|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[SA19553] Cisco Optical Networking System 15000 Series Multiple Vulnerabilities
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Thu Apr 06 2006 - 03:17:05 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
TITLE:
Cisco Optical Networking System 15000 Series Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA19553
VERIFY ADVISORY:
http://secunia.com/advisories/19553/
CRITICAL:
Highly critical
IMPACT:
DoS, System access
WHERE:
From remote
OPERATING SYSTEM:
Cisco ONS 15000 Series
http://secunia.com/product/684/
SOFTWARE:
Cisco Transport Controller 4.x
http://secunia.com/product/9196/
DESCRIPTION:
Some vulnerabilities have been reported in Cisco Optical Networking
System 15000 Series, which can be exploited by malicious people to
cause a DoS (Denial of Service) or compromise a vulnerable management
system.
1) Multiple services are vulnerable to ACK DoS attacks where an
invalid response is sent instead of the final ACK packet during the
3-way handshake. This can be exploited to cause the control cards to
exhaust memory resources, not respond to further connections, or
reset by establishing multiple of these connections.
Successful exploitation requires that IP is configured on the LAN
interface (enabled by default).
2) An error within the processing of IP packets can be exploited to
reset the control cards by sending a specially crafted IP packet.
Successful exploitation requires that IP is configured on the LAN
interface (enabled by default) and secure mode for element management
system (EMS)-to-network-element access is enabled (disabled by
default).
3) Another error within the processing of IP packets can be exploited
to reset the control cards by sending a specially crafted IP packet.
Successful exploitation requires that IP is configured on the LAN
interface (enabled by default).
4) An error within the processing of OSPF (Open Shortest Path First)
packets can be exploited to reset the control cards by sending a
specially crafted OSPF packet.
Successful exploitation requires that the OSPF routing protocol is
configured on the LAN interface (disabled by default).
Successful exploitation of the above vulnerabilities (#1 through #4)
requires that the Optical node has the Common Control Card connected
to a DCN (Data Communication Network) and is enabled for IPv4.
The above vulnerabilities (#1 through #4) affect the following Cisco
ONS 15000 series platforms:
* Cisco ONS 15310-CL Series
* Cisco ONS 15327 Series
* Cisco ONS 15454 MSPP
* Cisco ONS 15454 MSTP
* Cisco ONS 15600 Series
The following Cisco ONS 15000 series platforms are not affected by
the vulnerabilities:
* Cisco ONS 15100 Series
* Cisco ONS 15200 Series
* Cisco ONS 15302, ONS 15305, and ONS 15310-MA platforms
* Cisco ONS 15500 Series
* Cisco ONS 15800 Series
5) A vulnerability exists within the Cisco Transport Controller (CTC)
applet launcher, which is downloaded each time a management connection
is made to the Optical node. The vulnerability is caused due to the
java.policy permissions being to broad by granting all permissions to
any software originating from the codeBase or source at
http://*/fs/LAUNCHER.jar.
This can be exploited to execute arbitrary code on the CTC
workstation if it is used to connect to a malicious web site running
Java code from the "/fs/LAUNCHER.jar" location.
The vulnerability affects versions 4.0.x and prior.
SOLUTION:
1-4) Updated versions are available (see patch matrix in vendor
advisory).
5) Update to Cisco Transport Controller version 4.1.0 or later.
PROVIDED AND/OR DISCOVERED BY:
Reported by vendor.
ORIGINAL ADVISORY:
http://www.cisco.com/warp/public/707/cisco-sa-20060405-ons.shtml
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]