Cisco IOS OSPF遠程緩沖區溢出漏洞

2019-11-05 01:04:39

字體：大中小

來源：轉載

供稿：網友

信息提供：

安全公告（或線索）提供熱線：51cto.editor@Gmail.com

漏洞類別：

溢出錯誤

攻擊類型：

嵌入惡意代碼

發布日期：

2003-02-20

更新日期：

2003-02-28

受影響系統：

Cisco IOS 12.0.7(T)

Cisco IOS 12.0.4T

Cisco IOS 12.0.4S

Cisco IOS 12.0.3T2

Cisco IOS 12.0.2XG

Cisco IOS 12.0.2XF

Cisco IOS 12.0.2XD

Cisco IOS 12.0.2XC

Cisco IOS 12.0.2

Cisco IOS 12.0.1XE

Cisco IOS 12.0.1XB

Cisco IOS 12.0.1XA3

Cisco IOS 12.0.1W

Cisco IOS 12.0.1

Cisco IOS 12.0(9)S

Cisco IOS 12.0(8.3)SC

Cisco IOS 12.0(8.0.2)S

Cisco IOS 12.0(8)

Cisco IOS 12.0(7.4)S

Cisco IOS 12.0(7)XK

Cisco IOS 12.0(7)T

Cisco IOS 12.0(7)SC

Cisco IOS 12.0(7)S1

Cisco IOS 12.0(5.1)XP

Cisco IOS 12.0(5)XK

Cisco IOS 12.0(5)T1

Cisco IOS 12.0(5)T

Cisco IOS 12.0(18)S

Cisco IOS 12.0(17)S

Cisco IOS 12.0(17)

Cisco IOS 12.0(16.06)S

Cisco IOS 12.0(16)W5(21)

Cisco IOS 12.0(15)S3

Cisco IOS 12.0(14)W5(20)

Cisco IOS 12.0(14)ST

Cisco IOS 12.0(13)W5(19c)

Cisco IOS 12.0(10)W5(18g)

Cisco IOS 12.0(10)W5

Cisco IOS 12.0 (3)

Cisco IOS 12.0 (19)

Cisco IOS 12.0

Cisco IOS 11.3XA

Cisco IOS 11.3WA4

Cisco IOS 11.3T

Cisco IOS 11.3NA

Cisco IOS 11.3MA

Cisco IOS 11.3HA

Cisco IOS 11.3DB

Cisco IOS 11.3DA

Cisco IOS 11.3AA

Cisco IOS 11.3.1T

Cisco IOS 11.3.1ED

Cisco IOS 11.3.11b

Cisco IOS 11.2.9XA

Cisco IOS 11.2.9P

Cisco IOS 11.2.8SA5

Cisco IOS 11.2.8SA3

Cisco IOS 11.2.8SA1

Cisco IOS 11.2.8P

Cisco IOS 11.2.4F1

Cisco IOS 11.2.4F

Cisco IOS 11.2.10BC

Cisco IOS 11.2(9)XA

Cisco IOS 11.2(4)XAf

Cisco IOS 11.2(4)XA

Cisco IOS 11.2(4)

Cisco IOS 11.2(19)GS0.2

Cisco IOS 11.2(17)

Cisco IOS 11.2 (26a)

Cisco IOS 11.2

Cisco IOS 11.1IA

Cisco IOS 11.1CT

Cisco IOS 11.1CC

Cisco IOS 11.1CA

Cisco IOS 11.1AA

Cisco IOS 11.1.9IA

Cisco IOS 11.1.7CA

Cisco IOS 11.1.7AA

Cisco IOS 11.1.17CT

Cisco IOS 11.1.17CC

Cisco IOS 11.1.16IA

Cisco IOS 11.1.16AA

Cisco IOS 11.1.16

Cisco IOS 11.1.15IA

Cisco IOS 11.1.15CA

Cisco IOS 11.1.15AA

Cisco IOS 11.1.15

Cisco IOS 11.1.13IA

Cisco IOS 11.1.13CA

Cisco IOS 11.1.13AA

Cisco IOS 11.1.13

Cisco IOS 11.1(36)CC2

Cisco IOS 11.1 (24a)

Cisco IOS 11.1

安全系統：

Cisco IOS 12.1 (1)T

Cisco IOS 12.1 (1)DC

Cisco IOS 12.1 (1)DB

Cisco IOS 12.1 (1)

Cisco IOS 12.0 (19)ST

Cisco IOS 12.0 (19)S

漏洞報告人：

FX （fx@phenoelit.de）

漏洞描述：

BUGTRAQ ID: 6895

CVE(CAN) ID: CVE-2003-0100

Internet Operating System (IOS)是一款使用于CISCO路由器上的操作系統。

CISCO IOS在處理畸形OSPF包時存在緩沖區溢出，遠程攻擊者可以利用這個漏洞可能在設備上執行惡意指令及進行惡意拒絕服務攻擊。

部分Cisco IOS版本中包含的OSPF實現在一個接口上接收到超過255個OSPF鄰居的通告時，會發生IO內存結構破壞，FX of Phenoelit研究提供了利用這個漏洞在路由器上執行惡意代碼及的程序。

Cisco Bug CSCdp58462對此漏洞進行了具體描述。

測試方法：

無

解決方法：

臨時解決方法：

假如您不能馬上安裝補丁或者升級，NSFOCUS建議您采取以下措施以降低威脅：

* 在路由器上配置使用OSPF md5驗證。

* 設置正確的訪問控制答應部分OSPF鄰居訪問：

access-list 100 permit ospf host a.b.c.x host 224.0.0.5

access-list 100 permit ospf host a.b.c.x host interface_ip

access-list 100 permit ospf host a.b.c.y host 224.0.0.5

access-list 100 permit ospf host a.b.c.y host interface_ip

access-list 100 permit ospf host a.b.c.z host 224.0.0.5

access-list 100 permit ospf host a.b.c.z host interface_ip

access-list 100 permit ospf any host 224.0.0.6

access-list 100 deny ospf any any

access-list 100 permit ip any any

廠商補丁：

Cisco

-----

Cisco IOS版本11.1 - 12.0存在此漏洞，Cisco在如下IOS版本中已經修補此漏洞：

12.0(19)S

12.0(19)ST

12.1(1)

12.1(1)DB

12.1(1)DC

12.1(1)T

及之后的版本。

http://www.cisco.com/warp/public/707/advisory.Html

上一篇：Cisco IOS Service Assurance Agent畸形包遠程拒絕服務攻擊漏洞

下一篇：Cisco IOS OSPF路由表破壞漏洞