Re: Catalyst 6000 Supervisor IOS Vulnerable?

bean · ‎07-21-2003

Is the Catalyst 6000 Supervisor IOS affected by the recently discovered vulerability outlined in the following document?

http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml

I noticed that in the main IOS download area, the vulnerable IOS images were removed and new versions were recommended. But, it appears that no changes were made in the Catalyst Supervisor IOS area.

This morning (after about a year with no issues), one of our Catalyst's went down with the following error. I'm trying to determine if this was caused by the vulnerability.

%ALIGN-3-SPURIOUS: Spurious memory access made at 0x602A5640 reading 0x4

%ALIGN-3-TRACE: -Traceback= 602A5640 602A639C 602B3C0C 602B3CC0 6035EEAC 6035F184 6035F860 6035FBBC

Meanwhile, I have implemented the ACL's recommended in order to block problematic traffic to our Catalyst's from the outside world.

Thanks,

Jordan

thisisshanky · ‎07-21-2003

I dont think, the error message has anything to do with the vulnerability. Did you upgrade the image on the switch recently ? Do you see any image version mismatch errors ???

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus

bean · ‎07-21-2003

We upgraded the switch image a minimum of 4 months ago. We have two Catalyst 6500's and we've never had an issue with them. This morning one of the Catalyst's went down and came back up about 10 minutes later with the forementioned error. No changes have been made recently and no other errors were logged. Some 'show ver' output:

System returned to ROM by power-on (SP by error - a Software forced crash, PC 0x60116B14)

System image file is "sup-bootflash:c6sup11-psv-mz.121-13.E6"

Jordan

bean · ‎07-21-2003

Well, the Catalyst just went down again, so I think you're correct about it not being a vulnerability issue. I noticed on the Cisco site that the '%ALIGN-3-SPURIOUS: Spurious memory access made' are "always caused by a Cisco IOS software bug". I'm going to go ahead and try an IOS upgrade. If the RAM in the Catalyst was bad, would it be detected during the boot process? Is there an easy way to confirm that it is a software problem and NOT a hardware problem?

Jordan

thisisshanky · ‎07-21-2003

This most likely is a bug in the IOS. before upgrading, lets analyze the stack trace.

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus

thisisshanky · ‎07-21-2003

Can you get a stack trace ? "show stacks".

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus

bean · ‎07-21-2003

I plugged a console in, rebooted and am now getting:

1) First it self decompresses the image and says [OK], then I get:

Error : pre and post compression image sizes disagree

*** System received a Software forced crash ***

signal= 0x17, code= 0x8, context = 0x0

PC = 0x800080d4, Cause = 0x20, Status Reg = 0x3040d003

System Bootstrap, Version 12.0(3)XE, RELEASE SOFTWARE

Cat6k-MSFC platform with 131072 Kbytes of main memory

open: file "draco-fslib-m" not found

open(): Open Error = -1

loadprog: error - on file open

cannot load the monitor library "bootflash:%draco-fslib-m" from device: boot flashboot: cannot open "bootflash:"

boot: cannot determine first file name of device bootflash:

System Bootstrap, Version 12.0(3)XE, RELEASE SOFTWARE

Then the device just sits there. If the bootflash went bad, can I copy the bootldr and/or IOS image to my disk0: and boot off it? I just don't know how to edit the startup config...I can get the files onto the flash disk by copying them using our other Catalyst.

Jordan

bean · ‎07-21-2003

It looks like our IOS release is affected by bug ID CSCdp53157.

Now I just need to figure out how to get the bootldr and IOS updated...then we'll be back on track to do a stack trace.

Jordan