CVE-2004-0714
CVSS5.0
发布时间 :2004-07-27 00:00:00
修订时间 :2009-03-04 00:22:51
NMCOS    

[原文]Cisco Internetwork Operating System (IOS) 12.0S through 12.3T attempts to process SNMP solicited operations on improper ports (UDP 162 and a randomly chosen UDP port), which allows remote attackers to cause a denial of service (device reload and memory corruption).


[CNNVD]Cisco Internet Operating System SNMP消息处理远程拒绝服务漏洞(CNNVD-200407-088)

        
        Cisco IOS是部署非常广泛的网络操作系统。很多Cisco设备都运行IOS。
        Cisco IOS在处理远程SNMP消息时存在设计问题,远程攻击者利用这个漏洞发送畸形SNMP消息引起内存破坏而导致拒绝服务。
        SNMP是用于监视和管理网络设备的协议,其中消息使用UDP来对SNMP代理和管理器之间进行通信。Cisco IOS SNMP服务在处理特殊SNMP消息时不正确,可引起设备重载。
        一般SNMP操作使用161/udp和162/udp端口,另外除了这些知名端口,Cisco IOS使用随机选择的范围在49152及59152/udp之间的UDP端口监听其他类型的SNMP消息。特殊构建的畸形SNMPv1和SNMPv2可触发此漏洞,而且更危险的是任何SNMPv3"恳谈"操作发感到此类端口可引起内存破坏而使设备重载,造成拒绝服务。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:cisco:ios:12.1ewCisco IOS 12.1EW
cpe:/o:cisco:ios:12.2zqCisco IOS 12.2 ZQ
cpe:/o:cisco:ios:12.3%284%29t1Cisco IOS 12.3 (4)T1
cpe:/o:cisco:ios:12.1%2820%29e2Cisco IOS 12.1 (20)E2
cpe:/o:cisco:ios:12.0%2826%29s1Cisco IOS 12.0 (26)S1
cpe:/o:cisco:ons_15454e_optical_transport_platformCisco ONS 15454E Optical Transport Platform
cpe:/o:cisco:ios:12.0sCisco IOS 12.0S
cpe:/o:cisco:ios:12.3%282%29t3Cisco IOS 12.3 (2)T3
cpe:/o:cisco:ios:12.2%2812h%29Cisco IOS 12.2 (12h)
cpe:/o:cisco:ios:12.3%284%29xdCisco IOS 12.3 (4)XD
cpe:/o:cisco:ons_15454_optical_transport_platform:4.1%280%29
cpe:/o:cisco:ons_15454_optical_transport_platform:4.1
cpe:/o:cisco:ios:12.3%285b%29Cisco IOS 12.3 (5b)
cpe:/o:cisco:ios:12.3bCisco IOS 12.3B
cpe:/o:cisco:ios:12.3%282%29xc1Cisco IOS 12.3 (2)XC1
cpe:/o:cisco:ios:12.3%285%29Cisco IOS 12.3(5)
cpe:/o:cisco:ios:12.2%2821%29Cisco IOS 12.2 (21)
cpe:/o:cisco:ios:12.3%284%29tCisco IOS 12.3 (4)T
cpe:/o:cisco:ios:12.3%282%29xc2Cisco IOS 12.3 (2)XC2
cpe:/o:cisco:ios:12.2%2820%29sCisco IOS 12.2 (20)S
cpe:/o:cisco:ios:12.2Cisco IOS 12.2
cpe:/o:cisco:ons_15454_optical_transport_platform:3.0
cpe:/o:cisco:ios:12.3xqCisco IOS 12.3XQ
cpe:/o:cisco:ios:12.0%2824%29s4Cisco IOS 12.0 (24)S4
cpe:/o:cisco:ios:12.1euCisco IOS 12.1EU
cpe:/o:cisco:ons_15454_optical_transport_platform:3.2_.0
cpe:/o:cisco:ios:12.1%2820%29ew1Cisco IOS 12.1 (20)EW1
cpe:/o:cisco:ios:12.2%2821a%29Cisco IOS 12.2 (21a)
cpe:/o:cisco:ons_15454_optical_transport_platform:3.1_.0
cpe:/o:cisco:ios:12.1%2820%29e1Cisco IOS 12.1 (20)E1
cpe:/o:cisco:ios:12.0%2827%29sv1Cisco IOS 12.0 (27)SV1
