COMMAND

	Various Cisco products affected of remote reboot/mail relay via httpd

SYSTEMS AFFECTED

	 Problem 1

	 =========

	

	  Cisco Cache Engine and Content Engine :

	   * Content Engine 507, 560, 590, or 7320 running cache software 2.x, 3.1,

	     4.0.x, or 4.1.x

	   * Cache Engine 505, 550, or 570 running software version 2.2.0 or above

	   * Content Router CR-4430 running ACNS 4.x

	   * Content Distribution Manager CDM-4630 or CDM-4650 running ACNS 4.x

	

	 Problem 2

	 =========

	

	  CSS 11000 series switches running :

	   * 04.01.053s and earlier

	   * 05.00.038s and earlier

	   * 05.01.012s and earlier

	   * 05.02.005s and earlier

PROBLEM

	In Cisco security advisories :
	

	[http://www.cisco.com/warp/public/707/css-http-post-pub.shtml]

	Credit to : James Mancini of Netreo Inc.

	-and-
	

	[http://www.cisco.com/warp/public/707/transparentcache-tcp-relay-vuln-pub.shtml]

	

	

	

	 Problem 1

	 =========

	

	It has been reported to Cisco that the affected products were  activelly
	abused as mail relayers. This  is  done  in  instructing  the  https/ftp
	proxy to relay instructions to SMTP.
	

	 Problem 2

	 =========

	

	Sending XML data, or HTML POST to the https servers (8081)  will  reboot
	the device.

SOLUTION

	 Workarounds

	 ===========

	

	

	  Problem 1

	  =========

	

	Cisco recommands to blocks the use of redirected proxy requests for  any
	port other than 443.
	

	    https destination-port allow 443

	    https destination-port deny all

	

	If the HTTPS proxy  is  not  necessary  to  an  installation,  then  the
	command \"https destination-port allow 443\" can be excluded .
	

	  Problem 2

	  =========

	

	Cisco recommands to :
	

	 Disable web-based management of the device:

	 restrict web-mgmt 

	 restrict xml 

	

	

	 Patch

	 =====

	

	Patches are available for both issues, follow the  link  at  the  to  of
	announcement.