Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Catalyst 6000 Supervisor IOS Vulnerable?

Is the Catalyst 6000 Supervisor IOS affected by the recently discovered vulerability outlined in the following document?

http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml

I noticed that in the main IOS download area, the vulnerable IOS images were removed and new versions were recommended. But, it appears that no changes were made in the Catalyst Supervisor IOS area.

This morning (after about a year with no issues), one of our Catalyst's went down with the following error. I'm trying to determine if this was caused by the vulnerability.

%ALIGN-3-SPURIOUS: Spurious memory access made at 0x602A5640 reading 0x4

%ALIGN-3-TRACE: -Traceback= 602A5640 602A639C 602B3C0C 602B3CC0 6035EEAC 6035F184 6035F860 6035FBBC

Meanwhile, I have implemented the ACL's recommended in order to block problematic traffic to our Catalyst's from the outside world.

Thanks,

Jordan

7 REPLIES

Re: Catalyst 6000 Supervisor IOS Vulnerable?

I dont think, the error message has anything to do with the vulnerability. Did you upgrade the image on the switch recently ? Do you see any image version mismatch errors ???

New Member

Re: Catalyst 6000 Supervisor IOS Vulnerable?

We upgraded the switch image a minimum of 4 months ago. We have two Catalyst 6500's and we've never had an issue with them. This morning one of the Catalyst's went down and came back up about 10 minutes later with the forementioned error. No changes have been made recently and no other errors were logged. Some 'show ver' output:

System returned to ROM by power-on (SP by error - a Software forced crash, PC 0x60116B14)

System image file is "sup-bootflash:c6sup11-psv-mz.121-13.E6"

Jordan

New Member

Re: Catalyst 6000 Supervisor IOS Vulnerable?

Well, the Catalyst just went down again, so I think you're correct about it not being a vulnerability issue. I noticed on the Cisco site that the '%ALIGN-3-SPURIOUS: Spurious memory access made' are "always caused by a Cisco IOS software bug". I'm going to go ahead and try an IOS upgrade. If the RAM in the Catalyst was bad, would it be detected during the boot process? Is there an easy way to confirm that it is a software problem and NOT a hardware problem?

Jordan

Re: Catalyst 6000 Supervisor IOS Vulnerable?

This most likely is a bug in the IOS. before upgrading, lets analyze the stack trace.

Re: Catalyst 6000 Supervisor IOS Vulnerable?

Can you get a stack trace ? "show stacks".

New Member

Re: Catalyst 6000 Supervisor IOS Vulnerable?

I plugged a console in, rebooted and am now getting:

1) First it self decompresses the image and says [OK], then I get:

Error : pre and post compression image sizes disagree

*** System received a Software forced crash ***

signal= 0x17, code= 0x8, context = 0x0

PC = 0x800080d4, Cause = 0x20, Status Reg = 0x3040d003

System Bootstrap, Version 12.0(3)XE, RELEASE SOFTWARE

Copyright (c) 1998 by cisco Systems, Inc.

Cat6k-MSFC platform with 131072 Kbytes of main memory

open: file "draco-fslib-m" not found

open(): Open Error = -1

loadprog: error - on file open

cannot load the monitor library "bootflash:%draco-fslib-m" from device: boot flashboot: cannot open "bootflash:"

boot: cannot determine first file name of device bootflash:

System Bootstrap, Version 12.0(3)XE, RELEASE SOFTWARE

Copyright (c) 1998 by cisco Systems, Inc.

Then the device just sits there. If the bootflash went bad, can I copy the bootldr and/or IOS image to my disk0: and boot off it? I just don't know how to edit the startup config...I can get the files onto the flash disk by copying them using our other Catalyst.

Jordan

New Member

Re: Catalyst 6000 Supervisor IOS Vulnerable?

It looks like our IOS release is affected by bug ID CSCdp53157.

Now I just need to figure out how to get the bootldr and IOS updated...then we'll be back on track to do a stack trace.

Jordan

181
Views
0
Helpful
7
Replies