Security Advisory: Cisco IOS Software Multiple SNMP Community String Vulnerabilities
                                                   
Revision 1.1 INTERIM

  For Public Release 2001 February 28 11:00 US/Eastern (UTC-0500)
     ________________________________________________________________________________________
   
Summary

   Multiple Cisco IOSŽ Software and CatOS software releases contain several independent but
   related vulnerabilities involving the unexpected creation and exposure of SNMP community
   strings. These vulnerabilities can be exploited to permit the unauthorized viewing or
   modification of affected devices.
   
   To remove the vulnerabilities, Cisco is offering free software upgrades for all affected
   platforms. The defects are documented in DDTS records CSCds32217, CSCds16384, CSCds19674,
   CSCdr59314, CSCdr61016, and CSCds49183.
   
   In addition to specific workarounds for each vulnerability, affected systems can be protected
   by preventing SNMP access.
   
   This notice will be posted at
   http://www.cisco.com/warp/public/707/ios-snmp-community-vulns-pub.shtml.
   
Affected Products

   The vulnerabilities described in this notice are present in Cisco router and switch products
   that are running certain releases of Cisco IOS software or CatOS software. Only Cisco
   products running affected releases are vulnerable. No other Cisco products are affected.
   
   To determine the software running on a Cisco product, log in to the device and display the
   system banner with the command "show version". Cisco IOS software will identify itself as
   "Internetwork Operating System Software" or simply "IOS (tm)". The image name will be
   displayed between parentheses, usually on the next line of output, followed by "Version" and
   the IOS release name. Other Cisco devices will not have the "show version" command or will
   give different output.
   
   The following example identifies a Cisco product running IOS release 12.0(3) with an
   installed image name of C2500-IS-L:
Cisco Internetwork Operating System Software IOS (tm)
2500 Software (C2500-IS-L), Version 12.0(3), RELEASE SOFTWARE
       
   To determine if the Cisco product is affected, compare the information obtained above to the
   lists of affected platforms and releases shown below.
   
   Cisco devices that may be running an affected IOS software release include, but are not
   limited to:
     * 800, 1000, 1005, 1400, 1600, 1700, 2500, 2600, 3600, MC3810, 4000, 4500, 4700, 6200, 6400
       NRP, 6400 NSP series Cisco routers.
     * ubr900 and ubr920 universal broadband routers.
     * Catalyst 2900 ATM, 2900XL, 2948g, 3500XL, 4232, 4840g, 5000 RSFC series switches.
     * 5200, 5300, 5800 series access servers.
     * Catalyst 6000 MSM, 6000 Hybrid Mode, 6000 Native Mode, 6000 Supervisor Module, Catalyst
       ATM Blade.
     * RSM, 7000, 7010, 7100, 7200, ubr7200, 7500, 10000 ESR, and 12000 GSR series Cisco
       routers.
     * DistributedDirector.
     * Catalyst 8510CSR, 8510MSR, 8540CSR, 8540MSR series switches.
       
   Cisco products that do not run Cisco IOS software and are not affected by the vulnerabilities
   described in this notice include, but are not limited to:
     * Cisco PIX firewall.
     * Aironet and Cisco/Aironet wireless products.
     * CSS11000, Cache Engine, and LocalDirector products.
     * VPN products such as the Altiga concentrator.
     * Host-based network management or access management products.
     * Cisco IP Telephony and telephony management software (except those that are hosted on a
       vulnerable IOS platform).
     * Voice gateways and convergence products (except those that are hosted on a vulnerable IOS
       platform).
     * Optical switch products such as the ONS 15000 series.
       
