COMMAND
Cisco
SYSTEMS AFFECTED
Cisco IOS 12.1(2)T, 12.1(3)T and limited deployment releases based on those versions
PROBLEM
Following is based on a Cisco Security Advisory. Security
Scanning software can cause a memory error in Cisco IOS Software
that will cause a reload to occur. This vulnerability affects
only Cisco IOS software version 12.1(2)T and 12.1(3)T, and limited
deployment releases based on those versions.
The security scanner makes TCP connection attempts to various
ports, looking for open ports to further investigate known
vulnerabilities with those services associated with certain ports.
However, a side effect of the tests exposes the defect described
in this security advisory, and the router will reload unexpectedly
as soon as it receives a request to review or write the
configuration file. This defect is documented as Cisco Bug ID
CSCds07326.
It is impossible to list all Cisco products in this notice; the
lists below include only the most commonly used or most
asked-about products. If you are unsure whether your device is
running Cisco IOS software, log into the device and issue the
command show version. Cisco IOS software will identify itself
simply as "IOS" or "Internetwork Operating System Software".
Other Cisco devices either will not have the show version command,
or will give different output.
Cisco devices that run Cisco IOS software include the following:
* Cisco routers in the AGS/MGS/CGS/AGS+, IGS, RSM, 8xx, ubr9xx,
1xxx, 25xx, 26xx, 30xx, 36xx, 38xx, 40xx, 45xx, 47xx, AS52xx,
* AS53xx, AS58xx, 64xx, 70xx, 72xx (including the ubr72xx), 75xx,
and 12xxx series.
* Most recent versions of the LS1010 ATM switch.
* Some versions of the Catalyst 2900XL LAN switch.
* The Cisco DistributedDirector.
An attempt to make a TCP connection to ports 3100-3999, 5100-5999,
7100-7999, and 10100-10999 will cause the router to unexpectedly
reload at the next show running-config, or write memory, or any
command that causes the configuration file to be accessed. Cisco
IOS software cannot be configured to support any services that
might listen at those port addresses, and cannot be configured to
accept connections on those ports, however, connection attempts
to these ports in the affected version will cause memory
corruption, later leading to an unexpected reload.
Software packages are available from various commercial and free
sites that perform automated remote tests for computer security
vulnerabilities by scanning computers on a network for known
security flaws. A common log message in environments that
experienced security scan related crashes was the "attempt to
connect to RSHELL" error message. This problem was introduced in
12.1(1.3)T, and is identified by Cisco Bug ID CSCds07326.
The described defect can be used to mount a denial of service
(DoS) attack on any vulnerable Cisco product, which may result in
violations of the availability aspects of a customer's security
policy. This defect by itself does not cause the disclosure of
confidential information nor allow unauthorized access.
SOLUTION
This defect was introduced in version 12.1(1.3)T, and is repaired
in the following versions which are based on the 12.1(2)T and
12.1(3)T releases.
The following table summarizes the Cisco IOS software releases
that are known to be affected, and the earliest estimated dates
of availability for the recommended fixed versions.
+===========================================================================+
| Major Description or |
| Release Platform Availability of Repaired Releases* |
+===========================================================================+
| Unaffected Earlier Releases Rebuild Interim** Maintenance |
+===========================================================================+
|12.0 and | | | |
|earlier, |Not |Not |Not |
|all Numerous |vulnerable |vulnerable |vulnerable |
|variants | | | |
+===========================================================================+
| 12.1-based Releases | Rebuild | Interim** | Maintenance |
+===========================================================================+
| General | | | |
|12.1 Deployment (GD) |Not |Not |Not |
| candidate: all |vulnerable |vulnerable |vulnerable |
| platforms | | | |
+----------+------------------+------------+-------------+------------------+
|12.1AA Dial Support |Not |Not |Not |
| |Vulnerable |Vulnerable |Vulnerable |
+----------+------------------+------------+-------------+------------------+
|12.1CX Core/ISP support:|Not |Not |Not |
| GSR, RSP, C7200 |Vulnerable |Vulnerable |Vulnerable |
+----------+------------------+------------+-------------+------------------+
|12.1DA xDSL Support: |Not |Not |Not |
| 6100, 6200 |Vulnerable |Vulnerable |Vulnerable |
+----------+------------------+------------+-------------+------------------+
| Cisco 6400 | | | |
|12.1DB Universal Access | | |12.1(4)DB |
| Concentrator | | | |
+----------+------------------+------------+-------------+------------------+
|12.1DC xDSL NRP support:| | |12.1(4)DC |
| c6400r | | | |
+----------+------------------+------------+-------------+------------------+
|12.1E Core/ISP Support:|Not |Not |Not |
| GSR, RSP, c7200 |Vulnerable |Vulnerable |Vulnerable |
+----------+------------------+------------+-------------+------------------+
| Early Deployment | | | |
|12.1EC (ED): ubr7200, |Not |Not |Not |
| UBR Headend |Vulnerable |Vulnerable |Vulnerable |
| platforms | | | |
+----------+------------------+------------+-------------+------------------+
|12.1EX Catalyst 6000 |Not |Not |Not |
| |Vulnerable |Vulnerable |Vulnerable |
+----------+------------------+------------+-------------+------------------+
|12.1EY Catalyst 8510, |Not |Not |Not |
| 8540, LS1010 |Vulnerable |Vulnerable |Vulnerable |
