RE: Cisco IOS Denial of Service that affects most Cisco IOS routers- requires power cycle to recover

From: Jeremy Junginger (jj_at_act.com)
Date: 07/17/03

  • Next message: Quarantine: "RE: Cisco IOS vulnerability"
    Date: Thu, 17 Jul 2003 11:46:22 -0700
    To: "Johnson, April" <apjohnson@seattleschools.org>, <incidents@securityfocus.com>
    
    

    Were you able to obtain any additional information about exactly what type of
    packets (and sequence) does this? It would make the ACL a lot cleaner. :-)

    -Jeremy

    -----Original Message-----
    From: Johnson, April [mailto:apjohnson@seattleschools.org]
    Sent: Wednesday, July 16, 2003 10:06 PM
    To: incidents@securityfocus.com
    Subject: Cisco IOS Denial of Service that affects most Cisco IOS routers-
    requires power cycle to recover

    For those with a CCO login:

    http://www.cisco.com/en/US/customer/products/hw/routers/ps341/products_s
    ecurity_advisory09186a00801a34c2.shtml

    Document ID: 44020
    Revision 1.0
    For Public Release 2003 July 17 at 0:00 UTC (GMT)

    ------------------------------------------------------------------------
    --------

    ------------------------------------------------------------------------
    --------

    Contents
    Summary
    Affected Products
    Details
    Impact
    Software Versions and Fixes
    Obtaining Fixed Software
    Workarounds
    Exploitation and Public Announcements
    Status of This Notice: INTERIM
    Distribution
    Revision History
    Cisco Security Procedures

    ------------------------------------------------------------------------
    --------

    Summary
    Cisco routers and switches running Cisco IOS(r) software and configured to
    process Internet Protocol version 4 (IPv4) packets are vulnerable to a Denial
    of Service (DoS) attack. A rare sequence of crafted IPv4 packets sent
    directly to the device may cause the input interface to stop processing
    traffic once the input queue is full. No authentication is required to
    process the inbound packet. Processing of IPv4 packets is enabled by default.
    Devices running only IP version 6 (IPv6) are not affected. A workaround is
    available.

    Cisco has made software available, free of charge, to correct the problem.

    This advisory is available at
    http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml.

    Affected Products
    This issue affects all Cisco devices running Cisco IOS software and
    configured to process Internet Protocol version 4 (IPv4) packets. Cisco
    devices which do not run Cisco IOS software are not affected. Devices which
    run only Internet Protocol version 6 (IPv6) are not affected.

    Details
    Cisco routers are configured to process and accept Internet Protocol version
    4 (IPv4) packets by default. A rare, specially crafted sequence of IPv4
    packets which is handled by the processor on a Cisco IOS device may force the
    device to incorrectly flag the input queue on an interface as full, which
    will cause the router to stop processing inbound traffic on that interface.
    This can cause routing protocols to drop due to dead timers.

    On Ethernet interfaces, Address Resolution Protocol (ARP) times out after a
    default time of four hours, and no traffic can be processed. The device must
    be rebooted to clear the input queue on the interface, and will not reload
    without user intervention. The attack may be repeated on all interfaces
    causing the router to be remotely inaccessible. A workaround is available,
    and is documented in the Workarounds section.

    The following two Cisco vulnerabilities are documented in DDTS. CSCea02355
    (registered customers only) affects all Cisco routers running Cisco IOS
    software. CSCdz71127 (registered customers only) was introduced by an earlier
    code revision. Any version of software which has the fix for CSCdx02283
    (registered customers only) is vulnerable.

    Registered customers can find more details using the Bug Toolkit at
    http://www.cisco.com/cgi-bin/Support/Bugtool/launch_bugtool.pl
    (registered customers only) .

    To identify a blocked input interface, use the show interfaces command and
    look for the Input Queue line. If the current size (in this case,
    76) is larger than the maximum size (75), the input queue is blocked.