Details

   These vulnerabilities are the result of defects in the functions responsible for Simple
   Network Management Protocol (SNMP), an Internet standard for the remote administration of
   network devices. SNMP makes use of one or more labels called "community strings" to delimit
   groups of "objects" (variables) that can be viewed or modified on a device. The SNMP data in
   such a group is organized in a tree structure called a Management Information Base (MIB). A
   single device may have multiple MIBs connected together into one large structure, and various
   community strings may provide read-only or read-write access to different, possibly
   overlapping portions of the larger data structure. An example of a read-only variable might
   be a counter showing the total number of octets sent or received through an interface. An
   example of a read-write variable might be the speed of an interface, or the hostname of a
   device.
   
   Community strings also provide a weak form of access control in earlier versions of SNMP, v1
   and v2c. (SNMPv3 provides much improved access control using strong authentication and should
   be preferred over SNMPv1 and SNMPv2c wherever it is supported.) If a community string is
   defined, then it must be provided in any basic SNMP query if the requested operation is to be
   permitted by the device. Community strings usually allow read-only or read-write access to
   the entire device. In some cases, a given community string will be limited to one group of
   read-only or read-write objects described in an individual MIB.
   
   In the absence of additional configuration options to constrain access, knowledge of the
   single community string for the device is all that is required to gain access to all objects,
   both read-only and read-write, and to modify any read-write objects. The defects responsible
   for these vulnerabilities are grouped here by function:
   A read-only community string is unexpectedly added when a "snmp-server community" command is
       entered in the configuration of a device where "community" does not already exist on the
       device as a valid community string. If deleted, this community string will reappear after
       the device is reloaded. CSCdr61016 documents the defect in IOS for routers and
       switch-routers and only affects IOS releases 12.0(7)T, 12.1(1)E and 12.1(2). CSCds49183
       refers to the equivalent defect affecting products from the 2900XL and 3500XL series, and
       only affects IOS releases 12.0(5)XU and 12.0(5)XW.
       The defect arises from implementation of the SNMPv2 "informs" functionality, which
       involves the exchange of read-only community strings for the sharing of status
       information. When an affected device processes a command defining a host to receive SNMP
       "traps" (logging messages) such as the "snmp-server host" command, then the community
       specified in the trap statement is also configured for general use if it is not already
       defined in the saved configuration. This occurs even if the community was previously
       removed and the configuration was saved to memory prior to a system reload.
       The read-write community string is exposed when the device is examined via a "walk", or
       traversal, of the View-based Access Control MIB (VACM) using the device's read-only
       community string. View-based Access Control is a feature of SNMPv3 added to IOS in
       version 12.0(3)T. CSCds32217 describes the defect in IOS, CSCds16384 applies to IOS
       running on 2900XL and 3500XL switches, and CSCds19674 documents the defect in CatOS on
       Catalyst switches. Most IOS releases in 12.0 (after 12.0(3)T) as well as most 12.1
       releases contain this vulnerability, as well as 12.0(5.2)XU and 12.0(5)XW for the 2900XL
       and 3500XL switches, and CatOS releases 5.4(1) - 5.5(3)and 6.1(1) for the Catalyst
       switches.
       Implementation of new cable-industry standards for management of cable modems introduced
       an undocumented read-write community string, "cable-docsis", which was intended only for
       DOCSIS-compliant cable-capable devices. It was inadvertently enabled by default for all
       devices except DOCSIS-compatible cable modems and head end units in a limited range of
       IOS releases. This defect is documented as CSCdr59314. This vulnerability is confined to
       a very narrow set of IOS releases based on 12.1(3) and 12.1(3)T, and it is fixed in
       12.1(4) and 12.1(5)T releases and following.
       
   Full details are provided in the software section below regarding the status of each
   vulnerability in specific releases.
   
   A separate Cisco Security Advisory has recently been announced regarding an SNMP
   vulnerability due to an undocumented default "ILMI" read-write community string in IOS. That
   advisory, http://www.cisco.com/warp/public/707/ios-snmp-ilmi-vuln-pub.shtml, should be
   consulted in tandem with this notice.
   