cpe:/o:cisco:ios:12.3%286%29Cisco IOS 12.3 (6)
cpe:/o:cisco:ios:12.3xcCisco IOS 12.3XC
cpe:/o:cisco:ios:12.2%2812g%29Cisco IOS 12.2 (12g)
cpe:/o:cisco:ios:12.3Cisco IOS 12.3
cpe:/o:cisco:ios:12.1ebCisco IOS 12.1EB
cpe:/o:cisco:ios:12.2%2820%29s1Cisco IOS 12.2 (20)S1
cpe:/o:cisco:ios:12.3xdCisco IOS 12.3XD
cpe:/o:cisco:ios:12.3xhCisco IOS 12.3XH
cpe:/o:cisco:ios:12.3tCisco IOS 12.3T
cpe:/o:cisco:ons_15454_optical_transport_platform:4.0
cpe:/o:cisco:ios:12.3%285a%29Cisco IOS 12.3 (5a)
cpe:/o:cisco:ios:12.1eaCisco IOS 12.1EA
cpe:/o:cisco:ios:12.1%2820%29ewCisco IOS 12.1 (20)EW
cpe:/o:cisco:ios:12.3%284%29xd1Cisco IOS 12.3 (4)XD1
cpe:/o:cisco:ons_15454_optical_transport_platform:4.1%283%29
cpe:/o:cisco:ios:12.3%285a%29bCisco IOS 12.3 (5a)b
cpe:/o:cisco:ios:12.0%2823%29s4Cisco IOS 12.0 (23)S4
cpe:/o:cisco:ios:12.3xkCisco IOS 12.3XK
cpe:/o:cisco:ios:12.0%2827%29svCisco IOS 12.0 (27)SV
cpe:/o:cisco:ons_15454_optical_transport_platform:4.0%282%29
cpe:/o:cisco:ons_15454_optical_transport_platform:3.3
cpe:/o:cisco:ios:12.3xfCisco IOS 12.3XF
cpe:/o:cisco:ios:12.3%284%29t2Cisco IOS 12.3 (4)T2
cpe:/o:cisco:ons_15454_optical_transport_platform:4.1%281%29
cpe:/o:cisco:ios:12.0%2827%29sCisco IOS 12.0 (27)S
cpe:/o:cisco:ios:12.2swCisco IOS 12.2SW
cpe:/o:cisco:ios:12.3%284%29t3Cisco IOS 12.3 (4)T3
cpe:/o:cisco:ios:12.1%2820%29ec1Cisco IOS 12.1 (20)EC1
cpe:/o:cisco:ons_15454_optical_transport_platform:4.1%282%29
cpe:/o:cisco:ios:12.1ecCisco IOS 12.1EC
cpe:/o:cisco:ons_15454_optical_transport_platform:3.4
cpe:/o:cisco:ios:12.1eCisco IOS 12.1E
cpe:/o:cisco:ios:12.1%2820%29ecCisco IOS 12.1 (20)EC
cpe:/o:cisco:ios:12.0svCisco IOS 12.0 SV
cpe:/o:cisco:ios:12.1%2820%29ea1Cisco IOS 12.1 (20)EA1
cpe:/o:cisco:ios:12.1%2820%29eCisco IOS 12.1 (20)E
cpe:/o:cisco:ios:12.0%2824%29s5Cisco IOS 12.0 (24)S5
cpe:/o:cisco:ios:12.2%2823%29Cisco IOS 12.2 (23)
cpe:/o:cisco:ios:12.3xeCisco IOS 12.3XE
cpe:/o:cisco:ons_15454_optical_transport_platform:4.0%281%29
cpe:/o:cisco:ios:12.2sCisco IOS 12.2S
cpe:/o:cisco:ios:12.0%2823%29s5Cisco IOS 12.0 (23)S5
cpe:/o:cisco:ios:12.3xgCisco IOS 12.3XG
cpe:/o:cisco:ios:12.1eoCisco IOS 12.1EO
cpe:/o:cisco:ios:12.1%2820%29eoCisco IOS 12.1(20)EO

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:5845Cisco IOS SNMP Malformed Message Denial of Service Vulnerability
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0714
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0714
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200407-088
(官方数据源) CNNVD

