Cisco IOS OSPF远程缓冲区溢出漏洞

·黑客：CCProxy远程溢出漏洞分析·利用IIS5远程溢出漏洞入侵·菜鸟版Expliot编写指南之PNP溢出漏洞分析·RealVNC剪贴板更新整数溢出漏洞·对Windows XP SP2溢出漏洞进行保护（上）·OpenSSH缓存溢出漏洞·对Windows XP SP2溢出漏洞进行保护（下）·GRE报文存在路由选项解析时溢出漏洞·IE6长URL缓冲区溢出漏洞(MS06-042)·IIS .ASP文件缓冲区溢出漏洞

信息提供：

安全公告（或线索）提供热线：[email protected]

漏洞类别：

溢出错误

攻击类型：

嵌入恶意代码

发布日期：

2003-02-20

更新日期：

2003-02-28

受影响系统：

Cisco IOS 12.0.7(T)Cisco IOS 12.0.4TCisco IOS 12.0.4SCisco IOS 12.0.3T2Cisco IOS 12.0.2XGCisco IOS 12.0.2XFCisco IOS 12.0.2XDCisco IOS 12.0.2XCCisco IOS 12.0.2Cisco IOS 12.0.1XECisco IOS 12.0.1XBCisco IOS 12.0.1XA3Cisco IOS 12.0.1WCisco IOS 12.0.1Cisco IOS 12.0(9)SCisco IOS 12.0(8.3)SCCisco IOS 12.0(8.0.2)SCisco IOS 12.0(8)Cisco IOS 12.0(7.4)SCisco IOS 12.0(7)XKCisco IOS 12.0(7)TCisco IOS 12.0(7)SCCisco IOS 12.0(7)S1Cisco IOS 12.0(5.1)XPCisco IOS 12.0(5)XKCisco IOS 12.0(5)T1Cisco IOS 12.0(5)TCisco IOS 12.0(18)SCisco IOS 12.0(17)SCisco IOS 12.0(17)Cisco IOS 12.0(16.06)SCisco IOS 12.0(16)W5(21)Cisco IOS 12.0(15)S3Cisco IOS 12.0(14)W5(20)Cisco IOS 12.0(14)STCisco IOS 12.0(13)W5(19c)Cisco IOS 12.0(10)W5(18g)Cisco IOS 12.0(10)W5Cisco IOS 12.0 (3)Cisco IOS 12.0 (19)Cisco IOS 12.0Cisco IOS 11.3XACisco IOS 11.3WA4Cisco IOS 11.3TCisco IOS 11.3NACisco IOS 11.3MACisco IOS 11.3HACisco IOS 11.3DBCisco IOS 11.3DACisco IOS 11.3AACisco IOS 11.3.1TCisco IOS 11.3.1EDCisco IOS 11.3.11bCisco IOS 11.2.9XACisco IOS 11.2.9PCisco IOS 11.2.8SA5Cisco IOS 11.2.8SA3Cisco IOS 11.2.8SA1Cisco IOS 11.2.8PCisco IOS 11.2.4F1Cisco IOS 11.2.4FCisco IOS 11.2.10BCCisco IOS 11.2(9)XACisco IOS 11.2(4)XAfCisco IOS 11.2(4)XACisco IOS 11.2(4)Cisco IOS 11.2(19)GS0.2Cisco IOS 11.2(17)Cisco IOS 11.2 (26a)Cisco IOS 11.2Cisco IOS 11.1IACisco IOS 11.1CTCisco IOS 11.1CCCisco IOS 11.1CACisco IOS 11.1AACisco IOS 11.1.9IACisco IOS 11.1.7CACisco IOS 11.1.7AACisco IOS 11.1.17CTCisco IOS 11.1.17CCCisco IOS 11.1.16IACisco IOS 11.1.16AACisco IOS 11.1.16Cisco IOS 11.1.15IACisco IOS 11.1.15CACisco IOS 11.1.15AACisco IOS 11.1.15Cisco IOS 11.1.13IACisco IOS 11.1.13CACisco IOS 11.1.13AACisco IOS 11.1.13Cisco IOS 11.1(36)CC2Cisco IOS 11.1 (24a)Cisco IOS 11.1

安全系统：

Cisco IOS 12.1 (1)TCisco IOS 12.1 (1)DCCisco IOS 12.1 (1)DBCisco IOS 12.1 (1)Cisco IOS 12.0 (19)STCisco IOS 12.0 (19)S

漏洞报告人：

FX （[email protected]）

漏洞描述：

BUGTRAQ ID: 6895CVE(CAN) ID: CVE-2003-0100Internet Operating System (IOS)是一款使用于CISCO路由器上的操作系统。CISCO IOS在处理畸形OSPF包时存在缓冲区溢出，远程攻击者可以利用这个漏洞可能在设备上执行恶意指令及进行恶意拒绝服务攻击。部分Cisco IOS版本中包含的OSPF实现在一个接口上接收到超过255个OSPF邻居的通告时，会发生IO内存结构破坏，FX of Phenoelit研究提供了利用这个漏洞在路由器上执行恶意代码及的程序。Cisco Bug CSCdp58462对此漏洞进行了详细描述。

测试方法：

无

解决方法：

临时解决方法：如果您不能立刻安装补丁或者升级，NSFOCUS建议您采取以下措施以降低威胁：* 在路由器上配置使用OSPF MD5验证。* 设置正确的访问控制允许部分OSPF邻居访问：access-list 100 permit ospf host a.b.c.x host 224.0.0.5 access-list 100 permit ospf host a.b.c.x host interface_ip access-list 100 permit ospf host a.b.c.y host 224.0.0.5 access-list 100 permit ospf host a.b.c.y host interface_ip access-list 100 permit ospf host a.b.c.z host 224.0.0.5 access-list 100 permit ospf host a.b.c.z host interface_ip access-list 100 permit ospf any host 224.0.0.6 access-list 100 deny ospf any any access-list 100 permit ip any any厂商补丁：Cisco-----Cisco IOS版本11.1 - 12.0存在此漏洞，Cisco在如下IOS版本中已经修补此漏洞：12.0(19)S12.0(19)ST12.1(1)12.1(1)DB12.1(1)DC12.1(1)T及之后的版本。http://www.cisco.com/warp/public/707/advisory.html