Impact

   Knowledge of read-only community strings allows read access to information stored on an
   affected device, leading to a failure of confidentiality. Knowledge of read-write community
   strings allows remote configuration of affected devices without authorization, possibly
   without the awareness of the administrators of the device and resulting in a failure of
   integrity and a possible failure of availability.
   
   These vulnerabilities could be exploited separately or in combination to gain access to or
   modify the configuration and operation of any affected devices without authorization.
   Customers are urged to upgrade affected systems to fixed releases of software, or to apply
   measures to protect such systems against unauthorized use by restricting access to SNMP
   services until such time as the devices can be upgraded.
   
Software Versions and Fixes

   This security advisory represents a combination of multiple related product security
   vulnerabilities. The affected trains and releases are not identical for all of the defects,
   but there are significant groups of releases where affected versions intersect with others.
   Unless otherwise noted, each label displayed under "Availability of Fixed Releases"
   identifies the release that resolves all of these defects for that specific train.
   Please note the following exceptions:
   IOS software Major Release version 12.0 and IOS releases based on 11.x or earlier are not
       affected by the vulnerabilities described in this notice. All other releases of 12.0,
       such as 12.0DA, 12.0S or 12.0T, may be affected.
       CSCdr59314 is only present in certain 12.1(3) releases and does not affect any other IOS
       releases.
       Fixes for all six defects have been integrated into 12.2 prior to its initial
       availability, and therefore all releases based on 12.2 and all later versions are not
       vulnerable to the defects described in this advisory.
       
   The following table summarizes the IOS software releases that are known to be affected, and
   the earliest estimated dates of availability for the recommended fixed versions. Dates are
   always tentative and subject to change.
   
   Each row of the table describes a release train and the platforms or products for which it is
   intended. If a given release train is vulnerable, then the earliest possible releases that
   contain the fix and the anticipated date of availability for each are listed in the
   "Rebuild", "Interim", and "Maintenance" columns. A device running any release in the given
   train that is earlier the release in a specific column (less than the earliest fixed release)
   is known to be vulnerable, and it should be upgraded at least to the indicated release or a
   later version (greater than the earliest fixed release label).
   
   When selecting a release, keep in mind the following definitions:
   
        Maintenance
                Most heavily tested and highly recommended release of any label in a given row
                of the table.
                
        Rebuild
                Constructed from the previous maintenance or major release in the same train, it
                contains the fix for a specific defect. Although it receives less testing, it
                contains only the minimal changes necessary to effect the repair.
                
        Interim
                Built at regular intervals between maintenance releases and receive less
                testing. Interims should be selected only if there is no other suitable release
                that addresses the vulnerability, and interim images should be upgraded to the
                next available maintenance release as soon as possible. Interim releases are not
                available via manufacturing, and usually they are not available for customer
                download from CCO without prior arrangement with the Cisco TAC.
                
   In all cases, customers should exercise caution to be certain the devices to be upgraded
   contain sufficient memory and that current hardware and software configurations will continue
   to be supported properly by the new release. If the information is not clear, contact the
   Cisco TAC for assistance as shown in the following section.
   
   More information on IOS release names and abbreviations is available at
   http://www.cisco.com/warp/public/620/1.html.
   
