perfsonar-user - RE: [pS-dev] [Cisco Security Response: Reload on Processing a Command Including a Regular Expression]
Subject: perfSONAR User Q&A and Other Discussion
List archive
RE: [pS-dev] [Cisco Security Response: Reload on Processing a Command Including a Regular Expression]
Chronological Thread
- From: "Stijn Verstichel" <>
- To: <>, <>, <>, "'GN-JRA1-list'" <>
- Subject: RE: [pS-dev] [Cisco Security Response: Reload on Processing a Command Including a Regular Expression]
- Date: Thu, 20 Sep 2007 11:33:35 +0200
Hi All,
Perhaps there is something that needs to be clarified before continuing this
discussion.
1) The regular expressions that can be configured in the service.properties
file for every command are evaluated on the MP, using the Java Regular
Expression Mechanism. Their envisaged use is thus to limit what can be send
as a parameter to the actual underlying device, but doing this checking on
the MP itself.
2) If you want to allow a user to send regular expressions as arguments to
the device, you would need to specify in the service.properties file what
regular expressions are allowed as parameters for a given command. So in
this case you need to write a regular expression, that in its turn allows
other regular expressions to be validated by the Java Regular Expression
Mechanism.
Hope this somewhat clarifies your concerns,
Stijn Verstichel
--
Stijn Verstichel
<>
G. Crommenlaan 8/201,
9050, Ghent
Belgium
Tel: +32 9 33 14 981
Fax: +32 9 33 14 899
Department of Information Technology
Ghent University - IBCN - IBBT
www.ibcn.intec.ugent.be - www.ibbt.be
-----Original Message-----
From: Frederic LOUI
[mailto:]
Sent: dinsdag 18 september 2007 17:42
To:
;
;
GN-JRA1-list
Subject: [pS-dev] [Cisco Security Response: Reload on Processing a Command
Including a Regular Expression]
Hello,
I don't know whether you're already aware of that security vulnerability,
but could the developer's team of the PerfSONAR TELNET/SSH MP
take into account this security issue ?
(and forbid the use of regular expressions ? ==> Other suggestions are
welcomed)
Thanks
Bgrds/Frederic
Sujet:
Cisco Security Response: Reload on Processing a Command Including a
Regular Expression
De:
Cisco Systems Product Security Incident Response Team
<>
Date:
Wed, 12 Sep 2007 12:31:40 -0400
Pour ::
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Response: Reload on Processing a Command Including a
Regular Expression
http://www.cisco.com/warp/public/707/cisco-sr-20070912-regexp.shtml
Revision 1.0
For Public Release 2007 September 12 1600 UTC (GMT)
+--------------------------------------------------------------------
Cisco Response
==============
This is the Cisco Product Security Incident Response Team (PSIRT)
response to a vulnerability that was reported on the Cisco NSP mailing
list on August 17, 2007 regarding the crash and reload of devices
running Cisco IOS after executing a command that uses, either directly
or indirectly, a regular expression. The original post is available at
the following link:
https://puck.nether.net/pipermail/cisco-nsp/2007-August/043002.html
The Cisco PSIRT posted a preliminary response on the same day and is
available at the following link:
https://puck.nether.net/pipermail/cisco-nsp/2007-August/043010.html
Preliminary research pointed to a previously known issue that was
documented as Cisco bug ID CSCsb08386, and entitled "PRP crash by show
ip bgp regexp", which was already resolved. Further research indicates
that the current issue is a different but related vulnerability.
There are no workarounds available for this vulnerability. Cisco will
update this document in the event of any changes.
Additional Information
======================
Cisco IOS includes a regular expression engine that is used to process
regular expressions that are provided as part of a command that is typed
on the command line interface (CLI), as seen in the following example:
Router#show ip bgp regexp [regexp]
or
When using a regular expression as part of a filter that is invoked
after piping the output of a command into a filter, as seen in the
following example:
Router#show running-config | include [regexp]
or
- From the "--more--" prompt while paginating through the output of
a previously executed command, by typing "/[regexp]" while on the
"--more--" prompt.
Some regular expressions that make use of combined repetition operators
('*') and pattern recalls ("\1", "\2", etc.) into the same expression
may result in a stack overflow on the Cisco IOS regular expression
engine. A stack overflow will result in a reload of the device.
Note: To execute such commands including regular expressions, a user has
to have access to the device CLI. This access implies that a user can
log in into the device by providing valid user credentials.
Products Affected by This Vulnerability
+--------------------------------------
Note: The following list is subject to change. Cisco is continuing to
review the potential impact of this vulnerability on its products;
this list may be updated to include additional Cisco products that are
affected by this vulnerability.
* Cisco IOS releases 12.0, 12.1, 12.2, 12.3 and 12.4 - Cisco bug ID
is CSCsk14633. There is no fixed software available at the time of
this writing.
No other Cisco products are currently known to be affected by this
vulnerability. Cisco IOS XR is not affected by this vulnerability.
Workarounds
+----------
There is no workaround for this vulnerability.
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY
ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS
AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS
DOCUMENT AT ANY TIME.
Revision History
================
+------------------------------------------------------------+
| Revision 1.0 | 2007-September-12 | Initial public release |
+------------------------------------------------------------+
Cisco Security Procedures
=========================
Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and
registering to receive security information from Cisco, is available
on Cisco's worldwide website at
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.h
tml.
This includes instructions for press inquiries regarding Cisco security
notices. All Cisco security advisories are available at
http://www.cisco.com/go/psirt.
+--------------------------------------------------------------------
All contents are Copyright 2006-2007 Cisco Systems, Inc. All rights
reserved.
+--------------------------------------------------------------------
Updated: Sep 12, 2007 Document ID: 98766
+--------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFG6BQU8NUAbBmDaxQRAmVaAJ0WpBL0Xlryq4RDQqUWNzJ2aYKPqACdGkHq
WPLOXa6jmnf7kXaJI0pfYQc=
=QUfs
-----END PGP SIGNATURE-----
_______________________________________________
cust-security-announce mailing list
To unsubscribe, send the command "unsubscribe" in the subject of your
message to
- [Cisco Security Response: Reload on Processing a Command Including a Regular Expression], Frederic LOUI, 09/18/2007
- Re: [GN2-JRA1] [Cisco Security Response: Reload on Processing a Command Including a Regular Expression], Mohacsi Janos, 09/18/2007
- Re: [GN2-JRA1] [Cisco Security Response: Reload on Processing a Command Including a Regular Expression], Simon Leinen, 09/19/2007
- RE: [pS-dev] [Cisco Security Response: Reload on Processing a Command Including a Regular Expression], Stijn Verstichel, 09/20/2007
Archive powered by MHonArc 2.6.16.