Cisco IOS ARP表重写漏洞

发布日期: 2001-11-15

更新日期: 2001-11-19

受影响的系统:

Cisco IOS 11.1

Cisco IOS 11.2P

Cisco IOS 11.2

Cisco IOS 11.3T

Cisco IOS 11.3

Cisco IOS 12.0XV

Cisco IOS 12.0XU

Cisco IOS 12.0XS

Cisco IOS 12.0XR

Cisco IOS 12.0XQ

Cisco IOS 12.0XP

Cisco IOS 12.0XN

Cisco IOS 12.0XM

Cisco IOS 12.0XL

Cisco IOS 12.0XK

Cisco IOS 12.0XJ

Cisco IOS 12.0XI

Cisco IOS 12.0XH

Cisco IOS 12.0XG

Cisco IOS 12.0XF

Cisco IOS 12.0XE

Cisco IOS 12.0XD

Cisco IOS 12.0XC

Cisco IOS 12.0XB

Cisco IOS 12.0XA

Cisco IOS 12.0WT

Cisco IOS 12.0WC

Cisco IOS 12.0W5

Cisco IOS 12.0ST

Cisco IOS 12.0SL

Cisco IOS 12.0SC

Cisco IOS 12.0S

Cisco IOS 12.0DC

Cisco IOS 12.0DB

Cisco IOS 12.0DA

Cisco IOS 12.0

Cisco IOS 12.1YH

Cisco IOS 12.1YF

Cisco IOS 12.1YE

Cisco IOS 12.1YD

Cisco IOS 12.1YC

Cisco IOS 12.1YB

Cisco IOS 12.1YA

Cisco IOS 12.1XX

Cisco IOS 12.1XW

Cisco IOS 12.1XV

Cisco IOS 12.1XU

Cisco IOS 12.1XT

Cisco IOS 12.1XS

Cisco IOS 12.1XR

Cisco IOS 12.1XQ

Cisco IOS 12.1XP

Cisco IOS 12.1XM

Cisco IOS 12.1XL

Cisco IOS 12.1XK

Cisco IOS 12.1XJ

Cisco IOS 12.1XI

Cisco IOS 12.1XH

Cisco IOS 12.1XG

Cisco IOS 12.1XF

Cisco IOS 12.1XE

Cisco IOS 12.1XD

Cisco IOS 12.1XC

Cisco IOS 12.1XB

Cisco IOS 12.1XA

Cisco IOS 12.1T

Cisco IOS 12.1EZ

Cisco IOS 12.1EY

Cisco IOS 12.1EX

Cisco IOS 12.1EC

Cisco IOS 12.1EA

Cisco IOS 12.1E

Cisco IOS 12.1DC

Cisco IOS 12.1DB

Cisco IOS 12.1DA

Cisco IOS 12.1AA

Cisco IOS 12.1

Cisco IOS 12.2XQ

Cisco IOS 12.2XK

Cisco IOS 12.2XJ

Cisco IOS 12.2XI

Cisco IOS 12.2XH

Cisco IOS 12.2XG

Cisco IOS 12.2XE

Cisco IOS 12.2XD

Cisco IOS 12.2XC

Cisco IOS 12.2XB

Cisco IOS 12.2XA

Cisco IOS 12.2T

Cisco IOS 12.2DD

Cisco IOS 12.2

描述:

------------------------------------------------------------------------

--------

BUGTRAQ ID: 3547

一些特定版本的Cisco IOS软件存在漏洞，通过向运行着那些IOS软件的Cisco路由

器或交换机的

有广播能力的接口（如ethernet, cable, tokenring, fddi）发送非凡的ARP包，

可以使那些

设备在那些接口上停止接收和发送ARP包。这个漏洞的问题在于当一个路由器收到

一个指向它自

身某个接口IP地址的ARP包，而IP对应的Mac地址为另一个与自身缓存里不同的Mac

地址时，路由

器中的相关ARP表中的表项将被收到的内容重写。

这种攻击只能在攻击者与被攻击的设备处于同一个网段内才能实现。这个漏洞的

Cisco漏洞ID为

CSCdu81936。

psirt@cisco.com）

链接：http://www.cisco.

com/warp/public/707/IOS-arp-overwrite-vuln-pub.sHtml

*

------------------------------------------------------------------------

--------

建议:

临时解决方法：

假如您不能马上安装补丁或者升级，NSFOCUS建议您采取以下措施以降 威胁：

* 绑定接口的IP地址和Mac地址

在运行IOS系统软件的设备上使用下面的命令：

arp

在运行CatOS系统软件的设备上使用下面的命令：

set arp [dynamicpermanentstatic]

厂商补丁：

Cisco已经提供了补丁或者升级程序，请您参考Cisco的相关安全公告进行相应的升

级：

http://www.cisco.com/warp/public/707/IOS-arp-overwrite-vuln-pub.shtml