   Train Description of Image or Platform Availability of Fixed Releases*
   Catalyst Software Releases Rebuild Interim** Maintenance
   5.5       5.5(3)
   Available
   6.1       6.1(2)
   Available
   11.x-based Releases and Earlier Rebuild Interim** Maintenance
   11.x and earlier Multiple releases and platforms Not Vulnerable
   12.0-based Releases Rebuild Interim** Maintenance
   12.0 General Deployment release for all platforms Not Vulnerable
   12.0DA xDSL support: 6100, 6200
   Vulnerable to CSCds32217 12.1(5)DA1   12.1(6)DA
   2001-Mar-19 Unscheduled
   12.0DB General deployment release for all platforms 12.1(4)DB1
   2001-Feb-26
   12.0DC General deployment release for all platforms 12.1(4)DC2
   2001-Feb-20
   12.0S Core/ISP support: GSR, RSP, c7200 12.0(15)S1   12.0(16)S
   2001-Feb-20 2001-Mar-12
   12.0SC Cable/broadband ISP: ubr7200 12.0(15)SC1
   2001-Mar-05
   12.0SL 10000 ESR: c10k 12.0(14)SL1
   2001-Feb-26
   12.0ST General deployment release for all platforms 12.0(11)ST2   12.0(15)ST
   2001-Feb-26 2001-Mar-05
   12.0SX Early Deployment (ED) 12.1(5c)E8
   2001-Feb-26
   12.0T Early Deployment(ED): VPN, Distributed Director, various platforms     12.1(7)
   2001-Feb-26
   12.0W5 Catalyst switches: cat8510c, cat8540c, c6msm, ls1010, cat8510m, cat8540m, c5atm,
   c5atm, c3620, c3640, c4500, c5rsfc, c5rsm, c7200, rsp, cat2948g, cat4232 Not Vulnerable
   12.0WT Early deployment release Not Vulnerable
   12.0XA Early Deployment (ED): limited platforms     12.1(7)
   2001-Feb-26
   12.0XB Short-lived early deployment release     12.1(7)
   2001-Feb-26
   12.0XC Early Deployment (ED): limited platforms     12.1(7)
   2001-Feb-26
   12.0XD Early Deployment (ED): limited platforms     12.1(7)
   2001-Feb-26
   12.0XE Early Deployment (ED): limited platforms 12.1(5c)E8
   2001-Feb-26
   12.0XF Early Deployment (ED): limited platforms     12.1(7)
   2001-Feb-26
   12.0XG Early Deployment (ED): limited platforms     12.1(7)
   2001-Feb-26
   12.0XH Early Deployment (ED): limited platforms 12.0(4)XH5
   2001-Mar-05
   12.0XI Early Deployment (ED): limited platforms     12.1(7)
   2001-Feb-26
   12.0XJ Early Deployment (ED): limited platforms     12.1(7)
   2001-Feb-26
   12.0XK Early Deployment (ED): limited platforms 12.0(7)XK4
   2001-Mar-05
   12.0XL Early Deployment (ED): limited platforms 12.0(4)XH5
   2001-Mar-05
   12.0XM Short-lived early deployment release     12.1(7)
   2001-Feb-26
   12.0XN Early Deployment (ED): limited platforms     Indeterminate
   Unscheduled
   12.0XP Early Deployment (ED): limited platforms Not Vulnerable
   12.0XQ Short-lived early deployment release     12.1(7)
   2001-Feb-26
   12.0XR Short-lived early deployment release 12.1(5)T5
   2001-Mar-05
   12.0XS Short-lived early deployment release 12.1(5c)E8
   2001-Feb-26
   12.0XU Early Deployment (ED): limited platforms Not Vulnerable
   12.0XW Early Deployment (ED): limited platforms Not Vulnerable
   12.0XV Short-lived early deployment release 12.1(5)T5   12.1WC
   2001-Mar-05 2001-Apr-12
