Cisco patch day

Published: 2006-01-18. Last Updated: 2006-01-18 22:11:05 UTC
by Swa Frantzen (Version: 2)
0 comment(s)

Cisco published 3 security advisories relating to their products:

Cisco sgbp DoS

Cisco published a report about a DoS condition on some of their routers.

It is situated in the Stack Group Bidding Protocol (sgbp) wich is used to enable bandwidth on demand using Multilink PPP (MLP).

Full details at cisco

To summarize:

  • Not vulnerable if the router does not support sgbp or if it is not configured (so #show sgbp should give no output or a syntax error message).
  • Workarounds are listed with ACLs to protect UDP/9900 on the affected routers.
  • Upgrade to fix it
  • Traffic to UDP/9900 might now be DoS attempts.

Cisco Call Manager

Cisco Call managers had 2 issues against them:

DoS

The issue seems to be twofold with connection not timing out fast enough or with connections filling up the windows message queue.

Full details at Cisco

In summary:
  • TCP/2000 cannection do not time out in certain conditions. Hogging resources. In specific conditions these connections never timeout.
  • Connections to ports  2001, 2002 and 7727 can fill up the windows message queue. Triggering a restart of the call manager after 30 seconds.
  • Workarounds might include separating the VoIP traffic and isolating the Call manager from more generic IP networks.
  • Traffic to TCP/2000, 2001, 2002 and 7727 can now be DoS attempts.

Escalation of Privileges

Cisco Call Managers with Multi Level Administration (MLA) enabled are vulnerable to an escalation of privileges.

Full details at Cisco

In summary:
  • Users in the administrative group with read only access rights can attack the web component of the Cisco Call Manager and gain more rights.
  • Workarounds might include not using the administrative read only access level.
--
Swa Frantzen
Keywords:
0 comment(s)

Comments


Diary Archives