    Router#show interface ethernet 0/0
    Ethernet0/0 is up, line protocol is up
      Hardware is AmdP2, address is 0050.500e.f1e0 (bia 0050.500e.f1e0)
      Internet address is 172.16.1.9/24
      MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec, rely 255/255, load 1/255
      Encapsulation ARPA, loopback not set, keepalive set (10 sec)
      ARP type: ARPA, ARP Timeout 04:00:00
      Last input 00:00:41, output 00:00:07, output hang never
      Last clearing of "show interface" counters 00:07:18
      Input queue: 76/75/1091/0 (size/max/drops/flushes); Total output
    drops: 0
                   ^^^^^^^^^^^^^^ ---> blocked
    Impact
    A device receiving these specifically crafted IPv4 packets will force the
    inbound interface to stop processing traffic. The device may stop processing
    packets destined to the router, including routing protocol packets and ARP
    packets. No alarms will be triggered, nor will the router reload to correct
    itself. This issue can affect all Cisco devices running Cisco IOS software.
    This vulnerability may be exercised repeatedly resulting in loss of
    availability until a workaround has been applied or the device has been
    upgraded to a fixed version of code.

    Software Versions and Fixes
    Each row of the table describes a release train and the platforms or products
    for which it is intended. If a given release train is vulnerable, then the
    earliest possible releases that contain the fix and the anticipated date of
    availability for each are listed in the Rebuild, Interim, and Maintenance
    columns. In some cases, no rebuild of a particular release is planned; this
    is marked with the label "Not scheduled." A device running any release in the
    given train that is earlier than the release in a specific column (less than
    the earliest fixed release) is known to be vulnerable, and it should be
    upgraded at least to the indicated release or a later version (greater than
    the earliest fixed release label).

    When selecting a release, keep in mind the following definitions:

    Maintenance

    Most heavily tested and highly recommended release of any label in a given
    row of the table.

    Rebuild

    Constructed from the previous maintenance or major release in the same train,
    it contains the fix for a specific vulnerability. Although it receives less
    testing, it contains only the minimal changes necessary to effect the repair.
    Cisco has made available several rebuilds of mainline trains to address this
    vulnerability, but strongly recommends running only the latest maintenance
    release on mainline trains.

    Interim

    Built at regular intervals between maintenance releases and receives less
    testing. Interims should be selected only if there is no other suitable
    release that addresses the vulnerability, and interim images should be
    upgraded to the next available maintenance release as soon as possible.
    Interim releases are not available through manufacturing, and usually they
    are not available for customer download from CCO without prior arrangement
    with the Cisco Technical Assistance Center (TAC).

    In all cases, customers should exercise caution to be certain the devices to
    be upgraded contain sufficient memory and that current hardware and software
    configurations will continue to be supported properly by the new release. If
    the information is not clear, contact the Cisco TAC for assistance, as shown
    in the section following this table.

    Train
     Description of Image or Platform
     Availability of Fixed Releases
     
    11.x-based Releases
     Rebuild
     Interim
     Maintenance
     
    11.1CA
       11.1(36)CA4**
         
    11.2
       11.2(26e)**
         
    11.2P
       11.2(26)P5**
         
    11.3
       Not scheduled
     
    11.3T
       Not scheduled
     
    12.0-based Releases
     Rebuild
     Interim
     Maintenance
     
    12.0
     General Deployment release for all platforms
         12.0(26)
     
    12.0DA
     xDSL support: 6100, 6200
     Migrate to 12.2DA; 12.2(10)DA2 - Aug-15-2003, 12.2(12)DA3 -
    Aug-22-2003: Engineering Specials available on request.
     
    12.0DB
     Early Deployment

    6400 UAC for NSP
     Migrate to 12.3(1a)
     
    12.0DC
     Early Deployment 6400 UAC for NRP
     Migrate to 12.3(1a)
     
    12.0S
     Core/ISP support: GSR, RSP, c7200, c10k
     12.0(24)S2, 12.0(23)S3, 12.0(22)S5, 12.0(21)S7, 12.0(19)S4, 12.0(18)S7,
    12.0(17)S7, 12.0(16)S10, 12.0(15)S7, 12.0(14)S8, 12.0(13)S8, 12.0(12)S4,
    12.0(10)S8
       12.0(25)S
     
