Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco secure scanner

Hi,

I have run secure scanner on my network which consist of pix 525/535,

I find the potential vulnerabilities

1. 3: Acess:SSH.RSAREF-overflow:VP:10060

2.Denial:telnet.cisco-login-crah:vp:1706.

Can anyne explain what these vulenerabilies are and if there are any fixes to this.

Thks

SP

1 REPLY
New Member

Re: Cisco secure scanner

Please check the NSDB.

SSH-RSAREF Overflow:

----------------------------------------------------------------

Description

Versions of ssh and sshd compiled using the --with-rsaref option are vulnerable to buffer overflow. The bug is present in all versions of SSH1, up to and including 1.2.27.

During key exchange, the RSAREF2 library does not bounds check the length of the key it is passed. The overflow can occur on either client or server.

Consequences

It is possible to execute arbitrary commands as the user that runs the RSAREF2 code.

For SSH up to 1.2.27 compiled with RSAREF2 this implies the remote execution of arbitrary commands as root.

Countermeasures

A patch provided by SSH Communications is available from the CERT/CC web site. This version of the patch has been signed by the CERT/CC.

Use a version of the RSA implementation that is not vulnerable to this attack. As of September 2000, the RSA patent has expired and there is no reason to use RSAREF

Use the Open Source version of SSH (http://www.openssh.org)

Cisco Login Crash

---------------------------------------------------------------------------------------------------------------------------

Description

An error in Cisco IOS software makes it possible for untrusted, unauthenticated users who can gain access to the login prompt of a router or other Cisco IOS device, via any means, to cause that device to crash and reload.

This applies only to devices running classic Cisco IOS software. This includes most Cisco routers with model numbers greater than or equal to

1000, but does not include the 7xx series, the Catalyst LAN switches, WAN switching products in the IGX or BPX lines, the AXIS shelf, early models of the LS1010 or LS2020 ATM switches, or any host-based software.

Exceptions include IOS versions 11.3(1), 11.3(1)ED, 11.3(1)T,11.2(10), 11.2(9)P, 11.2(9)XA, 11.2(10)BC, 11.2(8)SA3, 11.1(15)CA, 11.1(16), 11.1(16)IA, 11.1(16)AA, 11.1(17)CC, 11.1(17)CT, 11.0(20.3)

Consequences

A remote attacker can cause a Cisco device to crash and reload. Possible loss of configuration information may result as a consequence of this attack.

Countermeasures

Upgrade to a non-vulnerable version of the IOS software. These are 11.3(1), 11.3(1)ED, 11.3(1)T,11.2(10), 11.2(9)P, 11.2(9)XA, 11.2(10)BC, 11.2(8)SA3, 11.1(15)CA, 11.1(16), 11.1(16)IA, 11.1(16)AA, 11.1(17)CC, 11.1(17)CT, 11.0(20.3), and all later versions.

123
Views
0
Helpful
1
Replies
CreatePlease login to create content