Re: newoak (4001/tcp) vulnerability

marinos_g · ‎08-24-2006

Hello,

I run nessus (port scanner) for a Cisco 2811 router and I don't understand one vulnerability from the results.

Here it is:

The remote system appears vulnerable to an invalid Options field

within a TCP packet. At least one vendor firewall (Symantec) has

been reported prone to such a bug. An attacker, utilizing this flaw,

would be able to remotely shut down the remote firewall (stopping all

network-based transactions) by sending a single packet to any port.

See also :

http://www.osvdb.org/displayvuln.php?osvdb_id=5596

http://www.eeye.com/html/Research/Advisories/AD20040423.html

Risk factor : High

CVE : CVE-2004-0444

BID : 10204, 10334, 10335

Other references : IAVA:2004-A-0010

Nessus ID : 12216

Is Cisco 2811 vulnerable to this bug?

Is there an IOS to fix this bug?

Symantec has released a patch to correct this bug.

Thank you for your help.

jwalker · ‎08-25-2006

I have not found anywhere in any of the documentation that Cisco products are susceptible to this vulnerability... All of the documentation I read indicates it only affects Symantec and Norton products.

marinos_g · ‎08-27-2006

Hi Jay,

Thank you for your reply.

To tell you the truth, when I posted my question, I didn't think I would get any reply at all :)

I see that you have some experience on security, also owner of CCSP, so you definitely know more about this.

Well, I couldn't find any documents for Cisco products about this vulnerability either, but I need to be sure.

Do you think if I open a TAC case they can help me?

Thank you

jmia · ‎08-28-2006

Marinos

Can you please post the IOS version you are running on your router - output the content of "sho ver" here and we can confirm if the vulnerability is related to your specific platform.

But personaly, I've not come across this on the 2800 platform. Of course you can open up a TAC case on this too.

Thanks / Jay

marinos_g · ‎08-28-2006

Here it is:

Cisco IOS Software, 2800 Software (C2800NM-SPSERVICESK9-M), Version 12.4(4)T, RELEASE SOFTWARE (fc1)

Technical Support: http://www.cisco.com/techsupport

Compiled Thu 27-Oct-05 11:24 by ccai

ROM: System Bootstrap, Version 12.3(8r)T7, RELEASE SOFTWARE (fc1)

2811_Gateway1 uptime is 3 weeks, 2 days, 20 hours, 11 minutes

System returned to ROM by reload at 15:04:12 GTB Fri Aug 4 2006

System restarted at 15:05:20 GTB Fri Aug 4 2006

System image file is "flash:c2800nm-spservicesk9-mz.124-4.T.bin"

This product contains cryptographic features and is subject to United

States and local country laws governing import, export, transfer and

use. Delivery of Cisco cryptographic products does not imply

third-party authority to import, export, distribute or use encryption.

Importers, exporters, distributors and users are responsible for

compliance with U.S. and local country laws. By using this product you

agree to comply with applicable laws and regulations. If you are unable

to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:

http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to

export@cisco.com.

Cisco 2811 (revision 53.51) with 251904K/10240K bytes of memory.

Processor board ID FCZ0946707C

2 FastEthernet interfaces

31 Serial interfaces

1 ISDN Basic Rate interface

1 Channelized E1/PRI port

DRAM configuration is 64 bits wide with parity enabled.

239K bytes of non-volatile configuration memory.

62720K bytes of ATA CompactFlash (Read/Write)

Configuration register is 0x2102

Thank you for your help

jfilliben · ‎03-11-2019

This is due to 'transport input telnet' on the AUX port. To disable, do:

line aux 0

no transport input