COMMAND
Cisco
SYSTEMS AFFECTED
Cisco
PROBLEM
Following is based on a Cisco Security Advisory. Point to Point
Tunneling Protocol (PPTP) allows users to tunnel to an Internet
Protocol (IP) network using a Point to Point Protocol (PPP). The
protocol is described in RFC2637.
PPTP implementation using Cisco IOSŪ software releases contains a
vulnerability that will crash a router if it receives a malformed
or crafted PPTP packet. No special conditions or router
configuration is required. This vulnerability is present in all
Cisco IOS releases that support PPTP protocol. PPTP is supported
in the following software releases:
* 12.1 train, releases: T, E, EZ, YA, YD and YC
* 12.2 train, all releases
No other Cisco product is vulnerable. To determine if a Cisco
product is running an affected IOS, log in to the device and
issue the command show version. Look for the "Internetwork
Operating System Software" or "IOS (tm)" information, which also
will have a version number. Other Cisco devices either will not
have the command "show version" or will give different output.
By sending a crafted PPTP packet to a port 1723, a control PPTP
port, it is possible to crash the router. This vulnerability
does not require special router configuration. Enabling PPTP is
sufficient to expose the vulnerability. The router will crash
after it receives a single packet.
This vulnerability is documented as Cisco Bug ID CSCdt46181.
By repeaditly exploiting this vulnerability it is possible to
cause permanent Denial of Service (DoS). This denial is not only
of the PPTP functionality but the whole router will stop
functioning.
SOLUTION
There is no workaround for this vulnerability. Each row of the
table describes a release train and the platforms or products for
which it is intended. If a given release train is vulnerable,
then the earliest possible releases that contain the fix and the
anticipated date of availability for each are listed in the
"Rebuild", "Interim", and "Maintenance" columns. A device
running a release in the given train that is earlier the release
in a specific column (less than the earliest fixed release) is
known to be vulnerable. The release should be upgraded at least
to the indicated release or a later version (greater than the
earliest fixed release label).
+--------+-----------------------------------------------------------------+
| | Description of Image |
| Train | or Platform Availability of Fixed Releases* |
+--------+---------------------------+------------+----------+-------------+
| 12.1-based Releases | Rebuild |Interim** | Maintenance |
+--------+---------------------------+------------+----------+-------------+
| 12.1E |Core/ISP support: GSR, | | | 12.1(8a)E |
| |RSP, c7200 | | | |
+--------+---------------------------+------------+----------+-------------+
| 12.1EZ |Early Deployment (ED): |12.1(6)EZ2 | | |
| |special image | | | |
+--------+---------------------------+------------+----------+-------------+
| |Early Deployment(ED): VPN, |Not Scheduled |
| 12.1T |Distributed Director, +-------------------------------------+
| |various platforms |Upgrade recommended to 12.2(3) |
+--------+---------------------------+------------+----------+-------------+
| | |Not Scheduled |
| 12.1YA |Short-lived early +-------------------------------------+
| |deployment release |Upgrade recommended to 12.2(2)XB |
+--------+---------------------------+------------+----------+-------------+
| 12.1YC |Short-lived early |12.1(5)YC1 | | |
| |deployment release | | | |
+--------+---------------------------+------------+----------+-------------+
| 12.1YD |Short-lived early |12.1(5)YD2 | | |
| |deployment release |2001-June-25| | |
+--------+---------------------------+------------+----------+-------------+
| 12.2-based Releases | Rebuild |Interim** | Maintenance |
+--------+---------------------------+------------+----------+-------------+
| 12.2 |General deployment release | |12.2(1.1) |12.2(3) |
| |for all platforms | | |2001-August |
+--------+---------------------------+------------+----------+-------------+
| 12.2T |General deployment release | | |12.2(4)T |
| |for all platforms | | | |
+--------+---------------------------+------------+----------+-------------+
| 12.2XA |SPLOB | | |12.2(2)XA |
+--------+---------------------------+------------+----------+-------------+
| 12.2XD |Short-lived early |12.2(1)XD1 | | |
| |deployment release | | | |
+--------+---------------------------+------------+----------+-------------+
| 12.2XE |Short-lived early | | |12.2(1)XE |
| |deployment release | | | |
+--------+---------------------------+------------+----------+-------------+
| 12.2XH |Short-lived early | | |12.2(1)XH |
| |deployment release | | |2001-June-25 |
+--------+---------------------------+------------+----------+-------------+
| 12.2XQ |Short-lived early | | |12.2(1)XQ |
| |deployment release | | |2001-June-23 |
+--------+---------------------------+------------+----------+-------------+
| Notes |
+--------------------------------------------------------------------------+
| * All dates are estimated and subject to change. |
| |
| ** Interim releases are subjected to less rigorous testing than regular |
| maintenance releases, and may have serious bugs. |
+--------------------------------------------------------------------------+