|
|
|
|
| |
Cisco CNS Network Registrar is a DNS and DHCP server installed on Windows NT servers and Windows 2000 servers.
The Network Registrar DNS/DHCP server is vulnerable to two types of Denial Of Service attacks which are triggered by malformed packets sent to it and processed. The two issues are described in this advisory. |
| |
Credit:
The information has been provided by Cisco Systems Product Security Incident Response Team.
The original article can be found at: http://www.cisco.com/warp/public/707/ cisco-sa-20041202-cnr.shtml
|
| |
Vulnerable Systems:
* Cisco CNS Network Registrar version 6.0 through 6.1.1.3, affected by Cisco bug ID CSCeg27625
* Cisco CNS Network Registrar up to and including 6.1.1.3 are affected by Cisco bug ID CSCeg27614
Immune Systems:
* Cisco Network Registrar for Linux/Unix
* Cisco Network Registrar for Windows version 6.1.1.4
The first vulnerability is that the Cisco CNS Network Registrar CCM (Central Configuration Management) server could consume almost 100% of the system CPU when a remote user ends a connection after sending a specific sequence of packets. The server agent must be restarted to clear this condition.
The second vulnerability is in the registrar lock manager. The Cisco CNS Network Registrar lock manager process may crash when the system receives an unexpected packet sequence. This will cause the CCM server to also fail. You must restart the server agent to resume normal operations.
Note: These issues are standalone, new issues and are unrelated to previous issues presented in recent Cisco advisories.
Impact
Exploitation of either of these new vulnerabilities may result in a denial of service against the Registrar server which will cause it to either stop responding or crash, with a restart of the server as the only way to restore it to working condition.
Workarounds
These vulnerabilities can be mitigated by placing access lists on adjacent network devices such as routers or firewalls to block inbound connections to all high or ephemeral port numbers, including the CCM port.
If remote access to the Cisco CNS Network Registrar is required, it is recommended that trusted hosts be explicitly permitted in access control lists, and all other connection attempts blocked. Remote connection CLI ports are tcp 2875 & tcp 2876, and the default port number for CCM is tcp1234, which can also be configured to a different port number. Access lists permitting selective access to these ports from trusted IP addresses can mitigate this vulnerability.
The effectiveness of any workaround is dependent on specific customer situations such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround is the most appropriate for use in the intended network before it is deployed.
Vendor Status:
The two issues are fixed in the 6.1.1.4 patch release. Releases are available for download to registered customers on CCO at:
http://www.cisco.com/cgi-bin/Software/Tablebuild/tablebuild.pl/nr-eval
Customers who are using Cisco Network Registrar 5.5 versions must request a new license key for the Cisco CNS Network Registrar 6.1.1.x release before obtaining the patched 6.1.1.4 release from CCO. Version 5.5 license keys are incompatible with the Cisco CNS Network Registrar 6.0 or 6.1 software releases.
To request a new license key, any customer wishing to upgrade version 5.5 to version 6.1 software should send an electronic mail message to cnr-psirt-update@cisco.com, and provide the customer name, address, contact name and existing version 5.5 license key string in the body of the message along with a line indicating `CNR PSIRT upgrade for Windows request'. A new license key will be dispatched via email to the requestor, allowing them to install and upgrade to the patched 6.1.1.4 release using the new license key.
|
|
|
|
|
|
|
|
|
|
