Hi there,
At 18:43 11/04/2001 +0700, Fyodor wrote:
>Cisco IOS (at least 11.x series) _IS_ vulnerable (tested, confirmed). Earlier
>versions are presumably vulnerable too. Haven't tested IOS 12.x but it may have
>the same bug inherited as well (unless cisco folks found the problem and fixed
>it silently).
Despite what Fyodor said, we were unable to get IOS crash. Admittedly,
we have not tested all IOS releases but we did test: 10.3, 11.0, 12.0
and 12.1.
Our finding is that we were unable to crash IOS by using the exploit
which has been posted on the Bugtraq.
However, we can not rule out the possibility that certain IOS release,
on a given HW with a particular configuration will crash. So, in the mean
time, as a precaution, we advise all customers to insert the following
line into the configuration:
ntp access-group serve-only
This will prevent the router from processing NTP control requests.
Cheers,
Gaus
==============
Damir Rajnovic <psirtat_private>, PSIRT Incident Manager, Cisco Systems
<http://www.cisco.com/warp/public/707/sec_incident_response.shtml>
Phone: +44 7715 546 033
4 The Square, Stockley Park, Uxbridge, MIDDLESEX UB11 1BN, GB
==============
There is no insolvable problems. Question remains: can you
accept the solution?
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 04:57:26 PDT