============================ > > This is a final field notice. Although Cisco cannot guarantee the accuracy > of all statements in this notice, all of the facts have been checked to the > best of our ability. Cisco does not anticipate issuing updated versions of > this notice unless there is some material change in the facts. Should there > be a significant change in the facts, Cisco may update this notice. > > Distribution > ============ > > This notice will be posted on Cisco's Worldwide Web site at > http://www.cisco.com/warp/public/707/arrowpoint-useraccnt-debug-pub.shtml. > In addition to Worldwide Web posting, a text version of this notice is > clear-signed with the Cisco PSIRT PGP key and is posted to the following > e-mail and Usenet news recipients: > > * [EMAIL PROTECTED] > * [EMAIL PROTECTED] > * [EMAIL PROTECTED] > * [EMAIL PROTECTED] (includes CERT/CC) > * [EMAIL PROTECTED] > * [EMAIL PROTECTED] > * comp.dcom.sys.cisco > * Various internal Cisco mailing lists > > Future updates of this notice, if any, will be placed on Cisco's Worldwide > Web server, but may or may not be actively announced on mailing lists or > newsgroups. Users concerned about this problem are encouraged to check the > URL given above for any updates. > > Revision History > ================ > > Revision 2001-04-04Initial public release > 1.0 > > Cisco Security Procedures > ========================= > > Complete information on reporting security vulnerabilities in Cisco > products, obtaining assistance with security incidents, and registering to > receive security information from Cisco, is available on Cisco's Worldwide > Web site at > http://www.cisco.com/warp/public/707/sec_incident_response.shtml. This > includes instructions for press inquiries regarding Cisco security notices. > > ------------------------------------------------------------------------ > > This notice is Copyright 2001 by Cisco Systems, Inc. This notice may be > redistributed freely after the release date given at the top of the text, > provided that redistributed copies are complete and unmodified, and include > all date and version information. > > ------------------------------------------------------------------------ > > -----BEGIN PGP SIGNATURE----- > Version: PGP 7.0 > > iQEVAwUBOstK7miN3BRdFxkbAQEXYQgAmUyG3Z2jWnIZf4Y85PFi56gr7JrC9ZxA > Ks5uxzEvL6NHPZLtsHErUzam8gsFdYPBVAL1Xc76Yg2BVW1hAHnsdL6rzgFoU2XZ > 04swdONcoYorzd4GzcZc4d3Pl/u9+8H+WxrE4WjyJVH4f730i79t7Y3KMRj/VnXE > WkHUltDuJSd5jGiCEK4Y/Rh40Ijj0gU+Qm3oNFLSPUZ22t/xFdoyWWjbEY1R5VLK > qlvmK5D7jvBJ350SwPd7vI1rmSL6xxCGO15OOKPSEIrXjn4u2J4xZIUgb0Xe+OFU > C8VRPj4Q4oKHCbAdjHssT/xlh93nBxQq4UlbK5zx+mFxeyI0lRayew== > =CIrC > -----END PGP SIGNATURE----- _________________________________ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]