Cisco IOS Service Assurance Agent畸形包远程拒绝服务攻击漏洞

·细胞分裂4-游侠精华问答集 Tom Clancys ·常用手持设备的use-agent头信息·细胞分裂4-剧情全功略 Splinter Cell Do·Trojan.DL.VBS.Agent.q·JS.DL.Agent.j·Trojan.Agent.dzy·Trojan.Dropper.Agent.b·Trojan.DL.Agent.dzb·Dropper.Agent.ag·Dropper.Agent.dkl

信息提供：

安全公告（或线索）提供热线：[email protected]

漏洞类别：

有效性检查错误

攻击类型：

拒绝服务攻击

发布日期：

2003-05-15

更新日期：

2003-05-20

受影响系统：

Cisco 1000 Cisco 12000 Cisco 1400 Cisco 1500 Cisco 1600 Cisco 1700 Cisco 2500 Cisco 2600 Cisco 3000 Cisco 3600 Cisco 3800 Cisco 4000 Cisco 4500 Cisco 4700 Cisco 6400 Cisco 6400 Cisco 6400 NRP2 Cisco 7000 Cisco 7200 Cisco 800 Cisco IOS 12.2 YHCisco IOS 12.2 YGCisco IOS 12.2 YFCisco IOS 12.2 YCCisco IOS 12.2 YBCisco IOS 12.2 YACisco IOS 12.2 XMCisco IOS 12.2 XLCisco IOS 12.2 XKCisco IOS 12.2 XJCisco IOS 12.2 XICisco IOS 12.2 XHCisco IOS 12.2 XECisco IOS 12.2 XDCisco IOS 12.2 XCCisco IOS 12.2 SCisco IOS 12.2 MBCisco IOS 12.2 DACisco IOS 12.2 BZCisco IOS 12.2 BYCisco IOS 12.2 BCCisco IOS 12.2 (7a)Cisco IOS 12.2 (7)DACisco IOS 12.2 (7)Cisco IOS 12.2 (4)BCisco IOS 12.2Cisco IOS 12.1 YCCisco IOS 12.1 YBCisco IOS 12.1 XGCisco IOS 12.1 XFCisco IOS 12.1 EYCisco IOS 12.1 EXCisco IOS 12.1 EWCisco IOS 12.1 ECCisco IOS 12.1 EACisco IOS 12.1 ECisco IOS 12.1 (12b)Cisco IOS 12.1 (11b)Cisco IOS 12.1 (11)Cisco IOS 12.1 (10a)Cisco IOS 12.1 (10)ECisco IOS 12.1 (10)ECisco IOS 12.1 (10)ECisco IOS 12.1Cisco IOS 12.0 XECisco IOS 12.0 WCCisco IOS 12.0 SYCisco IOS 12.0 SXCisco IOS 12.0 STCisco IOS 12.0 SPCisco IOS 12.0 SLCisco IOS 12.0 SCCisco IOS 12.0 SCisco IOS 12.0 (21)SCisco IOS 12.0 (21)SCisco IOS 12.0 (21)SCisco IOS 12.0 (19)SCisco IOS 12.0 (19)SCisco IOS 12.0 (18)SCisco IOS 12.0 (17)SCisco Router 770.0Cisco Router 760.0Cisco Router 7500.0Cisco Router 750.0Cisco Router 7200.0Cisco Router 7100.0Cisco Router 6600.0Cisco Router 4000.0Cisco Router 3660.0Cisco Router 3600.0Cisco Router 2600.0Cisco Router 2500.0

安全系统：

无

漏洞报告人：

Cisco Security Advisory

漏洞描述：

BUGTRAQ ID: 7607Service Assurance Agent (SAA)在CISCO系统中是原来"响应时间报告器Response Time Reporter (RTR)"的新名称。CISCO路由器在处理畸形Service Assurance Agent包时存在问题，远程攻击者可以利用这个漏洞对设备进行拒绝服务攻击。RTR允许用户监视网络性能，网络资源和通过衡量响应时间来判断应用程序性能，利用这个特征可以进行故障排除，问题通告，问题分析等操作。攻击者通过发送畸形Service Assurance Agent包，可导致使用RTR的设备崩溃，停止对正常通信的响应。要验证是否似乎用了RTR responder，可使用如下命令验证：Router>show rtr responder RTR Responder is: Enabled Number of control messages received: 0 Number of errors: 0 Recent sources: Recent error sources:如果注意到 有"RTR Responder is: Enabled," 一行，说明你的设备存在此漏洞。用户也可以使用如下过程：Router>show ip socket show ip socket Proto Remote Port Local Port In Out Stat TTY OutputIF .... 17 0.0.0.0 0 10.0.0.1 1967 0 0 89 0注意到如果路由器监听1967端口，说明你的设备存在此漏洞。此漏洞CISCO BUG ID为：CSCdx17916和CSCdx61997。

