From psirt@cisco.com Mon Aug  4 03:18:27 2003
From: Cisco Systems Product Security Incident Response Team
    <psirt@cisco.com>
To: cust-security-announce@cisco.com
Cc: psirt@cisco.com
Date: Fri, 01 Aug 2003 00:45:08 +0200 (CET)
Subject: Cisco Security Notice: Data Leak in UDP Echo Service

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Data Leak in UDP Echo Service

Revision 1.0

Description
===========

If the udp-small-servers command is enabled, a Cisco IOSŪ software device may
reply to malformed udp echo packets with some of the contents stored in a
router's memory. By repeatedly sending malformed udp echo packets and capturing
the replies, an attacker can obtain portions of the data that is stored in a
router's memory.

Workarounds are available to mitigate the effects.

Fixed Software
==============

This vulnerability has been fixed by the Cisco Bug ID CSCdk77834. Below are the
first Cisco IOS software releases that are not affected by this vulnerability:

  * 12.0(3.2)
   
  * 12.0(3.3)S
   
  * 12.0(3.4)T
   
  * 12.0(3.6)W5(9.0.5)
   
12.1, 12.2, and 12.3-based images are not affected.

Workaround
==========

The workaround is to disable udp-small-services. The syntax for this command on
routers and switches running Cisco IOS software is as follows:

    no service udp-small-servers
      

The udp-small-servers command is disabled by default since Cisco IOS Software
Release 11.2(1).

It is always recommended to disable unnecessary services on routers and
switches. Refer to Improving Security on Cisco Routers
(http://www.cisco.com/warp/public/707/21.html#possibly_unnecessary) for more 
information on improving router security.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE/KZn9ezGozzK2tZARAm88AKDDEOepms5pWBGS8+O2GSbJiBVWJwCgt1yh
4uQb39onkchAFo7TiLWfgdw=
=P/VN
-----END PGP SIGNATURE-----