HOME > VULNERABILITY NOTES


   VULNERABILITY NOTE

 

CERT-In Vulnerability Note CIVN-2009-07
Cisco Global Site Selector DNS Request Denial of Service

Original Issue Date:January 15, 2009

Severity Rating: Medium

Systems Affected

Cisco GSS firmware versions prior to 3.0(1) are vulnerable on any of the following devices:

  • Cisco GSS 4480 Global Site Selector
  • Cisco GSS 4490 Global Site Selector
  • Cisco GSS 4491 Global Site Selector
  • Cisco GSS 4492R Global Site Selector

Overview

A vulnerability has been reported in Cisco Global Site Selector, which can be exploited by a remote attacker to cause a Denial of Service condition.

Description

 The Cisco Application Control Engine Global Site Selector (GSS) allows customers to leverage global content deployment across multiple distributed and mirrored data locations, optimizing site selection, improving Domain Name System (DNS) responsiveness, and ensuring data center availability.

The GSS is inserted into the traditional DNS hierarchy and is closely integrated with the Cisco CSS, Cisco Content Switching Module (CSM), or third-party server load balancers (SLBs) to monitor the health and load of the SLBs in customer's data centers. The GSS uses this information and user-specified routing algorithms to select the best-suited and least-loaded data center in real time.

A vulnerability exists in the GSS when processing a specific sequence of DNS requests. An exploit of the vulnerability may result in a crash of the DNS service on the GSS. Repeated attempts results in DoS condition.

Workaround

A workaround for this vulnerability includes setting the property "ServerConfig.dnsserver.returnError" to disabled (or zero). The following example shows how to set the property to disabled. It is enabled by default:

GSS#config terminal
GSS(config)#$sserver.returnError 0
GSS(config)#property set ServerConfig.dnsserver.returnError 0
GSS(config)#exit
GSS#write memory

Solution

Update to version 3.0(1) or later as suggested by vendor:
http://www.cisco.com/pcgi-bin/tablebuild.pl/gss-3des?
psrtdcat20e2

Vendor Information

Cisco
http://www.cisco.com/warp/public/707/cisco-sa-20090107-gss.shtml

References

 Cisco
http://www.cisco.com/warp/public/707/cisco-sa-20090107-gss.shtml

SecurityFocus
http://www.securityfocus.com/bid/33152

Secunia
http://secunia.com/Advisories/33429/

SecurityTracker
http://www.securitytracker.com/alerts/2009/Jan/1021530.html

CVE Name
CVE-2008-3819


Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003