Cisco CBOS超大包DHCP产生拒绝服务漏洞发布时间:2002-05-28 更新时间:2002-05-28 严重程度:中 威胁程度:远程拒绝服务 错误类型:意外情况处置错误 利用方式:服务器模式 BUGTRAQ ID:4813 受影响系统 Cisco CBOS 2.3.9详细描述 CBOS (Cisco Broadband Operating System)是CISCO 600路由器的操作系统。 其中发送超大值的包给DHCP端口可导致CPE (Customer Premises Equipment)停止响应。 下面的CISCO 600系列路由器存在漏洞: 605, 626, 627, 633, 673, 675, 675e, 676, 677, 677i 和 678. 漏洞编码为Cisco Bug ID CSCdw90020. 测试代码 尚无 解决方案 使用过滤规则过滤DHCP通信: cbos# set filter 1 on allow incoming eth0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 protocol udp srcport 68-68 destport 67-67 cbos#set filter 2 on allow outgoing eth0 1.2.3.4 255.255.255.255 0.0.0.0 0.0.0.0 protocol udp srcport 67-67 destport 68-68 请更改1.2.3.4为自己的eth0接口IP值。 更多信息请参考:http://www.cisco.com/ univercd/cc/td/doc/product/dsl_prod/c600s/cbos/cbos240/03chap02.htm# xtocid365615. 升级操作程序: Cisco CBOS 2.3.9: Cisco Upgrade CBOS 2.4.5 Cisco CBOS 2.3.8: Cisco Upgrade CBOS 2.4.5 Cisco CBOS 2.3.7.002: Cisco Upgrade CBOS 2.4.5 Cisco CBOS 2.3.7: Cisco Upgrade CBOS 2.4.5 Cisco CBOS 2.3.5.015: Cisco Upgrade CBOS 2.4.5 Cisco CBOS 2.3.5: Cisco Upgrade CBOS 2.4.5 Cisco CBOS 2.3.2: Cisco Upgrade CBOS 2.4.5 Cisco CBOS 2.2.1a: Cisco Upgrade CBOS 2.4.5 Cisco CBOS 2.2.1: Cisco Upgrade CBOS 2.4.5 Cisco CBOS 2.2.0: Cisco Upgrade CBOS 2.4.5 Cisco CBOS 2.1.0a: Cisco Upgrade CBOS 2.4.5 Cisco CBOS 2.1.0: Cisco Upgrade CBOS 2.4.5 Cisco CBOS 2.0.1: Cisco Upgrade CBOS 2.4.5 Cisco CBOS 2.3 .053: Cisco Upgrade CBOS 2.4.5 Cisco CBOS 2.3: Cisco Upgrade CBOS 2.4.5 Cisco CBOS 2.4.1: Cisco Upgrade CBOS 2.4.5 Cisco CBOS 2.4.2 b: Cisco Upgrade CBOS 2.4.5 Cisco CBOS 2.4.2 ap: Cisco Upgrade CBOS 2.4.5 Cisco CBOS 2.4.2: Cisco Upgrade CBOS 2.4.5 Cisco CBOS 2.4.3: Cisco Upgrade CBOS 2.4.5 Cisco CBOS 2.4.4: Cisco Upgrade CBOS 2.4.5 相关信息 Knud Erik H?jgaard from Cybercity, Denmark. 参考:http://online.securityfocus.com/advisories/4147 相关主页:http://www.cisco.com/ |
