Security Incidents mailing list archives
Re: CR vs. CoreBuilder
From: John Hall <j.hall () f5 com>
Date: Thu, 09 Aug 2001 12:57:19 -0700
The notice you referenced says that CBOS v2.4.2 fixes the problem, it does not. If you have the 675 configured to allow access to the web admin port, whether or not the web admin service is enabled, it still can crash the router. I severely limit incoming packets below 1024, so I just set the web admin port number to be one that my filters drop and I've had no problems since. There is definitely still a problem with the 675, it's just not as serious as before. JMH Curt Purdy wrote:
This is a side-effect of cr on 600 routers not related to the index vuln: http://www.cisco.com/warp/public/707/cisco-code-red-worm-pub.shtml#Affected Curt Purdy Information Security Engineer DP Solutions purdy () tecman com -----Original Message-----
...
on "8-5-2001" "John Nemeth" writ:
...
... i've noticed a similar problem with a cisco 675 ADSL router. in particular, i've had to do a cold boot three (3) times 'since' the CR-II attack started. i had disabled the web command interface, and checking revealed that still the case.
... ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Re: CR vs. CoreBuilder randy (Aug 05)
- Re: CR vs. CoreBuilder dep (Aug 06)
- <Possible follow-ups>
- Re: CR vs. CoreBuilder GraffiX (Aug 06)
- Re: CR vs. CoreBuilder Bryan Andersen (Aug 06)
- Re: CR vs. CoreBuilder Homer Wilson Smith (Aug 06)
- Re: CR vs. CoreBuilder cords (Aug 06)
- RE: CR vs. CoreBuilder Curt Purdy (Aug 06)
- Re: CR vs. CoreBuilder John Hall (Aug 09)