NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Secunia Advisories> 2003-q2

[sec-adv] Cisco IOS SAA / RTR Denial of Service

From: Secunia Security Advisories (sec-advsecunia.com)
Date: Thu May 15 2003 - 15:32:31 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

TITLE:
Cisco IOS SAA / RTR Denial of Service

READ ONLINE:
http://www.secunia.com/advisories/8787/

CRITICAL:
Moderately critical

IMPACT:
DoS

WHERE:
From remote

OPERATING SYSTEM:
Cisco IOS 12.x
Cisco IOS R12.x

DESCRIPTION:
A Denial of Service vulnerability has been identified in the SAA
(Service Assurance Agent) previously called RTR (Response Time
Reporter) service on Cisco IOS.

It is possible to crash the router by sending a malformed SAA / RTR
packet.

SAA / RTR is not enabled by default.

The following versions are vulnerable:
12.0S, SC, ST, SL, SP, SX
12.1, E, EA, EC, EX, EY
12.2, DA, S

SOLUTION:
Possible workarounds is to disable the service or apply appropriate
ACLs that filters access to the SAA / RTR service except from trusted
IP addresses.

How to disable SAA / RTR (from Cisco advisory):
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#no rtr responder
Router(config)#exit
Router#copy running-config startup-config

Simple sample ACL (from Cisco advisory):
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#access-list 101 deny udp any any eq 1967
Router(config)#interface eth0
Router(config)#ip access-group 101 in

Cisco has issued updates for certain releases, see the advisory for
detailed information:
http://www.cisco.com/warp/public/707/cisco-sa-20030515-saa.shtml

The updates are available from:
http://www.cisco.com/tacpage/sw-center/

ORIGINAL ADVISORY:
http://www.cisco.com/warp/public/707/cisco-sa-20030515-saa.shtml

----------------------------------------------------------------------

Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

Contact details:
Web : http://www.secunia.com/
E-mail : supportsecunia.com
Tel : +44 (0) 20 7016 2693
Fax : +44 (0) 20 7637 0419

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories

----------------------------------------------------------------------

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]