The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


Cisco Security Response: Cisco IOS Cross-Site Scripting Vulnerabilities


<< Previous INDEX Search src / Print Next >>
From: Cisco Systems Product Security Incident Response Team <psirt@cisco.com.>
To: bugtraq@securityfocus.com
Subject: Cisco Security Response: Cisco IOS Cross-Site Scripting Vulnerabilities
Date: Wed, 14 Jan 2009 17:00:00 +0100
Message-id: <200901141700.http@psirt.cisco.com.>
Reply-To: psirt@cisco.com
Errors-To: nobody@cisco.com
MIME-Version: 1.0
Content-Type: Text/Plain; charset="us-ascii"
Content-Transfer-Encoding: 8bit
Prevent-NonDelivery-Report: 
Content-Return: Prohibited
X-Virus-Scanned: antivirus-gw at tyumen.ru

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Response: Cisco IOS Cross-Site Scripting
Vulnerabilities

http://www.cisco.com/warp/public/707/cisco-sr-20090114-http.shtml

Revision 1.0

For Public Release 2009 January 14 1600 UTC (GMT)

- ---------------------------------------------------------------------


Cisco Response
==============

Two separate Cisco IOS  Hypertext Transfer Protocol (HTTP) cross-site
scripting (XSS) vulnerabilities have been reported to Cisco by two
independent researchers. ProCheckup has posted a Security Advisory
titled "XSS on Cisco IOS HTTP Server" posted at 
http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-19

Cisco would like to thank Adrian Pastor and Richard J. Brain of
ProCheckUp and Nobuhiro Tsuji of NTT Data Security Corporation with
co-operation of JPCert.

This Cisco Security Response is posted at the following link: 
http://www.cisco.com/warp/public/707/cisco-sr-20090114-http.shtml

