|
信息提供: |
安全公告(或线索)提供热线:51cto.editor@gmail.com |
|
漏洞类别: |
远程拒绝服务攻击漏洞 |
|
攻击类型: |
远程攻击 |
|
发布日期: |
2002-06-27 |
|
更新日期: |
2002-07-05 |
|
受影响系统: |
Cisco Catalyst 6000 7.1(2)
Cisco Catalyst 6000 7.1
Cisco Catalyst 6000 6.3(4)
Cisco Catalyst 6000 6.3(0.7)PAN
Cisco Catalyst 6000 6.2(0.111)
Cisco Catalyst 6000 6.2(0.110)
Cisco Catalyst 6000 6.1(2.13)
Cisco Catalyst 6000 6.1(1c)
Cisco Catalyst 6000 6.1(1b)
Cisco Catalyst 6000 6.1(1a)
Cisco Catalyst 6000 6.1(1)
Cisco Catalyst 6000 5.5(4b)
Cisco Catalyst 6000 5.5(4a)
Cisco Catalyst 6000 5.5(4)
Cisco Catalyst 6000 5.5(3)
Cisco Catalyst 6000 5.5(2)
Cisco Catalyst 6000 5.5(1)
Cisco Catalyst 6000 5.5
Cisco Catalyst 6000 5.4.1
Cisco Catalyst 6000 5.4(4)
Cisco Catalyst 6000 5.4(3)
Cisco Catalyst 6000 5.4(2)
Cisco Catalyst 6000 5.4(1)
Cisco Catalyst 6000 5.4
Cisco Catalyst 6000 5.3(6)CSX
Cisco Catalyst 6000 5.3(5a)CSX
Cisco Catalyst 6000 5.3(5)CSX
Cisco Catalyst 6000 5.3(4)CSX
Cisco Catalyst 6000 5.3(3)CSX
Cisco Catalyst 6000 5.3(2)CSX
Cisco Catalyst 6000 5.3(1a)CSX
Cisco Catalyst 6000 5.3(1)CSX
Cisco IOS 12.2YH
Cisco IOS 12.2YG
Cisco IOS 12.2YF
Cisco IOS 12.2YD
Cisco IOS 12.2YC
Cisco IOS 12.2YB
Cisco IOS 12.2YA
Cisco IOS 12.2XW
Cisco IOS 12.2XT
Cisco IOS 12.2XS
Cisco IOS 12.2XR
Cisco IOS 12.2XQ
Cisco IOS 12.2XK
Cisco IOS 12.2XJ
Cisco IOS 12.2XI
Cisco IOS 12.2XH
Cisco IOS 12.2XG
Cisco IOS 12.2XF
Cisco IOS 12.2XE
Cisco IOS 12.2XD
Cisco IOS 12.2XB
Cisco IOS 12.2XA
Cisco IOS 12.2T
Cisco IOS 12.2DD
Cisco IOS 12.2
Cisco IOS 12.1YF
Cisco IOS 12.1YE
Cisco IOS 12.1YD
Cisco IOS 12.1YC
Cisco IOS 12.1XU
Cisco IOS 12.1XT
Cisco IOS 12.1XQ
Cisco IOS 12.1XP
Cisco IOS 12.1XM
Cisco IOS 12.1XL
Cisco IOS 12.1XJ
Cisco IOS 12.1XI
Cisco IOS 12.1XH
Cisco IOS 12.1XG
Cisco IOS 12.1XF
Cisco IOS 12.1XC
Cisco IOS 12.1XB
Cisco IOS 12.1T
Cisco IOS 12.1EC
Cisco IOS 12.1E
Cisco IOS 12.0XV
Cisco IOS 12.0XM
Cisco IOS 12.0XB
Cisco IOS 12.0ST
Cisco IOS 12.0SP
Cisco IOS 12.0S
Cisco PIX Firewall 6.2
Cisco PIX Firewall 6.1
Cisco PIX Firewall 6.0
Cisco PIX Firewall 5.3
Cisco PIX Firewall 5.2
Cisco CSS11000 Content Services Switch |
|
安全系统: |
无 |
|
漏洞报告人: |
Cisco Systems Product Security Incident Response Team |
|
漏洞描述: |
BUGTRAQ ID: 5114
CVE(CAN) ID: CVE-2002-1024
IOS是一款由CISCO公司分发的使用在CISCO路由器上的Internet操作系统。
IOS系统中的SSH实现在处理超大SSH包时存在漏洞,远程攻击者可以利用这个漏洞进行拒绝服务攻击。
当处理超大的信息包时,SSH进程会消耗大部分CPU指令周期,导致对正常通信停止响应,产生拒绝服务。在某些情况下可能导致CISCO设备重启动。
此问题主要存在于ssh1守护程序中所带的一段代码中存在一个整数溢出问题。问题出在deattack.c,由于在detect_attack()函数中错误的将一个16位的无符号变量当成了32位变量来使用,导致表索引溢出问题而产生拒绝服务攻击。
具体可参考SSH1 守护程序crc32补偿攻击检测安全漏洞( http://security.nsfocus.com/showQuery.asp?bugID=1262 )
|
|
测试方法: |
无 |
|
解决方法: |
临时解决方法:
如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁:
* 在边界网络中使用访问限制控制所有SSH连接。
* 每一个独立的设备只允许合法的IP地址进行访问,并阻塞所有来自其他IP的SSH连接。
厂商补丁:
Cisco
-----
Cisco已经为此发布了一个安全公告(Cisco-SSH-Scan)以及相应补丁:
Cisco-SSH-Scan:Scanning for SSH Can Cause a Crash
链接:http://www.cisco.com/warp/public/707/SSH-scanning.shtml
补丁下载:
CISCO已经提供PIX和IOS固件的升级版本,具体升级列表请参看:
http://www.cisco.com/warp/public/707/SSH-scanning.shtml#Software
|