    12.0SC
     Cable/broadband ISP: uBR7200
     Migrate to 12.1(19)EC
     
    12.0SL
     10000ESR: c10k
     Migrate to 12.0(23)S3, **12.0(17)SL9 - Jul-15-2003
     
    12.0SP
     Early Deployment
     Migrate to 12.0(22)S5
     
    12.0ST
     Early Deployment release for Core/ISP support: GSR, RSP, c7200 12.0(21)ST7,
    12.0(20)ST6, 12.0(19)ST6, 12.0(17)ST8
         
    12.0SX
     Early Deployment
     Migrate to 12.0(22)S5
     
    12.0SY
     Early Deployment
     Migrate to 12.0(23)S3
     
    12.0SZ
     Early Deployment
     Migrate to 12.0(23)S3
     
    12.0T
     Early Deployment
     12.0(7)T3**
         
    12.0W5
     85xx ls1010
         12.0(26)W5(28)
     
    c5atm
     12.0(24)W5(26a)
         
    Cat4232 and Cat2948G-L3
     12.0(25)W5(27)
         
    C6MSM,C5rsfc, C5rsm
     Engineering Special available on request
         
    C3620, C3640, C4500, C7200, RSP
           
    12.0WC
     Early deployment 2900XL-LRE,2900XL/3500XL; 2950 release 12.0(05)WC8
         
    12.0WT
     Early deployment Catalyst switches: cat4840g
     Engineering Special Available upon request
         
    12.0X(l)
     Short-lived Early Deployment Releases
     All 12.0X(any letter) releases have migrated to either 12.0T or 12.1 unless
    otherwise documented in the X release technical notes pertaining to the
    specific release. Please check migration paths for all 12.0X releases.
     
    12.1-based Releases
     Rebuild
     Interim
     Maintenance
     
    12.1
     General Deployment release for all platforms
       12.1(18.4)
     12.1(19)
     
    12.1AA
      Migrate to 12.2
     
    12.1AX
     Catalyst 3750
     12.1(14)EA1 - Engineering special available upon request
         
    12.1AY
     Catalyst 2940
         12.1(13)AY
     
    12.1DA
     6160 platform
     Migrate to 12.2DA
     
    12.1DB
     6400 UAC
     Migrate to 12.3(1a)
     
    12.1DC
     6400 UAC
     Migrate to 12.3(1a)
     
    12.1E
     Core Enterprise support - c7200, Catalyst 6000, RSP 12.1(8b)E14

    12.1(13)E7

    12.1(14)E4

    **12.1(12c)E7

    12.1(11b)E12- Aug-4-2003

    12.1(6)E12
       12.1(19)E
     
    12.1EA
     12.1(4)EA

    12.1(6)EA

    12.1(8)EA

    12.1(9)EA

    12.1(11)EA

    12.1(12c)EA

    12.1(13)EA
     Migrate to 12.1(13)EA1c
         
    12.1EB
     LS1010
         12.1(14)EB
     
    12.1EC
     Early Deployment
         12.1(19)EC (scheduled last week of July)
     
    12.1EV
     Early Deployment
         12.1(12c)EV
     
    12.1EW
     Early Deployment Cat4000 L3
         12.1(13)EW,12.1(19)EW
     
    12.1EX
     Early Deployment
     12.1(13)EX2
         
    12.1EY
       12.1(14)E4
         
    12.1YJ
       12.1(14)EA1 - Jul-28-2003
         
    12.1T
     Early Deployment
     12.1(5)T15**
         
    12.1X(l)
     12.1X releases generally migrate to 12.1T, 12.2 or 12.2T as specified below.
    Please refer to specific train Technical notes for documented migration path.
     
