CVE-2004-0710
CVSS5.0
发布时间 :2004-07-27 00:00:00
修订时间 :2009-03-04 00:22:49
NMCOS    

[原文]IP Security VPN Services Module (VPNSM) in Cisco Catalyst 6500 Series Switch and the Cisco 7600 Series Internet Routers running IOS before 12.2(17b)SXA, before 12.2(17d)SXB, or before 12.2(14)SY03 could allow remote attackers to cause a denial of service (device crash and reload) via a malformed Internet Key Exchange (IKE) packet.


[CNNVD]Cisco IOS畸形IKE包远程拒绝服务漏洞(CNNVD-200407-073)

        
        Cisco IOS是部署非常广泛的网络操作系统。很多Cisco设备都运行IOS。
        Cisco IOS的VPN服务模块不正确处理畸形IKE包,远程攻击者可以利用这个漏洞对CISCO设备进行拒绝服务攻击。
        Cisco IP Security (IPSec) VPN模块是Cisco Catalyst 6500交换机和Cisco 7600系列Internet路由器高速模块,提供架构集成的IPSec VPN服务。一个畸形的IKE包可导致安装了VPNSM的Cisco Catalyst 6500交换机和Cisco 7600系列Internet路由器崩溃并重载。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:cisco:ios:12.2sxbCisco IOS 12.2SXB
cpe:/o:cisco:ios:12.2%2817a%29sxaCisco IOS 12.2 (17a)SXA
cpe:/o:cisco:ios:12.2syCisco IOS 12.2SY
cpe:/o:cisco:ios:12.2%2814%29za2Cisco IOS 12.2 (14)ZA2
cpe:/o:cisco:ios:12.2%2814%29zaCisco IOS 12.2 (14)ZA
cpe:/o:cisco:ios:12.2%2814%29syCisco IOS 12.2 (14)SY
cpe:/o:cisco:ios:12.2sxaCisco IOS 12.2SXA
cpe:/o:cisco:ios:12.2zaCisco IOS 12.2ZA

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:5696Cisco Systems IPSec VPN Services Module Malformed IKE Packet Vulnerability
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0710
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0710
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200407-073
(官方数据源) CNNVD

- 其它链接及资源

http://www.kb.cert.org/vuls/id/904310
(VENDOR_ADVISORY)  CERT-VN  VU#904310
http://www.cisco.com/warp/public/707/cisco-sa-20040408-vpnsm.shtml
(VENDOR_ADVISORY)  CISCO  20040408 Cisco IPSec VPN Services Module Malformed IKE Packet Vulnerability
http://xforce.iss.net/xforce/xfdb/15797
(UNKNOWN)  XF  cisco-vpnsm-ike-dos(15797)
http://www.securityfocus.com/bid/10083
(VENDOR_ADVISORY)  BID  10083

- 漏洞信息

Cisco IOS畸形IKE包远程拒绝服务漏洞
中危 其他
2004-07-27 00:00:00 2009-03-04 00:00:00
远程  
        
        Cisco IOS是部署非常广泛的网络操作系统。很多Cisco设备都运行IOS。
        Cisco IOS的VPN服务模块不正确处理畸形IKE包,远程攻击者可以利用这个漏洞对CISCO设备进行拒绝服务攻击。
        Cisco IP Security (IPSec) VPN模块是Cisco Catalyst 6500交换机和Cisco 7600系列Internet路由器高速模块,提供架构集成的IPSec VPN服务。一个畸形的IKE包可导致安装了VPNSM的Cisco Catalyst 6500交换机和Cisco 7600系列Internet路由器崩溃并重载。
        

- 公告与补丁

        厂商补丁:
        Cisco
        -----
        Cisco已经为此发布了一个安全公告(cisco-sa-20040408-vpnsm)以及相应补丁:
        cisco-sa-20040408-vpnsm:Cisco IPSec VPN Services Module Malformed IKE Packet Vulnerability
        链接:
        http://www.cisco.com/warp/public/707/cisco-sa-20040408-vpnsm.shtml

        补丁下载:
        Cisco 12.2SXA版本需升级到12.2(17b)SXA及之后版本。
        Cisco 12.2SXB版本需升级到12.2(17d)SX及之后版本。
        Cisco 12.2SY版本需升级到12.2(14)SY03及之后版本。
        Cisco 12.2ZA版本需升级到12.2(14)ZA及之后版本。
        拥有服务合同的客户必须连接他们常规升级渠道获得由此公告指定的免费升级软件。对于大多数拥有服务合同的客户,这意味着升级必须通过CISCO全球WEB站软件中心获得:
        
        http://www.cisco.com/tacpage/library/12.2/index.shtml.

