Bugtraq mailing list archives
CISCO IOS 12.1.4 Security Hole
From: Mike Bressem <mb () IMSC NET>
Date: Sun, 22 Oct 2000 17:54:33 +0200
Hi there, today I upgraded my cisco 1003 to IOS 12.1(4). The funny thing is that my accesslist on the BRI is no longer working. Take a look at the config and see for yourself : interface BRI0 ip unnumbered Ethernet0 ip access-group 101 in no ip redirects no ip proxy-arp encapsulation ppp no logging event link-status no keepalive dialer idle-timeout 240 dialer wait-for-carrier-time 300 dialer map ip XXX name XXX XXX dialer hold-queue 100 timeout 120 dialer-group 1 no snmp trap link-status isdn switch-type basic-net3 isdn caller XXX isdn incoming-voice data compress stac ppp authentication chap ppp chap hostname XXX hold-queue 100 in hold-queue 100 out ! access-list 101 permit tcp any any established access-list 101 permit udp any eq domain 213.178.0.0 0.0.0.31 access-list 101 permit tcp any eq ftp-data 213.178.0.0 0.0.0.31 access-list 101 permit tcp host 213.178.0.34 host 213.178.0.1 eq 22 access-list 101 permit tcp host 213.178.0.34 host 213.178.0.30 eq telnet access-list 101 permit gre host 213.178.0.34 213.178.0.0 0.0.0.31 access-list 101 permit gre host 193.242.95.5 213.178.0.0 0.0.0.31 access-list 101 permit udp any 213.178.0.0 0.0.0.31 gt 1023 access-list 101 deny ip any any log I can ping my laptop behind the router from the outside. Acl 101 is no longer working after the upgrade. regards, mike Mike Bressem Internet Management GmbH ============ Hauptstr. 40 35745 Herborn - Germany "Fate, it seems, is not Telefon +49 2772 4723 - 0 without a sense of irony" Telefax +49 2772 4723 - 29 PGP Fingerprint : 6F 24 75 C4 AE 55 CB E0 F2 E8 D6 DB 35 37 9F EC
Current thread:
- CISCO IOS 12.1.4 Security Hole Mike Bressem (Oct 24)
- Re: CISCO IOS 12.1.4 Security Hole alann lopes (Oct 24)
- <Possible follow-ups>
- Re: CISCO IOS 12.1.4 Security Hole Mike Bressem (Oct 24)