    12.1XA
     Short-lived Early Deployment Release
     Migrate to 12.1(5)T15
     
    12.1XC 12.1XD 12.1XH 12.1XI
     Short-lived Early Deployment Releases
     Migrate to12.2(17)
     
    12.1XB 12.1XF 12.1XG 12.1XJ 12.1XL 12.1XP 12.1XR 12.1XT 12.1YB 12.1YC 12.1YD
    12.1YH Short-lived Early Deployment Releases Migrate to 12.2(15)T5
     
    12.1XM 12.1XQ 12.1XV
     Short-lived Early Deployment Releases
     Migrate to 12.2(2)XB11
     
    12.1XU
     Short-lived Early Deployment Release
     Migrate to 12.2(4)T6
     
    12.1YE 12.1YF 12.1YI
     Short-lived Early Deployment Releases
     Migrate to 12.2(2)YC
     
    12.2-based Releases
     Rebuild
     Interim
     Maintenance
     
    12.2
     General Deployment (GD) candidate for all platforms
     12.2(16a), 12.2(12e), 12.2(10d)
       12.2(17)
     
    12.2B
     12.2(2)B-12.2(4)B7
     12.3(1a)
         
    12.2(4)B8-12.2(16)B
     12.2(16)B1
         
    12.2BC
     Early Deployment Release
     12.2(15)BC1 (Scheduled end of July)
         
    12.2BW
     Early Deployment for use with 7200, 7400, and 7411 platforms Migrate to
    12.3(1a)
         
    12.2BX
     Broadband/Leased line
         12.2(16)BX
     
    12.2BZ
     Early Deployment Release
     12.2(15)BZ1
         
    12.2CX
     Early Deployment Release
     Migrate to 12.1(15)BC1
     
    12.2CY
     Early Deployment Release
     Migrate to 12.1(15)BC1
     
    12.2DA
     Early Deployment Release
     12.2(10)DA2 - Jul-15-2003, 12.2(12)DA3 - Aug-22-2003 Engineering Special
    available on request
         
    12.2DD
     Early Deployment Release
     Migrate to 12.3(1a)
     
    12.2DX
     Early Deployment Release
     Migrate to 12.3(1a)
     
    12.2JA
     Cisco Aironet hardware platforms: Introduction of Access Point feature in
    IOS, Cisco 1100 Series Access Point (802.11b)
         12.2(11)JA
     
    12.2MB
     Specific Technology ED for 2600 7500 (GPRS/PDSN/GGSN 2600/7200/7500)
    12.2(4)MB12
         
    12.2MC
     Early Deployment: IP RAN
     12.2(13)MC1 CCO: 7/24/03
         
    12.2MX
       12.2(8)YD
         
    12.2S
     Core/ISP support: GSR, RSP, c7200
     12.2(14)S1
     12.2(16.5)S
       
    12.2SX
     IOS Support for C6500 Supervisor 3
     12.2(14)SX1
         
    12.2SY
     VPN feature release for c6k/76xx VPN service module 12.2(14)SY1, 12.2(8)YD
         
    12.2SZ
     7304 Platform
     12.2(14)SZ2
         
    12.2T
     New Technology Early Deployment (ED) release for all platforms
    12.2(15)T4/5,12.2(13)T5, 12.2(11)T9,12.2(8)T10, 12.2(4)T6 12.2(16.5)T No
    more maintenance trains for 12.2T are planned. Please migrate to the latest
    12.3 Mainline release.
     
    12.2X(l) 12.2Y(l)
     Short-lived Early Deployment Releases
     Many short-lived releases migrate to the same train; the trains below this
    point until the following section are not grouped by strict alphabetical
    order, but are grouped by migration path. Please review documented migration
    paths for your trains.
     
    12.2XA
     Short-lived Early Deployment Releases
     Migrate to 12.2(11)T9
     
    12.2XS
       12.2(2)XB11
     
    12.2XD 12.2XE 12.2XH 12.2XI 12.2XJ 12.2XK 12.2XL 12.2XM 12.2XQ 12.2XU 12.2XW
    12.2YA 12.2YB 12.2YC 12.2YF 12.2YG 12.2YH 12.2YJ 12.2YT Short-lived Early
    Deployment Releases Migrate to 12.2(15)T5
     
    12.2YN
     Short-lived Early Deployment Release
     Migrate to 12.2(13)ZH
     
    12.2YO
     Short-lived Early Deployment Release
     Migrate to 12.2(14)SY1 available Aug-4-2003: Engineering Special available
    on request
     