Additional Information

This response covers two separate cross-site scripting vulnerabilities within the Cisco IOS Hypertext Transfer Protocol (HTTP) server (including HTTP secure server - here after referred to as purely HTTP Server) and applies to all Cisco products that run Cisco IOS Software versions 11.0 through 12.4 with the HTTP server enabled. A system that contains the IOS HTTP server or HTTP secure server, but does not have it enabled, is not affected. To determine if the HTTP server is running on your device, issue the show ip http server status | include status and the show ip http server secure status | include status commands at the prompt and look for output similar to: Router#show ip http server status | include status HTTP server status: Enabled HTTP secure server status: Enabled If the device is not running the HTTP server, you should see output similar to: Router#show ip http server status | include status HTTP server status: Disabled HTTP secure server status: Disabled These vulnerabilities are documented in the following Cisco bug IDs: * Cisco bug ID CSCsi13344 - XSS in IOS HTTP Server Special Characters are not escaped in URL strings sent to the HTTP server. * Cisco bug ID CSCsr72301 - XSS in IOS HTTP Server (ping parameter) Special Characters are not escaped in URL strings sent to the HTTP server, via the ping parameter. The ping parameter is used both by external applications such as Router and Security Device Manager (SDM) as well as a direct HTTP session to Cisco IOS http server. This vulnerability affects 12.1E based trains and all Cisco IOS releases after 12.2(13)T. These vulnerabilities are independent of each other. For a full solution, download a Cisco IOS version that contains the fixes for both Cisco bug IDs. These vulnerabilities have been assigned Common Vulnerabilities and Exposures (CVE) identifier CVE-2008-3821. Workaround +--------- If the HTTP server is not used for any legitimate purposes on the device, it is a best practice to disable it by issuing the following commands in configure mode: no ip http server no ip http secure-server If the HTTP server is required, it is a recommended best practice to control which hosts may access the HTTP server to only trusted sources. To control which hosts can access the HTTP server, you can apply an access list to the HTTP server. To apply an access list to the HTTP server, use the following command in global configuration mode: ip http access-class {access-list-number | access-list-name} The following example shows an access list that allows only trusted hosts to access the Cisco IOS HTTP server: ip access-list standard 20 permit 192.168.1.0 0.0.0.255 remark "Above is a trusted subnet" remark "Add further trusted subnets or hosts below" ! (Note: all other access implicitly denied) ! (Apply the access-list to the http server) ip http access-class 20 For additional information on configuring the Cisco IOS HTTP server, consult Using the Cisco Web Browser User Interface. For additional information on cross-site scripting attacks and the methods used to exploit these vulnerabilities, please refer to the Cisco Applied Mitigation Bulletin "Understanding Cross-Site Scripting (XSS) Threat Vectors", which is available at the following link: http://www.cisco.com/warp/public/707/cisco-amb-20060922-understanding-xss.shtml Further Problem Description +-------------------------- This vulnerability is about escaping characters in the URL that are sent to the HTTP server. This vulnerability is different from the vulnerability reported in Cisco bug ID CSCsc64976. The fix for this vulnerability is to escape special characters in the URL string echoed in the response generated by the web exec application. Software Version and Fixes +------------------------- When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center ("TAC") or your contracted maintenance provider for assistance. Each row of the Cisco IOS software table (below) describes a release train and the platforms or products for which it is intended. If a given release train is vulnerable, then the earliest possible releases that contain the fix (the "First Fixed Release") and the anticipated date of availability for each are listed in the "Rebuild" and "Maintenance" columns. A device running a release in the given train that is earlier than the release in a specific column (less than the First Fixed Release) is known to be vulnerable. The release should be upgraded at least to the indicated release or a later version (greater than or equal to the First Fixed Release label). For more information on the terms "Rebuild" and "Maintenance," consult the following URL: http://www.cisco.com/warp/public/620/1.html +----------------------------------------+ | Major | Availability of Repaired | | Release | Releases | |------------+---------------------------| | Affected | First Fixed | Recommended | | 12.0-Based | Release | Release | | Releases | | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.0 | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.0DA | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.0DB | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.0DC | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | 12.0(33)S3; | | | 12.0S | Available | | | | on | | | | 03-APR-2009 | | |------------+-------------+-------------| | | Vulnerable; | | | 12.0SC | first fixed | | | | in 12.0S | | |------------+-------------+-------------| | | Vulnerable; | | | 12.0SL | first fixed | | | | in 12.0S | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.0SP | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | | | 12.0ST | first fixed | | | | in 12.0S | | |------------+-------------+-------------| | | Vulnerable; | | | 12.0SX | first fixed | | | | in 12.0S | | |------------+-------------+-------------| | | Vulnerable; | | | 12.0SY | first fixed | | | | in 12.0S | | |------------+-------------+-------------| | | Vulnerable; | | | 12.0SZ | first fixed | | | | in 12.0S | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.0T | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.0(3c)W5 | | 12.0W | first fixed | (8) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.0WC | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | 12.0WT | Not | | | | Vulnerable | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.0XA | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.0XB | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.0XC | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.0XD | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.0XE | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | 12.0XF | Not | | | | Vulnerable | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.0XG | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.0XH | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Releases | | | | prior to | | | | 12.0(4)XI2 | | | | are | | | | vulnerable, | | | 12.0XI | release | 12.4(15) | | | 12.0(4)XI2 | T812.4(23) | | | and later | | | | are not | | | | vulnerable; | | | | first fixed | | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.0XJ | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.0XK | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.0XL | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.0XM | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.0XN | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.0XQ | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.0XR | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.0XS | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.0XT | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.0XV | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | Affected | First Fixed | Recommended | | 12.1-Based | Release | Release | | Releases | | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1 | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1AA | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | | | 12.1AX | first fixed | 12.2(44)SE4 | | | in 12.2SE | | |------------+-------------+-------------| | | Vulnerable; | | | 12.1AY | first fixed | 12.2(44)SE4 | | | in 12.2SE | | |------------+-------------+-------------| | | Vulnerable; | | | 12.1AZ | first fixed | 12.2(44)SE4 | | | in 12.2SE | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1CX | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1DA | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1DB | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1DC | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | 12.1E | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | | Vulnerable; | | | 12.1EA | first fixed | 12.2(44)SE4 | | | in 12.2SE | | |------------+-------------+-------------| | 12.1EB | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | | Vulnerable; | 12.2(33) | | 12.1EC | first fixed | SCA212.2 | | | in 12.3BC | (33)SCB12.3 | | | | (23)BC6 | |------------+-------------+-------------| | 12.1EO | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | | Vulnerable; | 12.2(31) | | 12.1EU | first fixed | SGA912.2 | | | in 12.2SG | (50)SG | |------------+-------------+-------------| | | Vulnerable; | 12.2(20) | | 12.1EV | first fixed | S1212.2(33) | | | in 12.4 | SB312.4(15) | | | | T812.4(23) | |------------+-------------+-------------| | | | 12.2(31) | | | Vulnerable; | SGA912.2 | | 12.1EW | first fixed | (50)SG12.4 | | | in 12.4 | (15)T812.4 | | | | (23) | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1EX | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | 12.1EY | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1EZ | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1GA | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1GB | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1T | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1XA | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1XB | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1XC | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1XD | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1XE | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1XF | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1XG | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1XH | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1XI | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1XJ | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1XL | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1XM | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1XP | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1XQ | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1XR | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1XS | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1XT | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1XU | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1XV | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1XW | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1XX | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1XY | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1XZ | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1YA | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1YB | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1YC | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1YD | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Releases | | | | prior to | | | | 12.1(5)YE6 | | | | are | | | | vulnerable, | | | 12.1YE | release | 12.4(15) | | | 12.1(5)YE6 | T812.4(23) | | | and later | | | | are not | | | | vulnerable; | | | | first fixed | | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1YF | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1YH | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | 12.1YI | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | | Vulnerable; | | | 12.1YJ | first fixed | 12.2(44)SE4 | | | in 12.2SE | | |------------+-------------+-------------| | Affected | First Fixed | Recommended | | 12.2-Based | Release | Release | | Releases | | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2 | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2B | first fixed | T812.4(23) | | | in 12.4T | | |------------+-------------+-------------| | | | 12.2(33) | | | Vulnerable; | SCA212.2 | | 12.2BC | first fixed | (33)SCB12.3 | | | in 12.4 | (23)BC612.4 | | | | (15)T812.4 | | | | (23) | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2BW | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.2(33) | | 12.2BX | first fixed | SB312.4(15) | | | in 