   12.1-based and Later Releases Rebuild Interim** Maintenance
   12.1 General deployment release for all platforms   12.1(5.1) 12.1(7)
   Available 2001-Feb-26
   12.1AA Dial support     12.1(7)AA
   2001-Mar-12
   12.1DA xDSL support: 6100, 6200 12.1(5)DA1   12.1(6)DA
   2001-Feb-28 Unscheduled
   12.1CX Core/ISP support: GSR, RSP, c7200     12.1(4)CX
   2001-Feb-20
   12.1DB General deployment release for all platforms 12.1(4)DB1
   2001-Mar-05
   12.1DC General deployment release for all platforms 12.1(4)DC2
   2001-Mar-05
   12.1E Core/ISP support: GSR, RSP, c7200 12.1(5c)E8
   2001-Mar-05
   12.1EC Core/ISP support: GSR, RSP, c7200 12.1(5)EC1
   2001-Feb-26
   12.1EX Core/ISP support: GSR, RSP, c7200 12.1(5c)EX
   2001-Mar-12
   12.1T Early Deployment(ED): VPN, Distributed Director, various platforms 12.1(5)T5
   2001-Mar-05
   12.1XA Early Deployment (ED): limited platforms 12.1(5)T5
   2001-Mar-05
   12.1XB Early Deployment (ED): limited platforms 12.1(5)T5
   2001-Mar-05
   12.1XC Early Deployment (ED): limited platforms 12.1(5)T5
   2001-Mar-05
   12.1XD Early Deployment (ED): limited platforms 12.1(5)T5
   2001-Mar-05
   12.1XE Early Deployment (ED): limited platforms 12.1(5)T5
   2001-Mar-05
   12.1XF Early Deployment (ED): 811 and 813 (c800 images) 12.1(2)XF3
   2001-Mar-05
   12.1XG Early Deployment (ED): 800, 805, 820, and 1600 12.1(3)XG4
   2001-Mar-05
   12.1XH Early Deployment (ED): limited platforms 12.1(2)XH1
   2001-Mar-05
   12.1XI Early Deployment (ED): limited platforms 12.1(3a)XI6
   2001-Mar-19
   12.1XJ Early Deployment (ED): limited platforms     Indeterminate
   Unscheduled
   12.1XK Early Deployment (ED): limited platforms 12.1(5)T5
   2001-Mar-05
   12.1XL Early Deployment (ED): limited platforms 12.1(3)XL1
   2001-Mar-05
   12.1XM Short-lived early deployment release 12.1(5)XM1
   2001-Feb-28
   12.1XP Early Deployment (ED): 1700 and SOHO 12.1(3)XP3
   2001-Mar-05
   12.1XQ Short-lived early deployment release 12.1(3)XQ3
   2001-Mar-05
   12.1XR Short-lived early deployment release 12.1(5)XR1
   2001-Feb-20
   12.1XS Short-lived early deployment release     12.1(5)XS
   2001-Mar-12
   12.1XT Early Deployment (ED): 1700 series 12.1(3)XT2
   2001-Mar-05
   12.1XU Early Deployment (ED): limited platforms 12.1(5)XU1
   2001-Feb-15
   12.1XV Short-lived early deployment release 12.1(5)XV1
   2001-Mar-05
   12.1XW Short-lived early deployment release 12.1(5)XW2
   2001-Mar-02
   12.1XX Short-lived early deployment release 12.1(5)XX3
   2001-Mar-02
   12.1XY Short-lived early deployment release 12.1(5)XY4
   2001-Mar-02
   12.1XZ Short-lived early deployment release 12.1(5)XZ2
   2001-Feb-26
   12.1YA Short-lived early deployment release 12.1(5)YA1
   2001-Feb-28
   12.1YB Short-lived early deployment release     12.1(5)YB
   2001-Feb-13
   12.1YC Short-lived early deployment release 12.1(5)YC1
   2001-Feb-26
   12.1YD Short-lived early deployment release     12.1(5)YD
   2001-Mar-12
   Notes
   * All dates are estimated and subject to change.
   
