Bugtraq mailing list archives
Re: Cisco HTTP possible bug:
From: aleph1 () SECURITYFOCUS COM (Elias Levy)
Date: Fri, 28 Apr 2000 13:32:33 -0700
Summary of responses in this thread: Model IOS version Confirmed ----- ----------- ---------- C2924XL - No C2900X 11.2(8)SA1 No 7206 12.1(1a)T1 No 7206 12.0(9)S Yes 5300 12.1(1.3)T No 4000 11.0 No 3640 12.0(7)T Yes 2621 12.0(5)T1 Yes 2514 11.2(17) Yes 2501 12.0-4.T Yes 2501 12.0(8) Yes "DANIEL RAMIREZ VALDEZ" <dramirez () cemtec com>: Same happens using a 2501 IOS 12.0-4.T Pakojo Samm <briareos () otherlands net> : I send this back to the author without including the list. I have confirmed this on a 2501 running IOS version 12.0(8). "Chapman, Matt" <chapmam2 () ocps k12 fl us> confirmed on 2621 12.0(5)T1 "David DesVoigne" <ddesvoigne () synertechsystems com>: I tested this on a 7206 VXR running IOS image 12.1(1a)T1 (IP/Plus IPSec128) router was not affected negatively and continued normal operation after test. tested this router with and without crypto maps enabled on the external interfaces, also tried removing all standard and extended access lists. also tried with AAA Xauth enabled and disabled, as well as "ip proxy auth" enabled and disabled. 12.1(1a)T1 seems to be immune to this possible bug. "Nick Wilkens" <NWilkens () Holnam com> : Does not crash for me. Cisco Internetwork Operating System Software=20 IOS (tm) C2900XL Software (C2900XL-H-M), Version 11.2(8)SA1, RELEASE = SOFTWARE (fc1) cisco WS-C2924-XL Mike Gallagher <mikejgallagher () yahoo com>: I have confirmed this will crash a router running 11.2.x and 12.0.x (T train included). I also confirmed that no authentication is necessary to perform the DOS, but if you have an 'ip http access-class' configured, IP addresses denied by the access-list will not be able to perform the DOS. Interestingly enough, Catalyst 2924XL switches (which run a form of IOS) are not vulerable. "Greg Smythe" <zeneca () intellstat com>: I have confirmed this on 11.2(17) on a 2514. It locks up the router, then after about 60 seconds it reloads due to a software crash: *Feb 28 16:00:11: %SYS-2-MALLOCFAIL: Memory allocation of 1680 bytes failed from 0x313E670, pool I/O, alignment 0 -Process= "Init", ipl= 0, pid= 2 -Traceback= 315B6FC 315C42C 313E678 31522DA 31127FC 3122122 31221A0 310112A 30F82FE System restarted by error - Software forced crash, PC 0x316E7FC at 15:18:57 PDT Thu Apr 27 2000 Nerijus Krukauskas <nkrukauskas () lbank lt> : Cisco 4000 series with IOS 11.0 are not vulnerable. Test showed no impact on these routers. "Adam Kaufman" <adam () securify com>: I got the same results on a 2621 running IOS 12.0(5)T1 Christopher Rogers <phiber () phiber org>: I've verified that this occurs on 3640's and 7206's. 3640 running 12.0(7)T and 7206 running 12.0(9)S. Confirmed the power cycle requirement. 5300's running 12.1(1.3)T are apparently not affected.
Current thread:
- Re: Cisco HTTP possible bug: Jim Duncan (Apr 27)
- <Possible follow-ups>
- Re: Cisco HTTP possible bug: Elias Levy (Apr 28)
- Re: Cisco HTTP possible bug: Jim Duncan (Apr 28)