    12.2XB
     Early Deployment Release with continuing support
     12.2(2)XB11
         
    12.2XC
     Short-lived Early Deployment Release
     Migrate to 12.2(16)B1
     
    12.2XF
     Short-lived Early Deployment Release uBR10000
     Migrate to 12.2(15)BC1
     
    12.2XG
     Short-lived Early Deployment Release
     Migrate to 12.2(8)T10
     
    12.2XN 12.2XT
     Short-lived Early Deployment Releases
     Migrate to 12.2(11)T9
     
    12.2YD
     Short-lived Early Deployment Release
     Migrate to 12.2(8)YY
     
    12.2YP
     Short-lived Early Deployment Release
     **12.2(11)YP1
         
    12.2YK
       Migrate to 12.2(13)ZC
     
    12.2YL 12.2YM 12.2YU 12.2YV
     Short-lived Early Deployment Releases
     Migrate to 12.2(13)ZH
     
    12.2YQ 12.2YR
     Short-lived Early Deployment Releases
     Migrate to 12.2(15)ZL
     
    12.2YS
     Short-lived Early Deployment Release
     12.2(15)YS/1.2(1)
         
    12.2YW
     Short-lived Early Deployment Release
     12.2(8)YW2
         
    12.2YX
     Short-lived Early Deployment Release Crypto for 7100/7200 12.2(11)YX1
         
    12.2YY
     Short lived Early Deployment Releases IOS support for General Packet Radio
    Service 12.2(8)YY3
         
    12.2YZ
     Short-lived Early Deployment Release
     12.2(11)YZ2
         
    12.2ZA
     Short-lived Early Deployment Release
         12.2(14)ZA2
     
    12.2ZB
     Short-lived Early Deployment Release
     12.2(8)ZB7
         
    12.2ZC
     Short-lived Early Deployment Release
         12.2(13)ZC
     
    12.2ZD
     Short-lived Early Deployment Release
     Not Scheduled
         
    12.2ZE
     Short-lived Early Deployment Release
     12.3(1a)
         
    12.2ZF
     Short-lived Early Deployment Release
     Not Vulnerable
         
    12.2ZG
     Short-lived Early Deployment Release
     Not Vulnerable
         
    12.2ZH
     Short-lived Early Deployment Release
     Not Vulnerable
         
    12.2ZJ
     Short-lived Early Deployment Release
     12.2(15)ZJ1
         
    12.2ZL
     Short-lived Early Deployment Release
     Not Vulnerable
         
    12.3-based Releases
     NOT VULNERABLE
     

    Notes:

    ** Marked versions of code are not available on CCO. Please contact the Cisco
    TAC and request the specific images you need posted.

    Obtaining Fixed Software
    Customers with contracts should obtain upgraded software free of charge
    through their regular update channels. For most customers, this means that
    upgrades should be obtained through the Software Center on the Cisco
    worldwide website at http://www.cisco.com/tacpage/sw-center/sw-ios.html.

    Customers whose Cisco products are provided or maintained through prior or
    existing agreement with third-party support organizations such as Cisco
    Partners, authorized resellers, or service providers should contact that
    support organization for assistance with obtaining the free software
    upgrade(s).

    Customers who purchase direct from Cisco but who do not hold a Cisco service
    contract and customers who purchase through third-party vendors but are
    unsuccessful at obtaining fixed software through their point of sale should
    get their upgrades by contacting the Cisco Technical Assistance Center (TAC).
    TAC contacts are as follows.

    +1 800 553 2447 (toll free from within North America)

    +1 408 526 7209 (toll call from anywhere in the world)

    e-mail: tac@cisco.com

    Please have your product serial number available and give the URL of this
    notice as evidence of your entitlement to a free upgrade. Free upgrades for
    non-contract customers must be requested through the TAC.

    Please do not contact either "psirt@cisco.com" or "security-alert@cisco.com"
    for software upgrades.

    See http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml for
    additional TAC contact information, including special localized telephone
    numbers, instructions, and e-mail addresses for use in various languages.

