-----BEGIN PGP SIGNED MESSAGE-----

Dear Customer,

The Cisco Systems Product Security Incident Response Team has been notified
that the IDS sensor service pack version 3.1.1 software release has a 
security vulnerability in its newly introduced web server component.

This release was available from the Cisco Software Center from Friday, 2002
May 10 to Wednesday, 2002 May 15. According to our download logs, we believe
you may have downloaded this vulnerable release with the filename
"IDSk9-sp-3.1-1-S22.bin" during that period.

The vulnerability in the web server feature of the release allows certain
URLs to gain unauthorized view access to files on the file system.


If you have already upgraded to this release you have two options.

A) If you still want to use the web server feature then narrow down the IP
addresses, that will be allowed to connect to the device, via the ACL by 
following the steps below:
  1) Log in to the sensor as root and run 'sysconfig-sensor'.
  2) Select option '5' - Follow on-screen instructions to setup your ACL
  3) Exit out of sysconfig-sensor.
Note: This will not protect against spoofed packets but will prevent the 
      casual browser from exploiting the vulnerability.

B) Disable the web server by following the steps below:
  1) Log in to the sensor as root and run 'sysconfig-sensor'.
  2) Select option '11' - IDS Device Manager' and toggle the Current Mode to
     Disable.
  3) Exit out of sysconfig-sensor.
  4) Run 'cidServer version' to verify that the web server is not running.

Step by step instruction for the above two options are also available at 
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids8/13870_01.htm


The corrected software release of the sensor service pack having a new
version 3.1.2 and with the filename "IDSk9-sp-3.1-2-S23.bin" will be
available for download from the Cisco Software Center by Saturday, 2002 May
18 00:00 GMT.

We regret any aggravation or inconvenience that this error may have caused
you. Please take the necessary steps to protect yourself from this
vulnerability.

For customer support information regarding Cisco software products, please
contact the Cisco Technical Assistance Center (TAC) by e-mail to
"tac@cisco.com" or by telephone to (800)553-2447 (+1 408 526 7209 if calling
from outside North America).  Additional TAC contact information can be found
at http://www.cisco.com/warp/public/687/Directory.shtml .

Please direct comments and questions regarding the content of this notice to
the Cisco Systems Product Security Incident Response Team via e-mail to
"psirt@cisco.com".  Further information on Cisco's response to product
security issues and customer security incidents can be found at
http://www.cisco.com/go/psirt .

Sincerely,

Cisco Systems Product Security Incident Response Team
http://www.cisco.com/go/psirt

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8
Comment: Signed by Sharad Ahlawat, Cisco Systems PSIRT

iQEVAwUBPOQgVQ/VLJ+budTTAQGTRAgAiib67kh9NHI5wHnB4x41UgFtP20qUvtx
F05kPfHlh4R3VdQO8NN9aAgcfhrWgswTc0o6S91JTxlyMURP6OmG40Menwg2E2b1
Pr1isACUnkfrR1+YhWZSZ/T+LPvPYgHcIA54vHyQ2qBSO7uw5n0xTM5aOZMvNcgx
ntJJ4dQOF8/l3l1C+CGTTTnFtSMLqRH9IC3jZcpEwtyvb5CMFWeOgN3Uw+u6kdsh
/phmKezR5PVz4OogJ/MGJYg8vgkkXC+tIM5xDj6gGx3baAEo7I2orq+Cl5vvI0WW
R8+IJHhNM4ZCkkhj2TGAOyoj0TdEbAe6MlR14D3KSNgn039zHgsX+w==
=FiM1
-----END PGP SIGNATURE-----