+----------+------------------+------------+-------------+------------------+
| New technology | | | |
|12.1T Early Deployment | |12.1(4.3)T |12.1(5)T |
| (ED): all | | | |
| platforms | | | |
+----------+------------------+------------+-------------+------------------+
| Early Deployment | | | |
|12.1XA (ED): limited |Not |Not |Not |
| platforms |Vulnerable |Vulnerable |Vulnerable |
+----------+------------------+------------+-------------+------------------+
| Early Deployment | | | |
|12.1XB (ED): limited | | |12.2(1) |
| platforms | | | |
+----------+------------------+------------+-------------+------------------+
| Early Deployment | | | |
|12.1XC (ED): limited | | |12.2(1) |
| platforms | | | |
+----------+------------------+------------+-------------+------------------+
| Early Deployment | | | |
|12.1XD (ED): limited |Not |Not |Not |
| platforms |Vulnerable |Vulnerable |Vulnerable |
+----------+------------------+------------+-------------+------------------+
| Early Deployment | | | |
|12.1XE (ED): limited | | |12.2(1) |
| platforms | | | |
+----------+------------------+------------+-------------+------------------+
| Early Deployment | | | |
|12.1XF (ED): limited | | |12.2(1) |
| platforms | | | |
+----------+------------------+------------+-------------+------------------+
| Early Deployment | | | |
|12.1XG (ED): limited | | |12.2T*** |
| platforms | | | |
+----------+------------------+------------+-------------+------------------+
| Early Deployment | | | |
|12.1XH (ED): limited | | |12.2(1) |
| platforms | | | |
+----------+------------------+------------+-------------+------------------+
| Early Deployment | | | |
|12.1XI (ED): limited | | |12.2(1) |
| platforms | | | |
+----------+------------------+------------+-------------+------------------+
| Early Deployment | | | |
|12.1XJ (ED): limited | | |12.2T*** |
| platforms | | | |
+----------+------------------+------------+-------------+------------------+
| Early Deployment | | | |
|12.1XK (ED): limited | | |12.2(1) |
| platforms | | | |
+----------+------------------+------------+-------------+------------------+
| Early Deployment | | | |
|12.1XL (ED): limited | | |12.2(1) |
| platforms | | | |
+----------+------------------+------------+-------------+------------------+
| Early Deployment | | | |
|12.1XM (ED): limited |Not |Not |Not |
| platforms |Vulnerable |Vulnerable |Vulnerable |
+----------+------------------+------------+-------------+------------------+
| Early Deployment | | | |
|12.1XP (ED): limited | | |12.2T*** |
| platforms | | | |
+----------+------------------+------------+-------------+------------------+
| Early Deployment | | | |
|12.1XQ (ED): limited | | |12.2T*** |
| platforms | | | |
+----------+------------------+------------+-------------+------------------+
| Early Deployment | | | |
|12.1XR (ED): limited |Not |Not |Not |
| platforms |Vulnerable |Vulnerable |Vulnerable |
+----------+------------------+------------+-------------+------------------+
| Early Deployment | | | |
|12.1XS (ED): limited | | |12.1(5)XS |
| platforms | | | |
+----------+------------------+------------+-------------+------------------+
| Early Deployment | | | |
|12.1XT (ED): limited | | |12.2T*** |
| platforms | | | |
+----------+------------------+------------+-------------+------------------+
| Early Deployment | | | |
|12.1XU (ED): limited |Not |Not |Not |
| platforms |Vulnerable |Vulnerable |Vulnerable |
+----------+------------------+------------+-------------+------------------+
| Early Deployment | | | |
|12.1XV (ED): limited |Not |Not |Not |
| platforms |Vulnerable |Vulnerable |Vulnerable |
+----------+------------------+------------+-------------+------------------+
| Early Deployment | | | |
|12.1XW (ED): limited |Not |Not |Not |
| platforms |Vulnerable |Vulnerable |Vulnerable |
+----------+------------------+------------+-------------+------------------+
| Early Deployment | | | |
|12.1XX (ED): limited |Not |Not |Not |
| platforms |Vulnerable |Vulnerable |Vulnerable |
+----------+------------------+------------+-------------+------------------+
| Early Deployment | | | |
|12.1XY (ED): limited |Not |Not |Not |
| platforms |Vulnerable |Vulnerable |Vulnerable |
+----------+------------------+------------+-------------+------------------+
| Early Deployment | | | |
|12.1XZ (ED): limited |Not |Not |Not |
| platforms |Vulnerable |Vulnerable |Vulnerable |
+----------+------------------+------------+-------------+------------------+
| Early Deployment | | | |
|12.1YA (ED): limited |Not |Not |Not |
| platforms |Vulnerable |Vulnerable |Vulnerable |
+----------+------------------+------------+-------------+------------------+
| Early Deployment | | | |
|12.1YB (ED): limited |Not |Not |Not |
| platforms |Vulnerable |Vulnerable |Vulnerable |
+----------+------------------+------------+-------------+------------------+
| Early Deployment | | | |
|12.1YC (ED): limited |Not |Not |Not |
| platforms |Vulnerable |Vulnerable |Vulnerable |
+----------+------------------+------------+-------------+------------------+
| Early Deployment | | | |
|12.1YD (ED): limited |Not |Not |Not |
| platforms |Vulnerable |Vulnerable |Vulnerable |
+===========================================================================+
| Notes |
+===========================================================================+
|* All dates are estimated and subject to change. |
| |
|** Interim releases are subjected to less rigorous testing than |
|regular maintenance releases, and may have serious bugs. |
| |
|*** This release does not have a rebuild solution. Customers should |
|upgrade to 12.2T when it becomes available. This is not a misprint. |
+===========================================================================+