- 其它链接及资源

http://www.kb.cert.org/vuls/id/162451
(VENDOR_ADVISORY)  CERT-VN  VU#162451
http://www.us-cert.gov/cas/techalerts/TA04-111B.html
(VENDOR_ADVISORY)  CERT  TA04-111B
http://www.securityfocus.com/bid/10186
(VENDOR_ADVISORY)  BID  10186
http://www.cisco.com/warp/public/707/cisco-sa-20040420-snmp.shtml
(VENDOR_ADVISORY)  CISCO  20040420 Vulnerabilities in SNMP Message Processing
http://xforce.iss.net/xforce/xfdb/15921
(UNKNOWN)  XF  cisco-ios-snmp-udp-dos(15921)

- 漏洞信息

Cisco Internet Operating System SNMP消息处理远程拒绝服务漏洞
中危 设计错误
2004-07-27 00:00:00 2009-03-04 00:00:00
远程  
        
        Cisco IOS是部署非常广泛的网络操作系统。很多Cisco设备都运行IOS。
        Cisco IOS在处理远程SNMP消息时存在设计问题,远程攻击者利用这个漏洞发送畸形SNMP消息引起内存破坏而导致拒绝服务。
        SNMP是用于监视和管理网络设备的协议,其中消息使用UDP来对SNMP代理和管理器之间进行通信。Cisco IOS SNMP服务在处理特殊SNMP消息时不正确,可引起设备重载。
        一般SNMP操作使用161/udp和162/udp端口,另外除了这些知名端口,Cisco IOS使用随机选择的范围在49152及59152/udp之间的UDP端口监听其他类型的SNMP消息。特殊构建的畸形SNMPv1和SNMPv2可触发此漏洞,而且更危险的是任何SNMPv3"恳谈"操作发感到此类端口可引起内存破坏而使设备重载,造成拒绝服务。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * 关闭设备上的SNMP服务。
        * 对这些端口进行访问控制。
        厂商补丁:
        Cisco
        -----
        Cisco已经为此发布了一个安全公告(cisco-sa-20040420-snmp)以及相应补丁:
        cisco-sa-20040420-snmp:Vulnerabilities in SNMP Message Processing
        链接:
        http://www.cisco.com/warp/public/707/cisco-sa-20040420-snmp.shtml

        如下Cisco IOS版本不受此漏洞影响:
        Cisco IOS 12.0 (27)SV2
        Cisco IOS 12.0 (27)S1
        Cisco IOS 12.0 (26)S2
        Cisco IOS 12.0 (24)S6
        Cisco IOS 12.0 (23)S6
        Cisco IOS 12.1 (22)E1
        Cisco IOS 12.1 (20)EW2
        Cisco IOS 12.1 (20)EC2
        Cisco IOS 12.1 (20)EA1a
        Cisco IOS 12.1 (20)E3
        Cisco IOS 12.2 (24)
        Cisco IOS 12.2 (23a)
        Cisco IOS 12.2 (23.6)
        Cisco IOS 12.2 (22)S
        Cisco IOS 12.2 (21b)
        Cisco IOS 12.2 (20)S2
        Cisco IOS 12.2 (12i)
        Cisco IOS 12.3 (9)
        Cisco IOS 12.3 (7.7)
        Cisco IOS 12.3 (7)T
        Cisco IOS 12.3 (6a)
        Cisco IOS 12.3 (5c)
        Cisco IOS 12.3 (5)B1
        Cisco IOS 12.3 (4)XQ
        Cisco IOS 12.3 (4)XK
        Cisco IOS 12.3 (4)XH
        Cisco IOS 12.3 (4)XG1
        Cisco IOS 12.3 (4)XD2
        Cisco IOS 12.3 (4)T4
        Cisco IOS 12.3 (4)EO1
        Cisco IOS 12.3 (2)XC3
        拥有服务合同的客户必须连接他们常规升级渠道获得由此公告指定的免费升级软件。对于大多数拥有服务合同的客户,这意味着升级必须通过CISCO全球WEB站软件中心获得:
        
        http://www.cisco.com/public/sw-center/.

