Cisco IOS syslog端口恶意UDP数据包破坏漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1105399 漏洞类型 未知
发布时间 1999-01-11 更新时间 2005-05-02
CVE编号 CVE-1999-0063 CNNVD-ID CNNVD-199901-037
漏洞平台 Hardware CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/19531
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-199901-037
|漏洞详情
CiscoIOS12.0和其他版本中存在漏洞。该漏洞造成的危害是:这些版本可被syslog端口的恶意UDP数据包破坏。
|漏洞EXP
source: http://www.securityfocus.com/bid/675/info

Cisco devices running classic IOS are reported prone to a denial of service vulnerability. The issue occurs when a vulnerable device receives and processes a UDP packet on UDP port 514 for syslog. This issue results in a crash or hang requiring a reboot.

Vulnerable IOS software may be found on the following Cisco devices:

- Cisco routers in the AGS/MGS/CGS/AGS+, IGS, RSM, 8xx, ubr9xx, 1xxx, 25xx, 26xx, 30xx, 36xx, 38xx, 40xx, 45xx, 47xx, AS52xx, AS53xx, AS58xx, 64xx, 70xx, 72xx (including the ubr72xx), 75xx, and 12xxx series.
-Recent versions of LS1010 ATM switch.
-Catalyst 2900XL LAN switch.
-Cisco DitributedDirector. 

nmap -sU -p514 <IP-of-Cisco-device>
|参考资料
VulnerablesoftwareandversionsConfiguration1OR*cpe:/o:cisco:ios:11.3aa*cpe:/o:cisco:ios:11.3db*cpe:/o:cisco:ios:12.0*cpe:/o:cisco:ios:12.0%281%29w*cpe:/o:cisco:ios:12.0%281%29xa3*cpe:/o:cisco:ios:12.0%281%29xb*cpe:/o:cisco:ios:12.0%281%29xe*cpe:/o:cisco:ios:12.0%282%29xc*cpe:/o:cisco:ios:12.0%282%29xd*cpe:/o:cisco:ios:12.0db*cpe:/o:cisco:ios:12.0s*cpe:/o:cisco:ios:12.0t*DenotesVulnerableSoftware*ChangesrelatedtovulnerabilityconfigurationsTechnicalDetailsVulnerabilityType(ViewAll)CVEStandardVulnerabilityEntry:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0063