===================================================================== CERT-Renater Note d'Information No. 2007/VULN248 _____________________________________________________________________ DATE : 15/05/2007 HARDWARE PLATFORM(S) : Cisco. OPERATING SYSTEM(S) : Cisco IOS, Cisco IPS Sensor Software. ====================================================================== http://www.cisco.com/warp/public/707/cisco-sr-20070514-unicode.shtml ---------------------------------------------------------------------- Cisco Security Response: HTTP Full-Width and Half-Width Unicode Encoding Evasion http://www.cisco.com/warp/public/707/cisco-sr-20070514-unicode.shtml Revision 1.0 For Public Release 2007 May 14 2000 UTC (GMT) - ----------------------------------------------------------------------- Cisco Response ============== The U.S. Computer Emergency Response Team (US-CERT) has reported a network evasion technique using full-width and half-width unicode characters that affects several Cisco products. The US-CERT advisory is available at the following link: http://www.kb.cert.org/vuls/id/739224 By encoding attacks using a full-width or half-width unicode character set, an attacker can exploit this vulnerability to evade detection by an Intrusion Prevention System (IPS) or firewall. This may allow the attacker to covertly scan and attack systems normally protected by an IPS or firewall. This response is posted at the following link: http://www.cisco.com/warp/public/707/cisco-sr-20070514-unicode.shtml Additional Information ====================== The following Cisco products are affected by this vulnerability (all versions are affected unless a specific version is explicitly mentioned): * Cisco Intrusion Prevention System (IPS): Cisco Bug ID CSCsi58602 * Cisco IOS with Firewall/IPS Feature Set: Cisco Bug ID CSCsi67763 The Cisco PSIRT is not aware of any malicious use of the vulnerability described in this document. This issue was reported to Cisco by US-CERT. The original issue was reported to US-CERT by Fatih Ozavci and Caglar Cakici of Gamasec Security. Cisco would like to thank US-CERT, Fatih Ozavci and Caglar Cakici for bringing this issue to our attention. THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. Revision History ================ +------------------------------------------------------+ | Revision 1.0 | 2007-May-14 | Initial public release | +------------------------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html. This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt. - ----------------------------------------------------------------------- All contents are Copyright 2006-2007 Cisco Systems, Inc. All rights reserved. - ----------------------------------------------------------------------- Updated: May 14, 2007 Document ID: 91767 - ----------------------------------------------------------------------- ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================