I will just send this about a security vulnerability we found out about in
our implementation from 10 MB broadcast domain to a 3 layer model switched
and routed network with Gigabit backbone...
Jim
Cisco Gigabit Switch Routers (GSRs), when used with configured Fast
Ethernet/Gigabit Ethernet cards may forward traffic bypassing ACLs.
This could lead to exploitation of vulnerabilities that would normally have
been protected by the access control lists. It may also be possible for an
attacker to cause an interface on the target GSR to stop forwarding
packets, resulting in a denial of service. The evasion of ACLs has to do
with optimizations in handling of various packet types and occurs only
on the affected interfaces. This vulnerability only exists when Fast
Ethernet/Gigabit Ethernet network interface cards are used with Gigabit
Switch Routers. All versions of IOS greater than 11.2 on GSRs are
assumed to be vulnerable.
class
Failure to Handle Exceptional Conditions
cve
GENERIC-MAP-NOMATCH
remote
Yes
local
No
published
August 03, 2000
updated
August 03, 2000
vulnerable
Cisco Gigabit Switch Router 12016
Cisco Gigabit Switch Router 12012
Cisco Gigabit Switch Router 12008
Cisco IOS 12.1
Cisco IOS 12.0.7
Cisco IOS 12.0.6
Cisco IOS 12.0.5
Cisco IOS 12.0.4
Cisco IOS 12.0.3
Cisco IOS 12.0.2
Cisco IOS 12.0.1
Cisco IOS 12.0
Cisco IOS 11.3.1
Cisco IOS 11.3
Cisco IOS 11.2.8
Cisco IOS 11.2.10
Cisco IOS 11.2P
Cisco IOS 11.2
not vulnerable
Cisco IOS 12.0(8.3)SC
Cisco IOS 12.0(8.0.2)S
Cisco IOS 12.0(7.4)S
Cisco IOS 12.0(7)SC
Cisco IOS 12.0(7)S1
Cisco IOS 11.2(19)GS0.2
The following versions of IOS contain the fix for this vulnerability:
* 11.2(19)GS0.2
* 12.0(8.0.2)S
* 12.0(7)S1
* 12.0(7.4)S
* 12.0(8.3)SC
* 12.0(7)SC
Upgrade the firmware in your GSRs to any of the applicable versions
listed above.
-----Original Message-----
From: Douglas McConnell [mailto:[EMAIL PROTECTED]]
Sent: Friday, August 11, 2000 9:50 AM
To: Cisco Groupstudy
Cc: [EMAIL PROTECTED]
Subject: ATM Lane & Gigabit Ethernet
Team:
We are upgrading our network to Gigabit Ethernet from
ATM Lane. Are any of you aware of any known problems
or caveats in implementing this migration
successfully?
=====
Please Reply to: [EMAIL PROTECTED]
-------------------------------------------------------
Douglas A. McConnell
BV Solutions Group, Inc. - A Black & Veatch Company
Network Communications Specialist IV
Cisco Certified Network Associate
A+ Certified Technician
__________________________________________________
Do You Yahoo!?
Kick off your party with Yahoo! Invites.
http://invites.yahoo.com/
___________________________________
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
___________________________________
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]