Vulnerability Development mailing list archives
Re: Code red II crashes cisco 678
From: "bjarne bingo" <kain () mongol dk>
Date: Mon, 6 Aug 2001 20:19:42 +0200
no effect on a cisco 677 running cbos 2.4.2(latest) - tried leaving the ping running for 10 minutes or so. ----- Original Message ----- From: "Johnson, Michael" <Michael.Johnson () ASTStockplan com> To: "'Vladimir Kraljevic'" <vladimir_kraljevic () llbudapest hu>; <VULN-DEV () securityfocus com> Cc: "'Geo.'" <georger () nls net> Sent: Monday, August 06, 2001 7:44 PM Subject: RE: Code red II crashes cisco 678
Verified on a 677 also. -----Original Message----- From: Vladimir Kraljevic [mailto:vladimir_kraljevic () llbudapest hu] Sent: Monday, August 06, 2001 11:55 AM To: VULN-DEV () SECURITYFOCUS COM Cc: 'Geo.' Subject: RE: Code red II crashes cisco 678 I've had problems with Cisco 677 (please take a search for 20000814172811.28516.qmail () securityfocus com). It was possible to smash the router (only power off helped) by issuing
ICMP
echo with record route flag set (succeeded even with Win32 ping from
command
line). Problem appeared after several echo requests of that type, not immediately (try ping -t -r 8 <some.non.local.ip.address> and wait 2-3 minutes at most). However, I was not able (not enough time, as usual) to
try
to craft fake ICMP response with recorded routes inside (maybe this allows an DoS against complete families of Cisco 6xx routers). Maybe related. Vladimir C:\>-----Original Message----- C:\>From: Geo. [mailto:georger () nls net] C:\>Sent: Monday, August 06, 2001 4:43 C:\>To: Russ; VULN-DEV () SECURITYFOCUS COM; C:\>NTBUGTRAQ () LISTSERV NTBUGTRAQ COM; C:\>Discussion regarding Windows-related security vulnerabilities and C:\>risks.; Marc Maiffret; security () cisco com C:\>Subject: Code red II crashes cisco 678 C:\> C:\> C:\>All day I've had customers calling with cisco 678 routers C:\>running cbos 2.4.2 C:\>with the web interface disabled. Seems their routers have C:\>been crashing. C:\> C:\>We traced this back to the code red worm. For some reason C:\>even with web C:\>disabled on these routers port 80 remains open. Simply C:\>running a port scan C:\>and cutting off the connection is enough to crash the C:\>router. Locks up C:\>solid. C:\> C:\>I also found a solution, by doing a C:\> C:\>set web remote ipaddress C:\> C:\>where ipaddress is one of their internal IP's you can C:\>prevent outside C:\>addresses from being able to crash the router. C:\> C:\>Just a heads up guys, if you are seeing 678's crashing, C:\>give it a try, it's C:\>working here. C:\> C:\>Geo. C:\> C:\> C:\> C:\>
Current thread:
- Re: Code red II crashes cisco 678, (continued)
- Re: Code red II crashes cisco 678 leE (Aug 07)
- Re: Code red II crashes cisco 678 JAX (Aug 06)
- Re: Code red II crashes cisco 678 Sam (Aug 06)
- Re: Code red II crashes cisco 678 JAX (Aug 06)
- Re: Code red II crashes cisco 678 Sam (Aug 06)
- RE: Code red II crashes cisco 678 Vladimir Kraljevic (Aug 06)
- Re: Code red II crashes cisco 678 Blue Boar (Aug 06)
- Re: Code red II crashes cisco 678 brian_carpio (Aug 06)
- Re: Code red II crashes cisco 678 R. Boon (Aug 08)
- Re: Code red II crashes cisco 678 Albaniantranslators.com Webmaster (Aug 06)
- RE: Code red II crashes cisco 678 Johnson, Michael (Aug 06)
- Re: Code red II crashes cisco 678 bjarne bingo (Aug 06)
- Re: Code red II crashes cisco 678 lonely wolf (Aug 07)
- Windows File Sharing and Samba Kaneda Akira (Aug 08)