CVE-2002-0339
CVSS5.0
发布时间 :2002-06-25 00:00:00
修订时间 :2008-09-05 16:27:46
NMCO    

[原文]Cisco IOS 11.1CC through 12.2 with Cisco Express Forwarding (CEF) enabled includes portions of previous packets in the padding of a MAC level packet when the MAC packet's length is less than the IP level packet length.


[CNNVD]Cisco IOS Cisco Express Forwarding模式会话信息泄露漏洞(CNNVD-200206-066)

        
        IOS(Internet Operating System)是广泛用于Cisco路由器的操作系统,由Cisco公司开发和维护。
        某些版本的IOS在Cisco Express Forwarding(CEF)实现上存在漏洞,可能导致转发数据包信息泄露。
        当Cisco路由器处于Cisco Express Forwarding(CEF)模式时,如果路由器收到的数据包其IP头里指明的长度大于包的物理长度时,这样的包会被扩展长度到到IP包头指定的值,当扩展之时,用于扩展的数据来自内存中存储的之前转发过的数据,从而导致了信息的泄露。
        攻击者无法指定所要获取的信息内容,这减少了获取敏感信息的可能性。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:cisco:ios:12.1tCisco IOS 12.1T
cpe:/o:cisco:ios:11.1ccCisco IOS 11.1CC
cpe:/o:cisco:ios:12.2Cisco IOS 12.2
cpe:/o:cisco:ios:12.0sCisco IOS 12.0S
cpe:/o:cisco:ios:12.1eCisco IOS 12.1E
cpe:/o:cisco:ios:12.1Cisco IOS 12.1
cpe:/o:cisco:ios:12.0Cisco IOS 12.0
cpe:/o:cisco:ios:12.0tCisco IOS 12.0T
cpe:/o:cisco:ios:12.2tCisco IOS 12.2T
cpe:/o:cisco:ios:12.0stCisco IOS 12.0ST

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:5784Cisco Express Forwarding Information Disclosure vulnerability
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0339
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0339
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200206-066
(官方数据源) CNNVD

- 其它链接及资源

http://www.kb.cert.org/vuls/id/310387
(UNKNOWN)  CERT-VN  VU#310387
http://www.securityfocus.com/bid/4191
(VENDOR_ADVISORY)  BID  4191
http://www.iss.net/security_center/static/8296.php
(VENDOR_ADVISORY)  XF  ios-cef-information-leak(8296)
http://www.cisco.com/warp/public/707/IOS-CEF-pub.shtml
(VENDOR_ADVISORY)  CISCO  20020227 Cisco Security Advisory: Data Leak with Cisco Express Forwarding
http://www.osvdb.org/806
(UNKNOWN)  OSVDB  806

- 漏洞信息

Cisco IOS Cisco Express Forwarding模式会话信息泄露漏洞
中危 未知
2002-06-25 00:00:00 2005-05-02 00:00:00
远程  
        
        IOS(Internet Operating System)是广泛用于Cisco路由器的操作系统,由Cisco公司开发和维护。
        某些版本的IOS在Cisco Express Forwarding(CEF)实现上存在漏洞,可能导致转发数据包信息泄露。
        当Cisco路由器处于Cisco Express Forwarding(CEF)模式时,如果路由器收到的数据包其IP头里指明的长度大于包的物理长度时,这样的包会被扩展长度到到IP包头指定的值,当扩展之时,用于扩展的数据来自内存中存储的之前转发过的数据,从而导致了信息的泄露。
        攻击者无法指定所要获取的信息内容,这减少了获取敏感信息的可能性。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * 在漏洞修补之前,在路由器上禁止使用Cisco Express Forwarding模式。
        厂商补丁:
        Cisco
        -----
        Cisco已经为此发布了一个安全公告(Cisco-IOS-CEF-pub)以及相应补丁:
        Cisco-IOS-CEF-pub:Data Leak with Cisco Express Forwarding Enabled
        链接:
        http://www.cisco.com/warp/public/707/IOS-CEF-pub.shtml

        下面是受影响版本的补丁状态表:
        +------------------------------------------------------------------------+
        | Train | Description of Image | Availability of Fixed Releases* |
        | | or Platform | |
        |--------------------------------+---------------------------------------|
        | 11.1-based Releases | Rebuild | Interim** | Maintenance |
        |--------------------------------+----------+--------------+-------------|
        | 11.1CC | ED release for 7000 | 11.1(36) | | |
        | | series | CC3 | | |
        |--------------------------------+----------+--------------+-------------|
        | 12.0-based Releases | Rebuild | Interim** | Maintenance |
        |--------------------------------+----------+--------------+-------------|
        | 12.0 | GD release for all | | 12.0(20.4) | |
        | | platforms | | | |
        |--------+-----------------------+----------+--------------+-------------|
        | 12.0S | ED release for all | 12.0(17) | 12.0(18.3)S | 12.0(19)S |
        | | platforms | ST4 | | |
        |--------+-----------------------+----------+--------------+-------------|
        | 12.0ST | ED release for all | | 12.0(18.3)ST | 12.0(19)ST |
        | | platforms | | | |
        |--------+-----------------------+---------------------------------------|
        | 12.0T | ED release for all | To be decided |
        | | platforms | |
        |--------+-----------------------+---------------------------------------|
        | 12.0W5 | ED release for all | | 12.0(20.4)W5 | |
        | | platforms | | (24.7) | |
        |--------------------------------+----------+--------------+-------------|
        | 12.1-based Releases | Rebuild | Interim** | Maintenance |
        |--------------------------------+----------+--------------+-------------|
        | 12.1 | LD release for all | | 12.1(9.2) | 12.1(10) |
        | | platforms | | | |
        |--------+-----------------------+----------+--------------+-------------|
        | 12.1E | ED release for all | 12.1 | 12.1(9.5)E | 12.1(8a)E |
        | | platforms | (8.5)E2 | | |
        |--------+-----------------------+----------+--------------+-------------|
        | 12.1EC | ED release for all | 12.1 | 12.1(9.5)EC | |
        | | platforms | (7.5)EC1 | | |
        |--------+-----------------------+---------------------------------------|
        | 12.1T | ED release for all | To be decided |
        | | platforms | |
        |--------+-----------------------+---------------------------------------|
        | 12.1XM | ED release for all | 12.1(5) | | |
        | &n

- 漏洞信息

806
Cisco IOS Cisco Express Forwarding (CEF) Previous Packet Information Disclosure
Remote / Network Access Information Disclosure
Loss of Confidentiality Patch / RCS
Vendor Verified

- 漏洞描述

IOS contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered by the way IOS handles certain packets, which will disclose previous packet information resulting in a loss of confidentiality.

- 时间线

2002-02-27 2002-02-27
Unknow Unknow

- 解决方案

Upgrade to version indicated by Cisco product matrix, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站