|
|
Cisco VPN Concentrator使用PPTP客户端可导致远程拒绝服务攻击
发布时间:2002-09-10
更新时间:2002-09-10
严重程度:中
威胁程度:远程拒绝服务
错误类型:意外情况处置错误
利用方式:服务器模式
BUGTRAQ ID:5625
受影响系统Cisco Secure ACS for Windows NT 2.6.3
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Terminal Server 4.0
- Microsoft Windows NT Terminal Server 4.0 SP1
- Microsoft Windows NT Terminal Server 4.0 SP2
- Microsoft Windows NT Terminal Server 4.0 SP3
- Microsoft Windows NT Terminal Server 4.0 SP4
- Microsoft Windows NT Terminal Server 4.0 SP5
- Microsoft Windows NT Terminal Server 4.0 SP6
- Microsoft Windows NT Terminal Server 4.0 SP6a
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP6a
Cisco VPN 3000 Concentrator 2.0
Cisco VPN 3000 Concentrator 2.5.2 (D)
Cisco VPN 3000 Concentrator 2.5.2 (C)
Cisco VPN 3000 Concentrator 2.5.2 (B)
Cisco VPN 3000 Concentrator 2.5.2 (A)
Cisco VPN 3002 Hardware Client 详细描述
Cisco VPN 3000 series concentrators是一系列通过VPN通信的产品。
在部分环境下,远程PPTP客户端可对concentrators进行拒绝服务,通过在客户端指定"No Encryption"选项连接有问题的设备,VPN concentrators就可以变的不稳定,导致产生拒绝服务。
测试代码
无
解决方案
升级程序:
Cisco VPN 3002 Hardware Client :
Cisco VPN 3000 Concentrator 2.0:
Cisco VPN 3000 Concentrator 2.5.2 (D):
Cisco Upgrade VPN 3000 Concentrator 2.5.2(F)
http://www.cisco.com/public/sw-center/
Cisco VPN 3000 Concentrator 2.5.2 (C):
Cisco Upgrade VPN 3000 Concentrator 2.5.2(F)
http://www.cisco.com/public/sw-center/
Cisco VPN 3000 Concentrator 2.5.2 (B):
Cisco Upgrade VPN 3000 Concentrator 2.5.2(F)
http://www.cisco.com/public/sw-center/
Cisco VPN 3000 Concentrator 2.5.2 (A):
Cisco Upgrade VPN 3000 Concentrator 2.5.2(F)
http://www.cisco.com/public/sw-center/
相关信息
Cisco Security Advisory.
参考:http://online.securityfocus.com/advisories/4446
|