    Workarounds
    AFTER APPLYING THE WORKAROUND the input queue depth may be raised with the
    hold-queue <new value> in interface command -- the default size is 75. This
    will allow traffic flow on the interface until the device can be reloaded.

    Cisco recommends that all IOS devices which process IPv4 packets be
    configured to block traffic directed to the router from any unauthorized
    source with the use of Access Control Lists (ACLs). This can be done at
    multiple locations, and it is recommended that you review all methods and use
    the combination which fits your network best. Legitimate traffic is defined
    as management protocols such as telnet, snmp or ssh, and configured routing
    protocols from explicitly allowed peers. All other traffic destined to the
    device should be blocked at the input interface. Traffic entering the network
    should also be carefully evaluated and filtered at the network edge if
    destined to an infrastructure device. Although network service providers must
    often allow unknown traffic to transit their network, it is not necessary to
    allow that same traffic destined to their network infrastructure. Several
    white papers have been written to assist in deploying these recommended
    security best practices.

    ACLs can have performance impact on certain platforms, so care should be
    taken when applying the recommended workarounds.

    Receive ACLs

    For distributed platforms, receive path access lists may be an option
    starting in Cisco IOS software versions 12.0(21)S2 for the c12000 and
    12.0(24)S for the c7500. The receive access lists protect the device from
    harmful traffic before the traffic can impact the route processor. The CPU
    load is distributed to the line card processors and helps mitigate load on
    the main route processor. The white paper entitled
    "GSR: Receive Access Control Lists" will help you identify and allow
    legitimate traffic to your device and deny all unwanted packets:

    http://www.cisco.com/warp/customer/707/racl.html

    Infrastructure ACLs

    Although it is often difficult to block traffic transiting your network, it
    is possible to identify traffic which should never be allowed to target your
    infrastructure devices and block that traffic at the border of your network.
    The white paper entitled "GSR: Receive Access Control Lists" presents
    guidelines and recommended deployment techniques for infrastructure
    protection ACLs:

    http://www.cisco.com/warp/customer/707/iacl.html

    Transit ACLs

    The two techniques described above protect infrastructure devices. This IP
    protocol ACL can also be used to filter transit traffic passing through a
    network. The ACL will need to permit all protocols used by end users, not
    just those destined to routers. Since end users can often run a wide array of
    protocols, often unexpected or uncommon protocols, these protocol
    requirements must be well understood prior to deploying this ACL. This
    access-list is applied inbound on edge facing interfaces. For complete
    protection this access-list needs to be implemented on the edge router.

    For basic TCP/UCP and ICMP, the following ACL will provide protection:

    access-list 101 permit tcp any any

    access-list 101 permit udp any any

    access-list 101 permit icmp any any

    access-list 101 permit gre any any /* GRE tunnel if required */

    access-list 101 permit esp any any /* IPSec ESP if required */

    access-list 101 permit ah any any /* IPSec AH if required */

    access-list 101 deny ip any any
    The last statement of the Transit ACL should be a deny any any for IP
    traffic. Prior to deploying ACLs that filter transit traffic, a
    classification ACL can be used to help identify required permit statements. A
    classification ACL is an ACL that permits a series of protocols. Displaying
    access-list entry hit counters helps determine required protocols: entries
    with zero packets counted are likely not required. Classification
    access-lists are detailed in the above link for infrastructure access-lists.

    Exploitation and Public Announcements
    The Cisco PSIRT is not aware of any public announcements or malicious use of
    the vulnerabilities described in this advisory. If PSIRT becomes aware of any
    sign of public announcement of the crafted packet, or there is any sign of
    exploitation of this vulnerability, a follow-up announcement will be sent to
    our standard distribution list immediately with further details to assist
    network administrators in mitigation.

    Status of This Notice: INTERIM
    This is an INTERIM notice. Although Cisco cannot guarantee the accuracy of
    all statements in this notice, all of the facts have been checked to the best
    of our ability. Cisco does not anticipate issuing updated versions of this
    advisory unless there is some material change in the facts. Should there be a
    significant change in the facts, Cisco will update this advisory.