   ** Interim releases are subjected to less rigorous testing than regular maintenance releases,
   and may have serious bugs.
   
Obtaining Fixed Software

   Cisco is offering free software upgrades to remedy this vulnerability for all affected
   customers. Customers with service contracts may upgrade to any software release. Customers
   without contracts may upgrade only within a single row of the table above, except that any
   available fixed software release will be provided to any customer who can use it and for whom
   the standard fixed software release is not yet available. Customers may install only the
   feature sets they have purchased.
   
   Note that not all fixed software may be available as of the release date of this notice.
   
   Customers with contracts should obtain upgraded software through their regular update
   channels. For most customers, this means that upgrades should be obtained via Cisco's
   Software Center at http://www.cisco.com/.
   
   Customers without contracts or warranty status should get their upgrades by contacting the
   Cisco Technical Assistance Center (TAC) as shown below:
     * (800) 553-2447 (toll-free in North America)
     * +1 408 526 7209 (toll call from anywhere in the world)
     * e-mail: tac@cisco.com
       
   See http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml for additional TAC contact
   information, including instructions and e-mail addresses for use in various languages.
   
   Give the URL of this notice as evidence of your entitlement to a free upgrade. Free upgrades
   for non-contract customers must be requested through the TAC. Please do not contact either
   "psirt@cisco.com" or "security-alert@cisco.com" for software upgrades; faster results will be
   obtained by contacting the TAC directly.
   
Workarounds

   All of the following workarounds must be configured while in enable mode on the affected
   router or switch. Be sure to save the changes with the "write memory" command after each
   configuration change.
   The workaround for the vulnerability introduced by CSCdr61016 and CSCds49183 is to configure
       community strings for the snmp-server hosts prior to configuring the snmp-server hosts.
       This command should include the desired access restrictions on this community string. In
       the following example, "1.2.3.4" is the IP address of the host intended to receive SNMP
       traps:
router#config term
   ! create access list
router(config)#access-list 66 deny any
   ! configure community string with access restrictions
router(config)#snmp-server community public ro 66
   ! configure snmp-server host
router(config)#snmp-server host 1.2.3.4 public
router(config)#exit
router#write memory
router#
       If the "snmp-server community" command is entered after one or more "snmp-server host"
       commands have been entered using the same community string, then all of the "snmp-server
       host" commands must be re-entered due to the otherwise unrelated defect CSCdr21997. This
       latter defect prevents traps or informs from leaving the router using the community
       string. The defect is present in some but not all of the same IOS releases as CSCdr61016.
       To permanently remove communities after definition of the "snmp-server host" command, the
       associated "snmp-server host" commands that correspond to those communities must also be
       removed.
       The vulnerability described in CSCds32217 and CSCds16384 can be remedied by using the
       "snmp-server view" command to block the ability to poll the SNMP-VIEW-BASED-ACM-MIB. The
       result is a view that restricts the ability to browse the SNMP-VIEW-BASED-ACM-MIB, and it
       must be applied to all read-only community strings. For example:
router#config term
   ! create view
router(config)#snmp-server view novacm internet included
   ! block vacmSecurityToGroupEntry table
router(config)#snmp-server view novacm internet.6.3.16 excluded
   ! apply view to read-only security string
router(config)#snmp-server community public view novacm RO
router(config)#exit
router#write memory
router#
       If the affected router or switch already contains more than one read-write community
       string, then all read-write community strings must be prevented from reading the
       SNMP-VIEW-BASED-ACM-MIB. For read-write community strings that do not have a view
       applied, create a new view and apply it to the community string. If a read-write
       community string already has a view applied to it, then modify the view to prevent access
       to the SNMP-VIEW-BASED-ACM-MIB. Both situations are shown below.
       If the following example is part of a pre-existing configuration:
router#show running-config
...
snmp-server view oldview internet included
snmp-server view oldview ipRouteTable excluded
snmp-server view oldview ipNetToMediaTable excluded
snmp-server view oldview at excluded
snmp-server community tech view oldview RW
snmp-server community private RW
...
       then the following modifications will exclude the SNMP-VIEW-BASED-ACM-MIB:
router#config term
   ! block vacmSecurityToGroupEntry table in existing view
router(config)#snmp-server view oldview internet.6.3.16 excluded
   ! create new view
router(config)#snmp-server view novacm internet included
router(config)#snmp-server view novacm internet.6.3.16 excluded
   ! apply new view
router(config)#snmp-server community private view novacm RW
router(config)#exit
router#write memory
router#
       NOTE: For the fullest protection provided by this workaround, every existing view on the
       affected switch or router must be modified in a similar manner.
       The vulnerability described in CSCds19674 for CatOS can be remedied by using the "set
       snmp view" command to prevent access to the SNMP-VIEW-BASED-ACM-MIB. For example:
switch#set snmp view defaultUserView 1.3.6.1.6.3.16.1.2 excluded nonvolatile
       If the "cable-docsis" community string is deleted from the configuration, then CSCdr59314
       causes it to automatically reappear after the system is reloaded. The following
       workaround prohibits the use of the "cable-docsis" community string by defining an access
       list statement that completely denies any requests for it:
router#config term
   ! create access list
router(config)#access-list 66 deny any
   ! apply access restrictions to cable-docsis community string
router(config)#snmp-server community cable-docsis ro 66
router(config)#exit
router#write memory
router#
       
