perfsonar-user - Re: [GN2-JRA1] [Cisco Security Response: Reload on Processing a Command Including a Regular Expression]
Subject: perfSONAR User Q&A and Other Discussion
List archive
Re: [GN2-JRA1] [Cisco Security Response: Reload on Processing a Command Including a Regular Expression]
Chronological Thread
- From: Mohacsi Janos <>
- To:
- Cc: , "" <>, GN-JRA1-list <>, ,
- Subject: Re: [GN2-JRA1] [Cisco Security Response: Reload on Processing a Command Including a Regular Expression]
- Date: Tue, 18 Sep 2007 17:57:58 +0200 (CEST)
Hi Federic,
Thank you for raising this issue. We are also aware of the problem. E.g. we don't allow regular expression in our public looking glass.
We are quite reluctant about allowing access all kind of sensitive information via perfsonar telnet/ssh interface:
From Security point of view I don't think
- OSPF or ISIS database should be available publicly
- cpu usage of the router should be available publicly
- VPN information should be available publicly
- releasing sensitive information via Perfsonar - we have to protect personal datas in lots of cases
I don't know whether JRA1 is aware of the JRA2 document:
GN2-07-079v3 (DJ2.1.1,4)
http://intranet.geant2.net/upload/pdf/GN2-07-079v3-DJ2-1-1_4_Revised_GEANT2_Secuirty_Recommendation_and_Policy-Fourth_edition_20070917145024.pdf
By the way JRA2 activity is ready review any JRA1 services sufficiently documented. Just ask JRA1 activty leader...
Best Regards,
Janos Mohacsi
Network Engineer, Research Associate, Head of Network Planning and Projects
NIIF/HUNGARNET, HUNGARY
Key 70EF9882: DEC2 C685 1ED4 C95A 145F 4300 6F64 7B00 70EF 9882
On Tue, 18 Sep 2007, Frederic LOUI wrote:
Hello,
I don't know whether you're already aware of that security vulnerability,
but could the developer's team of the PerfSONAR TELNET/SSH MP
take into account this security issue ?
(and forbid the use of regular expressions ? ==> Other suggestions are welcomed)
Thanks
Bgrds/Frederic
Sujet:
Cisco Security Response: Reload on Processing a Command Including a Regular Expression
De:
Cisco Systems Product Security Incident Response Team
<>
Date:
Wed, 12 Sep 2007 12:31:40 -0400
Pour ::
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Response: Reload on Processing a Command Including a
Regular Expression
http://www.cisco.com/warp/public/707/cisco-sr-20070912-regexp.shtml
Revision 1.0
For Public Release 2007 September 12 1600 UTC (GMT)
+--------------------------------------------------------------------
Cisco Response
==============
This is the Cisco Product Security Incident Response Team (PSIRT)
response to a vulnerability that was reported on the Cisco NSP mailing
list on August 17, 2007 regarding the crash and reload of devices
running Cisco IOS after executing a command that uses, either directly
or indirectly, a regular expression. The original post is available at
the following link:
https://puck.nether.net/pipermail/cisco-nsp/2007-August/043002.html
The Cisco PSIRT posted a preliminary response on the same day and is
available at the following link:
https://puck.nether.net/pipermail/cisco-nsp/2007-August/043010.html
Preliminary research pointed to a previously known issue that was
documented as Cisco bug ID CSCsb08386, and entitled "PRP crash by show
ip bgp regexp", which was already resolved. Further research indicates
that the current issue is a different but related vulnerability.
There are no workarounds available for this vulnerability. Cisco will
update this document in the event of any changes.
Additional Information
======================
Cisco IOS includes a regular expression engine that is used to process
regular expressions that are provided as part of a command that is typed
on the command line interface (CLI), as seen in the following example:
Router#show ip bgp regexp [regexp]
or
When using a regular expression as part of a filter that is invoked
after piping the output of a command into a filter, as seen in the
following example:
Router#show running-config | include [regexp]
or
- From the "--more--" prompt while paginating through the output of
a previously executed command, by typing "/[regexp]" while on the
"--more--" prompt.
Some regular expressions that make use of combined repetition operators
('*') and pattern recalls ("\1", "\2", etc.) into the same expression
may result in a stack overflow on the Cisco IOS regular expression
engine. A stack overflow will result in a reload of the device.
Note: To execute such commands including regular expressions, a user has
to have access to the device CLI. This access implies that a user can
log in into the device by providing valid user credentials.
Products Affected by This Vulnerability
+--------------------------------------
Note: The following list is subject to change. Cisco is continuing to
review the potential impact of this vulnerability on its products;
this list may be updated to include additional Cisco products that are
affected by this vulnerability.
* Cisco IOS releases 12.0, 12.1, 12.2, 12.3 and 12.4 - Cisco bug ID
is CSCsk14633. There is no fixed software available at the time of
this writing.
No other Cisco products are currently known to be affected by this
vulnerability. Cisco IOS XR is not affected by this vulnerability.
Workarounds
+----------
There is no workaround for this vulnerability.
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY
ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS
AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS
DOCUMENT AT ANY TIME.
Revision History
================
+------------------------------------------------------------+
| Revision 1.0 | 2007-September-12 | Initial public release |
+------------------------------------------------------------+
Cisco Security Procedures
=========================
Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and
registering to receive security information from Cisco, is available
on Cisco's worldwide website at
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html.
This includes instructions for press inquiries regarding Cisco security
notices. All Cisco security advisories are available at
http://www.cisco.com/go/psirt.
+--------------------------------------------------------------------
All contents are Copyright 2006-2007 Cisco Systems, Inc. All rights
reserved.
+--------------------------------------------------------------------
Updated: Sep 12, 2007 Document ID: 98766
+--------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFG6BQU8NUAbBmDaxQRAmVaAJ0WpBL0Xlryq4RDQqUWNzJ2aYKPqACdGkHq
WPLOXa6jmnf7kXaJI0pfYQc=
=QUfs
-----END PGP SIGNATURE-----
_______________________________________________
cust-security-announce mailing list
To unsubscribe, send the command "unsubscribe" in the subject of your message to
- [Cisco Security Response: Reload on Processing a Command Including a Regular Expression], Frederic LOUI, 09/18/2007
- Re: [GN2-JRA1] [Cisco Security Response: Reload on Processing a Command Including a Regular Expression], Mohacsi Janos, 09/18/2007
- Re: [GN2-JRA1] [Cisco Security Response: Reload on Processing a Command Including a Regular Expression], Simon Leinen, 09/19/2007
- RE: [pS-dev] [Cisco Security Response: Reload on Processing a Command Including a Regular Expression], Stijn Verstichel, 09/20/2007
Archive powered by MHonArc 2.6.16.