    Distribution
    This notice will be posted on the Cisco worldwide website at
    http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml at 21:00
    GMT on July 17th, 2003. In addition to worldwide web posting, a text version
    of this notice is clear-signed with the Cisco PSIRT PGP key and will be
    posted to the following e-mail and Usenet news recipients at the public
    release date and time:

    cust-security-announce@cisco.com

    bugtraq@securityfocus.com

    full-disclosure@lists.netsys.com

    first-teams@first.org (includes CERT/CC)

    cisco@spot.colorado.edu

    cisco-nsp@puck.nether.net

    nanog@merit.edu

    sanog@sanog.org

    comp.dcom.sys.cisco

    Various internal Cisco mailing lists

    Future updates of this advisory, if any, will be placed on the Cisco
    worldwide web server. Users concerned about this problem are encouraged to
    check the URL given above for any updates.

    Revision History
    Revision 1.0
     17-July-2003 0:00 GMT
     Initial public release
     

    Cisco Security Procedures
    Complete information on reporting security vulnerabilities in Cisco products,
    obtaining assistance with security incidents, and registering to receive
    security information from Cisco, is available on the Cisco worldwide website
    at http://www.cisco.com/warp/public/707/sec_incident_response.shtml. This
    includes instructions for press inquiries regarding Cisco security notices.

    All Cisco Security Advisories are available at http://www.cisco.com/go/psirt.

    ------------------------------------------------------------------------
    --------

    This notice is Copyright 2003 by Cisco Systems, Inc. This notice may be
    redistributed freely after the release date given at the top of the text,
    provided that redistributed copies are complete and unmodified, and include
    all date and version information.

    ------------------------------------------------------------------------
    --------

    ------------------------------------------------------------------------
    --------
    Updated: Jul 16, 2003 Document ID: 44020

    ------------------------------------------------------------------------
    --------

     
     
     
     

        
    Customer Search:
     
     
     Site To SearchSearch All Cisco.comProducts & ServicesCisco RoutersCisco 7200
    Series Routers

     
     
      

     
      

      
         
        
     BUSINESS INDUSTRIES & SOLUTIONS | NETWORKING SOLUTIONS & PROVISIONED
    SERVICES | PRODUCTS & SERVICES | TECHNOLOGIES | ORDERING | TECHNICAL SUPPORT
    | LEARNING & EVENTS | PARTNERS & RESELLERS | ABOUT CISCO Home | Logged In |
    Profile | Contacts & Feedback | Help | Site Map
    (c) 1992-2003 Cisco Systems, Inc. All rights reserved. Important
    Notices, Privacy Statement, and Trademarks of Cisco Systems, Inc.

    ----------------------------------------------------------------------------
    Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the
    world's premier technical IT security event! 10 tracks, 15 training sessions,

    1,800 delegates from 30 nations including all of the top experts, from CSO's
    to
    "underground" security specialists. See for yourself what the buzz is about!

    Early-bird registration ends July 3. This event will sell out.
    www.blackhat.com
    ----------------------------------------------------------------------------

    This e-mail message and all attachments transmitted with it may be confidential
    and are intended solely for the addressee(s). If you are not the intended recipient
    or the person responsible for delivering it to the intended recipient, you are
    hereby notified that any reading, dissemination, distribution, copying, or other
    use of this message or its attachment(s) is strictly prohibited. If you receive
    this email in error, please immediately notify the sender of the message or
    Best Software, Inc. by e-mailing postmaster@bestsoftware.com and destroy all copies
    of this message. Best Software, for the protection of our internal systems and
    those of our customers, does block most email attachments.

    ----------------------------------------------------------------------------
    Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the
    world's premier technical IT security event! 10 tracks, 15 training sessions,
    1,800 delegates from 30 nations including all of the top experts, from CSO's to
    "underground" security specialists. See for yourself what the buzz is about!
    Early-bird registration ends July 3. This event will sell out. www.blackhat.com
    ----------------------------------------------------------------------------


  • Next message: Quarantine: "RE: Cisco IOS vulnerability"

    Relevant Pages