Exploitation and Public Announcements

   CSCdr59314 was discovered internally and repaired. Cisco is aware of one incident in which a
   customer's routers were modified without authorization by using the "cable-docsis" community
   string. The vulnerability was brought to the attention of the Cisco Product Security Incident
   Response Team when the customer reported the incident. The other vulnerabilities were
   initially reported by customers on one product or confirmed internally on other products
   during repair.
   
   Although Cisco has no knowledge of a specific program or script designed to make use of these
   vulnerabilities, there are numerous off-the-shelf programs and scripts available which could
   be used as-is or modified to exploit any of the vulnerabilities described in this notice.
   
   Cisco is not aware of any general discussion of these vulnerabilities in public forums.
   
Status of This Notice: INTERIM

   This is an interim security advisory. Cisco anticipates issuing updated versions of this
   notice at irregular intervals as there are material changes in the facts, and will continue
   to update this notice as necessary. The reader is warned that this notice may contain
   inaccurate or incomplete information. Although Cisco cannot guarantee the accuracy of all
   statements in this notice, all of the facts have been checked to the best of our ability.
   Cisco anticipates issuing monthly updates of this notice until it reaches FINAL status.
   
   A standalone copy or paraphrase of the text of this security advisory that omits the
   distribution URL in the following section is an uncontrolled copy, and may lack important
   information or contain factual errors.
   
Distribution

   This notice will be posted at
   http://www.cisco.com/warp/public/707/ios-snmp-community-vulns-pub.shtml.
   
   In addition to Worldwide Web posting, a text version of this notice will be clear-signed with
   the Cisco PSIRT PGP key and will be posted to the following e-mail and Usenet news
   recipients:
     * cust-security-announce@cisco.com
     * bugtraq@securityfocus.com
     * firewalls@lists.gnac.com
     * first-teams@first.org (including CERT/CC)
     * cisco@spot.colorado.edu
     * cisco-nsp@puck.nether.net
     * comp.dcom.sys.cisco
     * Various internal Cisco mailing lists
       
   Future updates of this notice, if any, will be placed on Cisco's Worldwide Web server, but
   may or may not be actively announced on mailing lists or newsgroups. Users concerned about
   this problem are encouraged to check the URL given above for any updates.
   
Revision History

   Revision 1.0 2001-Feb-28 Initial public release
   Revision 1.1 2001-Mar-02 Revised software table with corrected version numbers
   
Cisco Security Procedures

   Complete information on reporting security vulnerabilities in Cisco products, obtaining
   assistance with security incidents, and registering to receive security information from
   Cisco, is available on Cisco's Worldwide Web site at
   http://www.cisco.com/warp/public/707/sec_incident_response.shtml. This includes instructions
   for press inquiries regarding Cisco security notices.
     ________________________________________________________________________________________
   
   This notice is Copyright 2001 by Cisco Systems, Inc. This notice may be redistributed freely
   after the release date given at the top of the text, provided that redistributed copies are
   complete and unmodified, and include all date and version information.
     ________________________________________________________________________________________