[NEWS] Data Leak in UDP Echo Service

• Previous message: SecuriTeam: "[TOOL] THC-Vmap, Version Mapper Tool"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: list@securiteam.com
Date: 10 Aug 2003 16:45:17 +0200

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

Get Thawte's New Step-by-Step SSL Guide for MSIIS

In this guide you will find out how to test, purchase, install
and use a Thawte Digital Certificate on your MSIIS web server.
Throughout, best practices for set-up are highlighted to help you
ensure efficient ongoing management of your encryption keys and digital
certificates. Get your copy of this new guide now:
http://ad.doubleclick.net/clk;5903126;8265119;j

- - - - - - - - -

  Data Leak in UDP Echo Service
------------------------------------------------------------------------

SUMMARY

If the udp-small-servers command is enabled, a Cisco IOS software device
may reply to malformed UDP echo packets with some of the contents stored
in a router's memory. By repeatedly sending malformed UDP echo packets and
capturing the replies, an attacker can obtain portions of the data that is
stored in a router's memory.

Workarounds are available to mitigate the effects.

DETAILS

Fixed Software:
This vulnerability has been fixed by the Cisco Bug ID CSCdk77834
(registered customers only). Below are the first Cisco IOS software
releases that are not affected by this vulnerability:
 * 12.0(3.2)
 * 12.0(3.3)S
 * 12.0(3.4)T
 * 12.0(3.6)W5(9.0.5)
 * 12.1, 12.2, and 12.3-based images are not affected.

Workaround:
The workaround is to disable udp-small-services. The syntax for this
command on routers and switches running Cisco IOS software is as follows:

no service udp-small-servers

The udp-small-servers command is disabled by default since Cisco IOS
Software Release 11.2(1).

It is always recommended to disable unnecessary services on routers and
switches. Refer to Improving Security on Cisco Routers for more
information on improving router security.

Exploit:
The exploit can also be downloaded:
<http://www.phenoelit.de/ultimaratio/iosniff.tgz>
http://www.phenoelit.de/ultimaratio/iosniff.tgz

ADDITIONAL INFORMATION

The original advisory can be downloaded from:
<http://www.cisco.com/warp/public/707/cisco-sn-20030731-ios-udp-echo.shtml> http://www.cisco.com/warp/public/707/cisco-sn-20030731-ios-udp-echo.shtml.

The information has been provided by <mailto:fx@phenoelit.de> FX and
Cisco Product Security.

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

• Previous message: SecuriTeam: "[TOOL] THC-Vmap, Version Mapper Tool"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]