Cisco SSH超大数据包远程拒绝服务攻击漏洞

发表于:2007-06-23来源:作者:点击数: 标签:
信息提供: 安全 公告(或线索)提供热线:51cto.editor@gmail.com 漏洞类别: 远程拒绝服务攻击漏洞 攻击类型: 远程攻击 发布日期: 2002-06-27 更新日期: 2002-07-05 受影响系统: Cisco Catalyst 6000 7.1(2) Cisco Catalyst 6000 7.1 Cisco Catalyst 6

   



信息提供:

安全公告(或线索)提供热线:51cto.editor@gmail.com

漏洞类别:

远程拒绝服务攻击漏洞

攻击类型:

远程攻击

发布日期:

2002-06-27

更新日期:

2002-07-05

受影响系统:

Cisco Catalyst 6000 7.1(2)

Cisco Catalyst 6000 7.1

Cisco Catalyst 6000 6.3(4)

Cisco Catalyst 6000 6.3(0.7)PAN

Cisco Catalyst 6000 6.2(0.111)

Cisco Catalyst 6000 6.2(0.110)

Cisco Catalyst 6000 6.1(2.13)

Cisco Catalyst 6000 6.1(1c)

Cisco Catalyst 6000 6.1(1b)

Cisco Catalyst 6000 6.1(1a)

Cisco Catalyst 6000 6.1(1)

Cisco Catalyst 6000 5.5(4b)

Cisco Catalyst 6000 5.5(4a)

Cisco Catalyst 6000 5.5(4)

Cisco Catalyst 6000 5.5(3)

Cisco Catalyst 6000 5.5(2)

Cisco Catalyst 6000 5.5(1)

Cisco Catalyst 6000 5.5

Cisco Catalyst 6000 5.4.1

Cisco Catalyst 6000 5.4(4)

Cisco Catalyst 6000 5.4(3)

Cisco Catalyst 6000 5.4(2)

Cisco Catalyst 6000 5.4(1)

Cisco Catalyst 6000 5.4

Cisco Catalyst 6000 5.3(6)CSX

Cisco Catalyst 6000 5.3(5a)CSX

Cisco Catalyst 6000 5.3(5)CSX

Cisco Catalyst 6000 5.3(4)CSX

Cisco Catalyst 6000 5.3(3)CSX

Cisco Catalyst 6000 5.3(2)CSX

Cisco Catalyst 6000 5.3(1a)CSX

Cisco Catalyst 6000 5.3(1)CSX

Cisco IOS 12.2YH

Cisco IOS 12.2YG

Cisco IOS 12.2YF

Cisco IOS 12.2YD

Cisco IOS 12.2YC

Cisco IOS 12.2YB

Cisco IOS 12.2YA

Cisco IOS 12.2XW

Cisco IOS 12.2XT

Cisco IOS 12.2XS

Cisco IOS 12.2XR

Cisco IOS 12.2XQ

Cisco IOS 12.2XK

Cisco IOS 12.2XJ

Cisco IOS 12.2XI

Cisco IOS 12.2XH

Cisco IOS 12.2XG

Cisco IOS 12.2XF

Cisco IOS 12.2XE

Cisco IOS 12.2XD

Cisco IOS 12.2XB

Cisco IOS 12.2XA

Cisco IOS 12.2T

Cisco IOS 12.2DD

Cisco IOS 12.2

Cisco IOS 12.1YF

Cisco IOS 12.1YE

Cisco IOS 12.1YD

Cisco IOS 12.1YC

Cisco IOS 12.1XU

Cisco IOS 12.1XT

Cisco IOS 12.1XQ

Cisco IOS 12.1XP

Cisco IOS 12.1XM

Cisco IOS 12.1XL

Cisco IOS 12.1XJ

Cisco IOS 12.1XI

Cisco IOS 12.1XH

Cisco IOS 12.1XG

Cisco IOS 12.1XF

Cisco IOS 12.1XC

Cisco IOS 12.1XB

Cisco IOS 12.1T

Cisco IOS 12.1EC

Cisco IOS 12.1E

Cisco IOS 12.0XV

Cisco IOS 12.0XM

Cisco IOS 12.0XB

Cisco IOS 12.0ST

Cisco IOS 12.0SP

Cisco IOS 12.0S

Cisco PIX Firewall 6.2

Cisco PIX Firewall 6.1

Cisco PIX Firewall 6.0

Cisco PIX Firewall 5.3

Cisco PIX Firewall 5.2

Cisco CSS11000 Content Services Switch

安全系统:

漏洞报告人:

Cisco Systems Product Security Incident Response Team

漏洞描述:

BUGTRAQ  ID: 5114

CVE(CAN) ID: CVE-2002-1024

IOS是一款由CISCO公司分发的使用在CISCO路由器上的Inte.net操作系统。

IOS系统中的SSH实现在处理超大SSH包时存在漏洞,远程攻击者可以利用这个漏洞进行拒绝服务攻击。

当处理超大的信息包时,SSH进程会消耗大部分CPU指令周期,导致对正常通信停止响应,产生拒绝服务。在某些情况下可能导致CISCO设备重启动。

此问题主要存在于ssh1守护程序中所带的一段代码中存在一个整数溢出问题。问题出在deattack.c,由于在detect_attack()函数中错误的将一个16位的无符号变量当成了32位变量来使用,导致表索引溢出问题而产生拒绝服务攻击。

具体可参考SSH1 守护程序crc32补偿攻击检测安全漏洞( http://security.nsfocus.com/showQuery.asp?bugID=1262 )

测试方法:

解决方法:

临时解决方法:

如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁:

*  在边界网络中使用访问限制控制所有SSH连接。

*  每一个独立的设备只允许合法的IP地址进行访问,并阻塞所有来自其他IP的SSH连接。

厂商补丁:

Cisco

-----

Cisco已经为此发布了一个安全公告(Cisco-SSH-Scan)以及相应补丁:

Cisco-SSH-Scan:Scanning for SSH Can Cause a Crash

链接:http://www.cisco.com/warp/public/707/SSH-scanning.shtml

补丁下载

CISCO已经提供PIX和IOS固件的升级版本,具体升级列表请参看:

http://www.cisco.com/warp/public/707/SSH-scanning.shtml#Software



原文转自:http://www.ltesting.net