-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Response: Cisco IOS Software Denial of Service Vulnerabilities http://www.cisco.com/warp/public/707/cisco-sr-20110505-ios.shtml Revision 1.0 For Public Release 2011 May 05 1600 UTC (GMT) Cisco Response ============== This is the Cisco PSIRT response to two postings on bugtraq by NCNIPC (China) regarding reported vulnerabilities in Cisco IOS Software. The original reports are available at the following links: * Cisco IOS UDP Denial of Service Vulnerability leavingcisco.com * Cisco IOS SNMP Message Processing Denial Of Service Vulnerability leavingcisco.com We greatly appreciate the opportunity to work with researchers on security vulnerabilities and welcome the opportunity to review and assist in product reports. Additional Information ====================== Cisco PSIRT is actively working with NCNIPC (China) to further understand the details of what is reported in the bugtraq postings. At this stage Cisco PSIRT cannot confirm the existence of any new vulnerabilities in Cisco IOS Software based on the information that is currently available. This Cisco Security Response will be updated as new information becomes available. Cisco PSIRT recommends limiting access to the network with Infrastructure Acess Control Lists (iACLs). Although it is often difficult to block traffic that transits a network, it is possible to identify traffic that should never be allowed to target infrastructure devices and block that traffic at the border of networks. Infrastructure Access Control Lists (iACLs) are a network security best practice and should be considered as a long-term addition to good network security. The white paper entitled "Protecting Your Core: Infrastructure Protection Access Control Lists" presents guidelines and recommended deployment techniques for infrastructure protection access lists and is available at the following link: http://www.cisco.com/en/US/tech/tk648/tk361/technologies_white_paper09186a00801a1a55.shtml Status of this Notice: INTERIM ============================== THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. CISCO EXPECTS TO UPDATE THIS DOCUMENT AS NEW INFORMATION BECOMES AVAILABLE. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Revision History ================ +------------------------------------------------------------+ | Revision 1.0 | 2011-May-05 | Initial public release | +------------------------------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html. This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt. +-------------------------------------------------------------------- Copyright 2010-2011 Cisco Systems, Inc. All rights reserved. +-------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iF4EAREIAAYFAk3CsMoACgkQQXnnBKKRMNBp2AD+Odzl3qrzCbs0IOArRrPfUPpV Rq0xW2X33LL6vjYZERkA/2/UIk7TaqfMZ3Idvx/oDa4hy951XR/YPJxiHCknUjY2 =JZH0 -----END PGP SIGNATURE-----