测试方法：

无

解决方法：

临时解决方法：如果您不能立刻安装补丁或者升级，NSFOCUS建议您采取以下措施以降低威胁：* 使用如下命令不使用RTR：Router#conf t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#no rtr responder Router(config)#exit Router#copy running-config startup-config 或设置规则过滤来自不信任网络到UDP 1967的端口：Router#conf t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#access-list 101 deny udp any any eq 1967 Router(config)#interface eth0 Router(config)#ip access-group 101 in厂商补丁：Cisco-----Cisco已经为此发布了一个安全公告（cisco-sa-20030515-saa）以及相应补丁:cisco-sa-20030515-saa：Cisco Security Advisory:燙isco Security Advisory: Cisco IOS Software Processing of SAA Packets 链接：http://www.cisco.com/warp/public/707/cisco-sa-20030515-saa.shtml联系供应商升级固件：Cisco IOS 12.0 XE:Cisco Upgrade IOS 12.2Cisco IOS 12.0 WC:Cisco Upgrade IOS 12.0(5)WCahttp://www.cisco.com/Cisco IOS 12.0 SY:Cisco Upgrade IOS 12.0(22)SYhttp://www.cisco.com/Cisco IOS 12.0 ST:Cisco Upgrade IOS 12.0(19)ST5Cisco Upgrade IOS 12.0(21)ST2Cisco IOS 12.0 SL:Cisco Upgrade IOS 12.0STCisco Upgrade IOS 12.0SCisco IOS 12.0 SC:Cisco Upgrade IOS 12.1ECCisco IOS 12.0 S:Cisco Upgrade IOS 12.0(21)S3Cisco IOS 12.1 YC:Cisco Upgrade IOS 12.1(4)Thttp://www.cisco.com/Cisco IOS 12.1 YB:Cisco Upgrade IOS 12.1(2)Thttp://www.cisco.com/Cisco IOS 12.1 XG:Cisco Upgrade IOS 12.2Cisco Upgrade IOS 12.1(1)Thttp://www.cisco.com/Cisco IOS 12.1 XF:Cisco Upgrade IOS 12.2Cisco IOS 12.1 EX:Cisco Upgrade IOS 12.1(11b)EXhttp://www.cisco.com/Cisco IOS 12.1 EW:Cisco Upgrade IOS 12.1(11b)EW(0.46)http://www.cisco.com/Cisco Upgrade IOS 12.1(11b)EWhttp://www.cisco.com/Cisco IOS 12.1 EC:Cisco Upgrade IOS 12.1(12c)EChttp://www.cisco.com/Cisco IOS 12.1 EA:Cisco Upgrade IOS 12.1(8)EA1chttp://www.cisco.com/Cisco IOS 12.1 E:Cisco Upgrade IOS 12.1(13)Ehttp://www.cisco.com/Cisco IOS 12.1:Cisco Upgrade IOS 12.1(18)Cisco IOS 12.2 YH:Cisco Upgrade IOS 12.2(4)YHhttp://www.cisco.com/tacCisco IOS 12.2 YG:Cisco Upgrade IOS 12.2(4)YGhttp://www.cisco.com/tacCisco IOS 12.2 YC:Cisco Upgrade IOS 12.2(4)YC4http://www.cisco.com/tacCisco IOS 12.2 YA:Cisco Upgrade IOS 12.2(4)YA3http://www.cisco.com/tacCisco IOS 12.2 XL:Cisco Upgrade IOS 12.2(4)XL5http://www.cisco.com/tacCisco IOS 12.2 XK:Cisco Upgrade IOS 12.2(2)XK3http://www.cisco.com/tacCisco IOS 12.2 XC:Cisco Upgrade IOS 12.2(1a)XC5http://www.cisco.com/tacCisco IOS 12.2 S:Cisco Upgrade IOS 12.2(11.1)Shttp://www.cisco.com/tacCisco IOS 12.2 MB:Cisco Upgrade IOS 12.2(4)MB5http://www.cisco.com/tacCisco IOS 12.2 DA:Cisco Upgrade IOS 12.2(12)DAhttp://www.cisco.com/tacCisco IOS 12.2 BZ:Cisco Upgrade IOS 12.2(15)BZhttp://www.cisco.com/tacCisco IOS 12.2 (4)B:Cisco Upgrade IOS 12.2(13.3)Bhttp://www.cisco.com/tacCisco IOS 12.2:Cisco Upgrade IOS 12.2(10)http://www.cisco.com/tacCisco为所有受影响客户提供免费的软件升级来修正这些漏洞，客户只能获得和安装他们所购买的功能类别相关的技术支持。通过安装，下载，访问或使用这些软件升级，客户必须同意CISCO软件许可条例中的条例：http://www.cisco.com/public/sw-license-agreement.html或由Cisco连接在线软件中心的声明：http://www.cisco.com/public/sw-center/sw-usingswc.shtm.拥有服务合同的客户必须连接他们常规升级渠道获得由此公告指定的免费升级软件。对于大多数拥有服务合同的客户，这意味着升级必须通过CISCO全球WEB站软件中心获得：http://www.cisco.com/tacpage/sw-center/.要访问此下载URL，你必须是注册用户和必须登录后才能使用。事先或目前与第三方支持组织，如Cisco合作伙伴、授权零售商或服务商之间已有协议，由第三方组织提供Cisco产品或技术支持的用户可免费获得升级支持。直接从Cisco购买产品但没有Cisco服务合同的用户和由第三方厂商购买产品但无法从销售方获得已修复软件的用户可从Cisco技术支持中心(TAC)获取升级软件。TAC联系方法： * 1 800 553 2447 (北美地区免话费) * 1 408 526 7209 (全球收费) * e-mail: [email protected] 查看 http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml 获取额外的TAC联系信息，包括特别局部的电话号码，各种语言的指南和EMAIL地址。