Cisco 7600-ES20-GE3CXL-RF - Ethernet Services 20G Line Card Switch Instrukcja Użytkownika Pobierz pdf (Strona 75)

521

Caveats for Cisco IOS Release 12.2(33)SRD through 12.2(33)SRD8

OL-10394-05 Rev. R0

• CSCtd75033

Symptoms: Cisco IOS Software is affected by NTP mode 7 denial-of-service vulnerability.

Conditions: Cisco IOS Software with support for Network Time Protocol (NTP) contains a

vulnerability processing specific NTP Control Mode 7 packets. This results in increased CPU on the

device and increased traffic on the network segments.

This is the same as the vulnerability which is described in http://www.kb.cert.org/vuls/id/568372.

Cisco has release a public facing vulnerability alert at the following link:

http://tools.cisco.com/security/center/viewAlert.x?alertId=19540

Cisco IOS Software that has support for NTPv4 is NOT affected. NTPv4 was introduced into

Cisco IOS Software: 12.4(15)XZ, 12.4(20)MR, 12.4(20)T, 12.4(20)YA, 12.4(22)GC1, 12.4(22)MD,

12.4(22)YB, 12.4(22)YD, 12.4(22)YE and 15.0(1)M.

All other versions of Cisco IOS and Cisco IOS XE Software are affected.

To see if a device is configured with NTP, log into the device and issue the CLI command show

running-config | include ntp. If the output returns either of the following commands listed then the

device is vulnerable:

ntp master <any following commands>

ntp peer <any following commands>

ntp server <any following commands>

ntp broadcast client

ntp multicast client

The following example identifies a Cisco device that is configured with NTP:

router#show running-config | include ntp

ntp peer 192.168.0.12

The following example identifies a Cisco device that is not configured with NTP:

router#show running-config | include ntp

router#

To determine the Cisco IOS Software release that is running on a Cisco product, administrators can

banner confirms that the device is running Cisco IOS Software by displaying text similar to

“Cisco Internetwork Operating System Software” or “Cisco IOS Software.” The image name

displays in parentheses, followed by “Version” and the Cisco IOS Software release name. Other

Cisco devices do not have the show version command or may provide different output.

The following example identifies a Cisco product that is running Cisco IOS Software

Release 12.3(26) with an installed image name of C2500-IS-L:

Router#show version

Cisco Internetwork Operating System Software

IOS (tm) 2500 Software (C2500-IS-L), Version 12.3(26), RELEASE SOFTWARE

(fc2)

Technical Support: http://www.cisco.com/techsupport

1 2 ... 70 71 72 73 74 75 76 77 78 79 80 ... 397 398

Brak uwag

Cisco 7600-ES20-GE3CXL-RF - Ethernet Services 20G Line Card Switch Instrukcja Użytkownika Strona 75