        要访问此下载URL,你必须是注册用户和必须登录后才能使用。
        事先或目前与第三方支持组织,如Cisco合作伙伴、授权零售商或服务商之间已有协议,由第三方组织提供Cisco产品或技术支持的用户可免费获得升级支持。
        直接从Cisco购买产品但没有Cisco服务合同的用户和由第三方厂商购买产品但无法从销售方获得已修复软件的用户可从Cisco技术支持中心(TAC)获取升级软件。TAC联系方法:
         * +1 800 553 2447 (北美地区免话费)
         * +1 408 526 7209 (全球收费)
         * e-mail: tac@cisco.com
        
        查看
        http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml
获取额外的TAC联系信息,包括特别局部的电话号码,各种语言的指南和EMAIL地址。

- 漏洞信息

5575
Cisco IOS Flawed SNMP Processing DoS
Remote / Network Access Denial of Service
Loss of Availability
Exploit Public

- 漏洞描述

Cisco IOS contains a flaw that may allow a remote denial of service. Cisco IOS fails to correctly handle SNMP solicited operations on UDP port 162 and the random UDP port. This flaw may allow a remote attacke to cause memory corruption and reload of device, resulting in a loss of availability.

- 时间线

2004-04-20 Unknow
Unknow Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, Cisco has released a patch to address this vulnerability.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Cisco Internet Operating System SNMP Message Processing Denial Of Service Vulnerability
Design Error 10186
Yes No
2004-04-20 12:00:00 2009-07-12 04:06:00
This issue was disclosed in the referenced vendor advisory.

- 受影响的程序版本

Cisco ONS 15454E Optical Transport Platform 0
Cisco ONS 15454 Optical Transport Platform 4.1 (3)
Cisco ONS 15454 Optical Transport Platform 4.1 (2)
Cisco ONS 15454 Optical Transport Platform 4.1 (1)
Cisco ONS 15454 Optical Transport Platform 4.1 (0)
Cisco ONS 15454 Optical Transport Platform 4.1
Cisco ONS 15454 Optical Transport Platform 4.0 (2)
Cisco ONS 15454 Optical Transport Platform 4.0 (1)
Cisco ONS 15454 Optical Transport Platform 4.0
Cisco ONS 15454 Optical Transport Platform 3.4
Cisco ONS 15454 Optical Transport Platform 3.3
Cisco ONS 15454 Optical Transport Platform 3.2 .0
Cisco ONS 15454 Optical Transport Platform 3.1 .0
Cisco ONS 15454 Optical Transport Platform 3.0
Cisco IOS 12.3XQ
Cisco IOS 12.3XK
Cisco IOS 12.3XH
Cisco IOS 12.3XG
Cisco IOS 12.3XF
Cisco IOS 12.3XE
Cisco IOS 12.3XD
Cisco IOS 12.3XC
Cisco IOS 12.3T
Cisco IOS 12.3B
Cisco IOS 12.3(6)
Cisco IOS 12.3(5b)
Cisco IOS 12.3(5a)b
Cisco IOS 12.3(5a)
Cisco IOS 12.3(5)
Cisco IOS 12.3(4)XD1
Cisco IOS 12.3(4)XD
Cisco IOS 12.3(4)T3
Cisco IOS 12.3(4)T2
Cisco IOS 12.3(4)T1
Cisco IOS 12.3(4)T
Cisco IOS 12.3(2)XC2
Cisco IOS 12.3(2)XC1
Cisco IOS 12.3(2)T3
Cisco IOS 12.3
Cisco IOS 12.2ZQ
Cisco IOS 12.2SW
Cisco IOS 12.2S
Cisco IOS 12.2(23)
Cisco IOS 12.2(21a)
Cisco IOS 12.2(21)
Cisco IOS 12.2(20)S1
Cisco IOS 12.2(20)S
Cisco IOS 12.2(12h)
Cisco IOS 12.2(12g)
Cisco IOS 12.2
Cisco IOS 12.1EW
Cisco IOS 12.1EU
Cisco IOS 12.1EO
Cisco IOS 12.1EC
Cisco IOS 12.1EB
Cisco IOS 12.1EA
Cisco IOS 12.1E
Cisco IOS 12.1(20)EW1
Cisco IOS 12.1(20)EW
Cisco IOS 12.1(20)EO
Cisco IOS 12.1(20)EC1
Cisco IOS 12.1(20)EC
Cisco IOS 12.1(20)EA1
Cisco IOS 12.1(20)E2
Cisco IOS 12.1(20)E2
Cisco IOS 12.1(20)E1
Cisco IOS 12.1(20)E
Cisco IOS 12.0SV
Cisco IOS 12.0S
Cisco IOS 12.0(27)SV1
Cisco IOS 12.0(27)SV
Cisco IOS 12.0(27)S
Cisco IOS 12.0(26)S1
Cisco IOS 12.0(24)S5
Cisco IOS 12.0(24)S4
Cisco IOS 12.0(23)S5
Cisco IOS 12.0(23)S4
Cisco IOS 12.3(9)
Cisco IOS 12.3(7.7)
Cisco IOS 12.3(7)T
Cisco IOS 12.3(6a)
Cisco IOS 12.3(5c)
Cisco IOS 12.3(5)B1
Cisco IOS 12.3(4)XQ
Cisco IOS 12.3(4)XK
Cisco IOS 12.3(4)XH
Cisco IOS 12.3(4)XG1
Cisco IOS 12.3(4)XD2
Cisco IOS 12.3(4)T4
Cisco IOS 12.3(4)EO1
Cisco IOS 12.3(2)XC3
Cisco IOS 12.2(24)
Cisco IOS 12.2(23a)
Cisco IOS 12.2(23.6)
Cisco IOS 12.2(23)SW
Cisco IOS 12.2(22)S
Cisco IOS 12.2(21b)
Cisco IOS 12.2(20)S2
Cisco IOS 12.2(12i)
Cisco IOS 12.1(22)EB
Cisco IOS 12.1(22)E1
Cisco IOS 12.1(20)EW2
Cisco IOS 12.1(20)EO1
Cisco IOS 12.1(20)EC2
Cisco IOS 12.1(20)EA1a
Cisco IOS 12.1(20)E3
Cisco IOS 12.0(27)SV2
Cisco IOS 12.0(27)S1
Cisco IOS 12.0(26)S2
Cisco IOS 12.0(24)S6
Cisco IOS 12.0(23)S6

