Cisco CBOS, Code Red Vulnerability?

From: Mourad de Riche (none@mdr--omnix.dk.lh.bsd-dk.dk)
Date: Sat 04 Aug 2001 - 19:00:06 CEST

Next message: Kristian Vilmann: "upgrade og ny kerne -> login problemer"
Previous message: Jonatan Anthony: "MySQL 3.23.40 vs. Samba 2.0.10 (opstartsproblem)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]

Date: Sat, 4 Aug 2001 17:00:06 +0000 (GMT)
From: Mourad de Riche <none@mdr--omnix.dk.lh.bsd-dk.dk>
To: <none@bsd-dk--bsd-dk.dk.lh.bsd-dk.dk>
Subject: Cisco CBOS, Code Red Vulnerability?

Omnix Resoucres Online Org. Conjecture.
July 4, 2001

Information:

The Cisco CBOS firmware is incorporated on some of the small-end
Cisco 67x-series ADSL routers, used by end-users and SOHO instal-
lations.

Effect Description:

No network connectivity, no service functionality.

WAN and LAN LNK lights are steady and on. There are no
intermittent activity on the ACT lights for both.

Problem Description:

The Cisco 67x, or more precisely the 677 with CBOS 2.4.2 release
(C677-I-M), seems vulnerable to the recently announced Code Red
virus in circulation.

The router seems to strees, when being bombarded by the foremen-
tioned virus, and eventually seems to dump it's firmware.

The firmware dump looks like the following (there may be
differences):

cbos>Operation fault at 1007a958, subtype 02
Fault record is saved at 10207a20
1007a95c : 92a55000 st g4, (g5)
=>
=>

A power-off solves the problem, and the router is refunctional.

The Cisco 677 ADSL router incorporates a web interface, which by
default is disabled. This web interface seems to be the reason for
the router being vulnerable. Even when the web interface is disabled,
the router listens for incomming requests on port 80.

The dump occurance seems fortuitous, but we have done no inves-
tigation, as to the actual reason for the dump.

Solution:

We have not been able to find any solutions to this problem.

A temporary workaround would be to change the listning port for the
web interface, which by default is set to port 80.

Affected Systems: Cisco ADSL Router 677 CBOS v2.4.2

Author: Mourad de Riche
Omnix Resources Online Org. Denmark

Disclaimer

The information within this paper may change without notice. Use of
this information constitutes acceptance for use in an AS IS condition.
There are NO warranties with regard to this information. In no event
shall the author be liable for any damages whatsoever arising out of or
in connection with the use or spread of this information. Any use of
this information is at the user's own risk. The information should be
treated merely as a supposition, and the author takes no responsibility.

Next message: Kristian Vilmann: "upgrade og ny kerne -> login problemer"
Previous message: Jonatan Anthony: "MySQL 3.23.40 vs. Samba 2.0.10 (opstartsproblem)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2b30 : Wed 15 Nov 2006 - 18:24:13 CET