12.4 | T812.4(23) | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2BY | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2BZ | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | | 12.2(33) | | | Vulnerable; | SCA212.2 | | 12.2CX | first fixed | (33)SCB12.3 | | | in 12.4 | (23)BC612.4 | | | | (15)T812.4 | | | | (23) | |------------+-------------+-------------| | | | 12.2(33) | | | Vulnerable; | SCA212.2 | | 12.2CY | first fixed | (33)SCB12.3 | | | in 12.4 | (23)BC612.4 | | | | (15)T812.4 | | | | (23) | |------------+-------------+-------------| | | Vulnerable; | 12.2(20) | | 12.2CZ | first fixed | S1212.2(33) | | | in 12.2SB | SB3 | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2DA | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2DD | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2DX | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.2(31) | | 12.2EW | first fixed | SGA912.2 | | | in 12.2SG | (50)SG | |------------+-------------+-------------| | | Vulnerable; | 12.2(31) | | 12.2EWA | first fixed | SGA912.2 | | | in 12.2SG | (50)SG | |------------+-------------+-------------| | 12.2EX | 12.2(40)EX | 12.2(44)EX1 | |------------+-------------+-------------| | | 12.2(44)EY; | 12.2(46)EY; | | 12.2EY | Available | Available | | | on | on | | | 30-JAN-2009 | 23-JAN-2009 | |------------+-------------+-------------| | | Vulnerable; | | | 12.2EZ | first fixed | 12.2(44)SE4 | | | in 12.2SE | | |------------+-------------+-------------| | | Vulnerable; | | | 12.2FX | first fixed | 12.2(44)SE4 | | | in 12.2SE | | |------------+-------------+-------------| | | Vulnerable; | 12.2(44) | | 12.2FY | first fixed | EX112.2(44) | | | in 12.2EX | SE4 | |------------+-------------+-------------| | | Vulnerable; | | | 12.2FZ | first fixed | 12.2(44)SE4 | | | in 12.2SE | | |------------+-------------+-------------| | 12.2IRA | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2IRB | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2IXA | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2IXB | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2IXC | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2IXD | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2IXE | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2IXF | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2IXG | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2JA | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2JK | first fixed | T812.4(23) | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2MB | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2MC | first fixed | T812.4(23) | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | | | 12.2S | first fixed | 12.2(20)S12 | | | in 12.2SB | | |------------+-------------+-------------| | | 12.2(33) | | | | SB12.2(31) | | | 12.2SB | SB14; | 12.2(33)SB3 | | | Available | | | | on | | | | 16-JAN-2009 | | |------------+-------------+-------------| | | Vulnerable; | | | 12.2SBC | first fixed | 12.2(33)SB3 | | | in 12.2SB | | |------------+-------------+-------------| | 12.2SCA | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2SCB | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2SE | 12.2(40)SE | 12.2(44)SE4 | |------------+-------------+-------------| | | Vulnerable; | | | 12.2SEA | first fixed | 12.2(44)SE4 | | | in 12.2SE | | |------------+-------------+-------------| | | Vulnerable; | | | 12.2SEB | first fixed | 12.2(44)SE4 | | | in 12.2SE | | |------------+-------------+-------------| | | Vulnerable; | | | 12.2SEC | first fixed | 12.2(44)SE4 | | | in 12.2SE | | |------------+-------------+-------------| | | Vulnerable; | | | 12.2SED | first fixed | 12.2(44)SE4 | | | in 12.2SE | | |------------+-------------+-------------| | | Vulnerable; | | | 12.2SEE | first fixed | 12.2(44)SE4 | | | in 12.2SE | | |------------+-------------+-------------| | | Vulnerable; | | | 12.2SEF | first fixed | 12.2(44)SE4 | | | in 12.2SE | | |------------+-------------+-------------| | | Vulnerable; | 12.2(44) | | 12.2SEG | first fixed | EX112.2(44) | | | in 12.2EX | SE4 | |------------+-------------+-------------| | 12.2SG | 12.2(44)SG | 12.2(50)SG | |------------+-------------+-------------| | 12.2SGA | 12.2(31) | 12.2(31) | | | SGA9 | SGA9 | |------------+-------------+-------------| | 12.2SL | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2SM | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2SO | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2SQ | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2SR | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | | Vulnerable; | | | 12.2SRA | migrate to | 12.2(33) | | | any release | SRC3 | | | in 12.2SRC | | |------------+-------------+-------------| | | Vulnerable; | | | 12.2SRB | migrate to | 12.2(33) | | | any release | SRC3 | | | in 12.2SRC | | |------------+-------------+-------------| | 12.2SRC | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2SRD | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2STE | Not | | | | Vulnerable | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2SU | first fixed | T812.4(23) | | | in 12.4T | | |------------+-------------+-------------| | 12.2SV | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2SVA | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2SVC | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2SVD | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2SVE | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | | Vulnerable; | | | 12.2SW | first fixed | 12.4(15)T8 | | | in 12.4SW | | |------------+-------------+-------------| | 12.2SX | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2SXA | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2SXB | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2SXD | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2SXE | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2SXF | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2SXH | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2SXI | Not | | | | Vulnerable | | |------------+-------------+-------------| | | Vulnerable; | 12.2(20) | | 12.2SY | first fixed | S1212.2(33) | | | in 12.2SB | SB3 | |------------+-------------+-------------| | | Vulnerable; | 12.2(20) | | 12.2SZ | first fixed | S1212.2(33) | | | in 