        要访问此下载URL,你必须是注册用户和必须登录后才能使用。
        事先或目前与第三方支持组织,如Cisco合作伙伴、授权零售商或服务商之间已有协议,由第三方组织提供Cisco产品或技术支持的用户可免费获得升级支持。
        直接从Cisco购买产品但没有Cisco服务合同的用户和由第三方厂商购买产品但无法从销售方获得已修复软件的用户可从Cisco技术支持中心(TAC)获取升级软件。TAC联系方法:
         * +1 800 553 2447 (北美地区免话费)
         * +1 408 526 7209 (全球收费)
         * e-mail: tac@cisco.com
        
        查看
        http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml
获取额外的TAC联系信息,包括特别局部的电话号码,各种语言的指南和EMAIL地址。

- 漏洞信息

5021
Cisco IPSec VPNSM IKE Packet DoS
Remote / Network Access Denial of Service
Loss of Availability
Exploit Unknown

- 漏洞描述

Cisco IOS contains a flaw that may allow a remote denial of service. The issue is triggered when a vulnerable device processes a malformed Internet Key Exchange (IKE) packet, which will result in loss of availability for the platform.

- 时间线

2004-04-08 Unknow
Unknow Unknow

- 解决方案

Upgrade to version Cisco IOS 12.2 (17d)SXB, Cisco IOS 12.2 (17b)SXA, Cisco IOS 12.2 (14)ZA8, Cisco IOS 12.2 (14)SY03 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s): Limit access, if possible, to known VPN client locations only (i.e. trusted address ranges).

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Cisco IOS Malformed IKE Packet Remote Denial Of Service Vulnerability
Failure to Handle Exceptional Conditions 10083
Yes No
2004-04-08 12:00:00 2009-07-12 04:06:00
The vendor announced this vulnerability.

- 受影响的程序版本

Cisco IOS 12.2ZA
Cisco IOS 12.2SY
Cisco IOS 12.2SXB
Cisco IOS 12.2SXA
Cisco IOS 12.2(17d)SX
Cisco IOS 12.2(17a)SXA
Cisco IOS 12.2(14)ZA2
Cisco IOS 12.2(14)ZA
Cisco IOS 12.2(14)SY
Cisco IOS 12.2(17d)SXB
Cisco IOS 12.2(17b)SXA
Cisco IOS 12.2(14)ZA8
Cisco IOS 12.2(14)SY03

- 不受影响的程序版本

Cisco IOS 12.2(17d)SXB
Cisco IOS 12.2(17b)SXA
Cisco IOS 12.2(14)ZA8
Cisco IOS 12.2(14)SY03

- 漏洞讨论

Cisco IOS has been reported prone to a remote denial of service vulnerability. It is reported that the issue will present itself when IOS is running on a Cisco Catalyst 6500 Series Switch or a Cisco 7600 Series Router that has a VPN Services Module (VPNSM) installed.

When one of the aforementioned appliances processes a malformed IKE packet, IOS will crash and reload.

**Update (March 30th 2005): The vendor reports that certain devices that do not have the VPN Services Module installed might also be affected by this vulnerability. It is reported that Cisco IOS devices with Crypto support will process IKE messages by default.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

An updated Cisco advisory is available, this advisory contains additional information in regard to this issue as well as additional fix information. Customers are advised to peruse the referenced advisory to obtain this information.

Cisco has released the following fix information:

12.2SXA is addressed by 12.2(17b)SXA and later.

12.2SXB is addressed by 12.2(17d)SXB and later.

12.2SY is addressed by 12.2(14)SY03 and later.

12.2ZA will be addressed by the pending release of 12.2(14)ZA8 and later.

Further details may be found in the attached Cisco advisory.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站