[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Cisco Security Response: Cisco IOS Software Denial of Service Vulnerabilities



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Cisco Security Response: Cisco IOS Software Denial of Service
Vulnerabilities

http://www.cisco.com/warp/public/707/cisco-sr-20110505-ios.shtml

Revision 1.0

For Public Release 2011 May 05 1600 UTC (GMT)

Cisco Response
==============

This is the Cisco PSIRT response to two postings on bugtraq by NCNIPC
(China) regarding reported vulnerabilities in Cisco IOS Software.

The original reports are available at the following links:

  * Cisco IOS UDP Denial of Service Vulnerability leavingcisco.com
  * Cisco IOS SNMP Message Processing Denial Of Service Vulnerability
    leavingcisco.com

We greatly appreciate the opportunity to work with researchers on
security vulnerabilities and welcome the opportunity to review and
assist in product reports.

Additional Information
======================

Cisco PSIRT is actively working with NCNIPC (China) to further
understand the details of what is reported in the bugtraq postings.

At this stage Cisco PSIRT cannot confirm the existence of any new
vulnerabilities in Cisco IOS Software based on the information that
is currently available. This Cisco Security Response will be updated
as new information becomes available.

Cisco PSIRT recommends limiting access to the network with
Infrastructure Acess Control Lists (iACLs). Although it is often
difficult to block traffic that transits a network, it is possible to
identify traffic that should never be allowed to target
infrastructure devices and block that traffic at the border of
networks. Infrastructure Access Control Lists (iACLs) are a network
security best practice and should be considered as a long-term
addition to good network security.

The white paper entitled "Protecting Your Core: Infrastructure
Protection Access Control Lists" presents guidelines and recommended
deployment techniques for infrastructure protection access lists and
is available at the following link:

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_white_paper09186a00801a1a55.shtml

Status of this Notice: INTERIM
==============================

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY
KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS
AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS
DOCUMENT AT ANY TIME. CISCO EXPECTS TO UPDATE THIS DOCUMENT AS NEW
INFORMATION BECOMES AVAILABLE.

A stand-alone copy or Paraphrase of the text of this document that
omits the distribution URL in the following section is an
uncontrolled copy, and may lack important information or contain
factual errors.

Revision History
================

+------------------------------------------------------------+
| Revision 1.0   | 2011-May-05   | Initial public release    |
+------------------------------------------------------------+

Cisco Security Procedures
=========================

Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and
registering to receive security information from Cisco, is available
on Cisco's worldwide website at
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html.
This includes instructions for press inquiries regarding Cisco security
notices. All Cisco security advisories are available at
http://www.cisco.com/go/psirt.

+--------------------------------------------------------------------
Copyright 2010-2011 Cisco Systems, Inc. All rights reserved.
+--------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iF4EAREIAAYFAk3CsMoACgkQQXnnBKKRMNBp2AD+Odzl3qrzCbs0IOArRrPfUPpV
Rq0xW2X33LL6vjYZERkA/2/UIk7TaqfMZ3Idvx/oDa4hy951XR/YPJxiHCknUjY2
=JZH0
-----END PGP SIGNATURE-----