12.2SB | SB3 | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2T | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | 12.2TPC | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2XA | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2XB | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2XC | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2XD | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2XE | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | | 12.2(33) | | | Vulnerable; | SCA212.2 | | 12.2XF | first fixed | (33)SCB12.3 | | | in 12.4 | (23)BC612.4 | | | | (15)T812.4 | | | | (23) | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2XG | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2XH | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2XI | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2XJ | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2XK | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2XL | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2XM | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | | 12.2(20) | | | | S1212.2(33) | | | | SB312.2(33) | | 12.2XN | 12.2(33)XN1 | SRC312.2 | | | | (33) | | | | XNA212.2 | | | | (33r)SRD2 | |------------+-------------+-------------| | 12.2XNA | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2XNB | Not | | | | Vulnerable | | |------------+-------------+-------------| | | 12.2(46)XO; | 12.2(46)XO; | | 12.2XO | Available | Available | | | on | on | | | 02-FEB-2009 | 02-FEB-2009 | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2XQ | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2XR | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2XS | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2XT | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2XU | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2XV | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2XW | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2YA | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | 12.2YB | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2YC | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2YD | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2YE | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2YF | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2YG | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2YH | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2YJ | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2YK | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2YL | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2YM | first fixed | T812.4(23) | | | in 12.4T | | |------------+-------------+-------------| | 12.2YN | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2YO | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2YP | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | 12.2YQ | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2YR | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2YS | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2YT | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2YU | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2YV | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2YW | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2YX | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2YY | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2YZ | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2ZA | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2ZB | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | | Releases | | | | prior to | | | | 12.2(13)ZC | | | | are | | | 12.2ZC | vulnerable, | | | | release | | | | 12.2(13)ZC | | | | and later | | | | are not | | | | vulnerable; | | |------------+-------------+-------------| | 12.2ZD | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2ZE | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2ZF | first fixed | T812.4(23) | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2ZG | first fixed | T812.4(23) | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2ZH | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | 12.2ZJ | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2ZL | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2ZP | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | | Vulnerable; | | | 12.2ZU | migrate to | | | | any release | | | | in 12.2SXH | | |------------+-------------+-------------| | | Vulnerable; | | | 12.2ZX | first fixed | 12.2(33)SB3 | | | in 12.2SB | | |------------+-------------+-------------| | 12.2ZY | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2ZYA | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | Affected | First Fixed | Recommended | | 12.3-Based | Release | Release | | Releases | | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.3 | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.3B | first fixed | T812.4(23) | | | in 12.4T | | |------------+-------------+-------------| | 12.3BC | 12.3(23)BC6 | 12.3(23)BC6 | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.3BW | first fixed | T812.4(23) | | | in 12.4T | | |------------+-------------+-------------| | 12.3EU | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.3JA | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.3JEA | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.3JEB | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.3JEC | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.3JK | first fixed | T812.4(23) | | | in 12.4T | | |------------+-------------+-------------| | 12.3JL | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.3JX | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.3T | first fixed | T812.4(23) | | | in 12.4T | | |------------+-------------+-------------| | 12.3TPC | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | | Vulnerable; | | | 12.3VA | first fixed | 12.4(15)T8 | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.3XA | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | 12.3XB | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.3XC | first fixed | T812.4(23) | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.3XD | first fixed | T812.4(23) | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.3XE | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | 12.3XF | Not | | | | Vulnerable | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.3XG | first fixed | T812.4(23) | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | | | 12.3XI | first fixed | 12.2(33)SB3 | | | in 12.2SB | | |------------+-------------+-------------| | | Vulnerable; | | | 12.3XJ | first fixed | 12.4(15)T8 | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.3XK | first fixed | T812.4(23) | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.3XL | first fixed | T812.4(23) | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.3XQ | first fixed | T812.4(23) | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.3XR | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.3XS | first fixed | T812.4(23) | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | | | 12.3XU | first fixed | 12.4(15)T8 | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | | | 12.3XW | first fixed | 12.4(15)T8 | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.3XX | first fixed | T812.4(23) | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.3XY | first fixed | T812.4(23) | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.3XZ | first fixed | T812.4(23) | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.3YA | first fixed | T812.4(23) | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | | | 12.3YD | first fixed | 12.4(15)T8 | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | | | 12.3YF | first fixed | 12.4(15)T8 | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | | | 12.3YG | first fixed | 12.4(15)T8 | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | | | 12.3YH | first fixed | 12.4(15)T8 | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | | | 12.3YI | first fixed | 12.4(15)T8 | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | | | 12.3YJ | first fixed | 12.4(15)T8 | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | | | 12.3YK | first fixed | 12.4(15)T8 | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | | | 12.3YM | first fixed | 12.4(15)T8 | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | | | 12.3YQ | first fixed | 12.4(15)T8 | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | | | 12.3YS | first fixed | 12.4(15)T8 | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | | | 12.3YT | first fixed | 12.4(15)T8 | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | | | 12.3YU | first fixed | 12.4(15)T8 | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | | | 12.3YX | first fixed | 12.4(15)T8 | | | in 12.4T | | |------------+-------------+-------------| | 12.3YZ | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | | Vulnerable; | | | 12.3ZA | first fixed | 12.4(15)T8 | | | in 12.4T | | |------------+-------------+-------------| | Affected | First Fixed | Recommended | | 12.4-Based | Release | Release | | Releases | | | |------------+-------------+-------------| | 12.4 | 12.4(16) | 12.4(23) | |------------+-------------+-------------| | 12.4JA | 12.4(16b)JA | 12.4(16b) | | | | JA1 | |------------+-------------+-------------| | 12.4JDA | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.4JK | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.4JL | 12.4(3)JL1 | 12.4(3)JL1 | |------------+-------------+-------------| | 12.4JMA | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.4JMB | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | | Vulnerable; | 12.4(16b) | | 12.4JX | first fixed | JA1 | | | in 12.4JA | | |------------+-------------+-------------| | 12.4MD | 12.4(15)MD | 12.4(15)MD2 | |------------+-------------+-------------| | 12.4MR | 12.4(16)MR | | |------------+-------------+-------------| | 12.4SW | 12.4(11)SW3 | 12.4(15)T8 | |------------+-------------+-------------| | 12.4T | 12.4(15)T | 12.4(15)T8 | |------------+-------------+-------------| | | Vulnerable; | | | 12.4XA | first fixed | 12.4(15)T8 | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | | | 12.4XB | first fixed | 12.4(15)T8 | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | | | 12.4XC | first fixed | 12.4(15)T8 | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | | | 12.4XD | first fixed | 12.4(15)T8 | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | | | 12.4XE | first fixed | 12.4(15)T8 | | | in 12.4T | | |------------+-------------+-------------| | 12.4XF | Not | | | | Vulnerable | | |------------+-------------+-------------| | | Vulnerable; | | | 12.4XG | first fixed | 12.4(15)T8 | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | | | 12.4XJ | first fixed | 12.4(15)T8 | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | | | 12.4XK | first fixed | 12.4(15)T8 | | | in 12.4T | | |------------+-------------+-------------| | 12.4XL | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.4XM | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.4XN | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.4XP | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.4XQ | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.4XR | Not | | | | Vulnerable | | |------------+-------------+-------------| | | Vulnerable; | | | 12.4XT | first fixed | 12.4(15)T8 | | | in 12.4T | | |------------+-------------+-------------| | 12.4XV | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | | | 12.4(11) | | | | XW10; | | 12.4XW | 12.4(11)XW3 | Available | | | | on | | | | 22-JAN-2009 | |------------+-------------+-------------| | 12.4XY | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.4XZ | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.4YA | Not | | | | Vulnerable | | +----------------------------------------+ Status of this Notice: FINAL
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Revision History ================ +---------------------------------------+ | Revision | | Initial | | 1.0 | 2009-January-14 | public | | | | release | +---------------------------------------+ Cisco Security Procedures
Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) iEYEARECAAYFAkluC58ACgkQ86n/Gc8U/uA6vACfY36eBjbCbnJsrnJlOCE0Mr6Y JqUAn1TVyUvBk8lGTm94F+tvmZy4n3Ke =cGUi -----END PGP SIGNATURE-----

<< Previous INDEX Search src / Print Next >>



Спонсоры:
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2021 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру