From: Cisco Systems Product Security Incident Response Team (psirtcisco.com)
Date: Mon May 14 2007 - 15:18:36 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Response:
HTTP Full-Width and Half-Width Unicode Encoding Evasion

http://www.cisco.com/warp/public/707/cisco-sr-20070514-unicode.shtml

Revision 1.0

For Public Release 2007 May 14 2000 UTC (GMT)

- -----------------------------------------------------------------------

Cisco Response
==============

The U.S. Computer Emergency Response Team (US-CERT) has reported a
network evasion technique using full-width and half-width unicode
characters that affects several Cisco products. The US-CERT advisory is
available at the following link:

http://www.kb.cert.org/vuls/id/739224

By encoding attacks using a full-width or half-width unicode character
set, an attacker can exploit this vulnerability to evade detection by
an Intrusion Prevention System (IPS) or firewall. This may allow the
attacker to covertly scan and attack systems normally protected by an
IPS or firewall.

This response is posted at the following link:

http://www.cisco.com/warp/public/707/cisco-sr-20070514-unicode.shtml

Additional Information
======================

The following Cisco products are affected by this vulnerability (all
versions are affected unless a specific version is explicitly
mentioned):

  * Cisco Intrusion Prevention System (IPS): Cisco Bug ID CSCsi58602
  * Cisco IOS with Firewall/IPS Feature Set: Cisco Bug ID CSCsi67763

The Cisco PSIRT is not aware of any malicious use of the vulnerability
described in this document.

This issue was reported to Cisco by US-CERT. The original issue was
reported to US-CERT by Fatih Ozavci and Caglar Cakici of Gamasec
Security. Cisco would like to thank US-CERT, Fatih Ozavci and Caglar
Cakici for bringing this issue to our attention.

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY
KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT
YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS
DOCUMENT AT ANY TIME.

Revision History
================

+------------------------------------------------------+
| Revision 1.0 | 2007-May-14 | Initial public release |
+------------------------------------------------------+

Cisco Security Procedures
=========================

Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and registering
to receive security information from Cisco, is available on Cisco's
worldwide website at
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html.
This includes instructions for press inquiries regarding Cisco security
notices. All Cisco security advisories are available at
http://www.cisco.com/go/psirt.

- -----------------------------------------------------------------------
All contents are Copyright 2006-2007 Cisco Systems, Inc. All rights
reserved.
- -----------------------------------------------------------------------

Updated: May 14, 2007 Document ID: 91767

- -----------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFGSL+d8NUAbBmDaxQRAihTAKCAOtPHDXhrsIiTUBsDqyjGlD9+9ACgjQFM
ldBr8czr5LIQV+l18bKUYfs=
=6GW2
-----END PGP SIGNATURE-----
_______________________________________________
cust-security-announce mailing list
cust-security-announcecisco.com
To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leavecisco.com

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]