- 不受影响的程序版本

Cisco IOS 12.3(9)
Cisco IOS 12.3(7.7)
Cisco IOS 12.3(7)T
Cisco IOS 12.3(6a)
Cisco IOS 12.3(5c)
Cisco IOS 12.3(5)B1
Cisco IOS 12.3(4)XQ
Cisco IOS 12.3(4)XK
Cisco IOS 12.3(4)XH
Cisco IOS 12.3(4)XG1
Cisco IOS 12.3(4)XD2
Cisco IOS 12.3(4)T4
Cisco IOS 12.3(4)EO1
Cisco IOS 12.3(2)XC3
Cisco IOS 12.2(24)
Cisco IOS 12.2(23a)
Cisco IOS 12.2(23.6)
Cisco IOS 12.2(23)SW
Cisco IOS 12.2(22)S
Cisco IOS 12.2(21b)
Cisco IOS 12.2(20)S2
Cisco IOS 12.2(12i)
Cisco IOS 12.1(22)EB
Cisco IOS 12.1(22)E1
Cisco IOS 12.1(20)EW2
Cisco IOS 12.1(20)EO1
Cisco IOS 12.1(20)EC2
Cisco IOS 12.1(20)EA1a
Cisco IOS 12.1(20)E3
Cisco IOS 12.0(27)SV2
Cisco IOS 12.0(27)S1
Cisco IOS 12.0(26)S2
Cisco IOS 12.0(24)S6
Cisco IOS 12.0(23)S6

- 漏洞讨论

It has been reported that the Cisco Internet Operating System (IOS) is affected by a remote SNMP message processing denial of service vulnerability. This is caused by a design error that causes memory corruption in the affected system under certain circumstances.

This issue may be leveraged to cause a denial of service condition in the affected device. The denial of service is due to a corruption of memory in the affected device. As a result, there may be other consequences, such as code execution. This has not been confirmed by Cisco.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

Cisco has released an advisory dealing with this issue. Please see the referenced advisory for more information and details on obtaining fixes.

Cisco has released an update to their initial advisory. The update has expanded on the affected products section (added the Catalyst and Optical products - 12.1(20)EO) as well as the software versions and fixes section; updates for the newly reported vulnerable products will be available on April 27th.

Cisco has also released further revisions to their initial advisory. In particular, Cisco has provided details about vulnerable IOS 12.1EB, 12.1EO, 12.1EU, 12.2SW, 12.2ZQ, 12.2XE, 12.2XF releases and fix information. Please see the most recent revision (1.3) for further information.

Cisco have released revision 1.4 of their advisory to instruct users of Cisco IOS 12.3XC to migrate to the pending 12.3(8)T release.

Cisco have released revision 1.5 of their advisory, detailing software fix availability information for 12.0S, 12.1EB, 12.2, 12.2S, 12.2SW, 12.3, 12.3T, 12.3XH, 12.3XK, and 12.3XQ.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站