Customizing PHP Safe Mode Published: Aug 26, 2004
  • Rating


There is a vulnerability in Cisco's Internetwork Operating System (IOS) SNMP service. When vulnerable Cisco routers or switches process specific SNMP requests, the system may reboot.

Systems Affected

     * Cisco routers and switches running vulnerable versions of IOS.
       Vulnerable IOS versions known to be affected include:

     * 12.0(23)S4, 12.0(23)S5
     * 12.0(24)S4, 12.0(24)S5
     * 12.0(26)S1
     * 12.0(27)S
     * 12.0(27)SV, 12.0(27)SV1
     * 12.1(20)E, 12.1(20)E1, 12.1(20)E2
     * 12.1(20)EA1
     * 12.1(20)EW, 12.1(20)EW1
     * 12.1(20)EC, 12.1(20)EC1
     * 12.2(12g), 12.2(12h)
     * 12.2(20)S, 12.2(20)S1
     * 12.2(21), 12.2(21a)
     * 12.2(23)
     * 12.3(2)XC1, 12.3(2)XC2
     * 12.3(5), 12.3(5a), 12.3(5b)
     * 12.3(6)
     * 12.3(4)T, 12.3(4)T1, 12.3(4)T2, 12.3(4)T3
     * 12.3(5a)B
     * 12.3(4)XD, 12.3(4)XD1


   There is a vulnerability in Cisco's Internetwork Operating System
   (IOS) SNMP service. When vulnerable Cisco routers or switches process
   specific SNMP requests, the system may reboot. If repeatedly
   exploited, this vulnerability could result in a sustained denial of
   service (DoS).

   This vulnerability is distinct from the vulnerability described in
   US-CERT Technical Alert TA04-111A issued earlier today. Cisco has
   published an advisory about this distinct SNMP issue at the following


I. Description

   The Simple Network Management Protocol (SNMP) is a widely deployed
   protocol that is commonly used to monitor and manage network devices.
   There are several types of SNMP messages that are used to request
   information or configuration changes, respond to requests, enumerate
   SNMP objects, and send both solicited and unsolicited alerts. These
   messages use UDP to communicate network information between SNMP
   agents and managers.

   There is a vulnerability in Cisco's IOS SNMP service in which attempts
   to process specific SNMP messages are handled incorrectly. This may
   potentially cause the device to reload.

   Typically, ports 161/udp and 162/udp are used during SNMP operations
   to communicate. In addition to these well-known ports, Cisco IOS uses
   a randomly selected UDP port in the range from 49152/udp to 59152/udp
   (and potentially up to 65535) to listen for other types of SNMP
   messages. While SNMPv1 and SNMPv2c formatted messages can trigger this
   vulnerability, the greatest risk is exposed when any SNMPv3 solicited
   operation is sent to a vulnerable port.

   Cisco notes in their advisory:

   "SNMPv1 and SNMPv2c solicited operations to the vulnerable ports will
       perform an authentication check against the SNMP community string,
       which may be used to mitigate attacks. Through best practices of
       hard to guess community strings and community string ACLs, this
       vulnerability may be mitigated for both SNMPv1 and SNMPv2c.
       However, any SNMPv3 solicited operation to the vulnerable ports
       will reset the device. If configured for SNMP, all affected
       versions will process SNMP version 1, 2c and 3 operations."

   Cisco is tracking this issue as CSCed68575. US-CERT is tracking this
   issue as VU#162451.

II. Impact

   A remote, unauthenticated attacker could cause the vulnerable device
   to reload. Repeated exploitation of this vulnerability could lead to a
   sustained denial of service condition.

III. Solution

Upgrade to fixed versions of IOS

   Cisco has published detailed information about upgrading affected
   Cisco IOS software to correct this vulnerability. System managers are
   encouraged to upgrade to one of the non-vulnerable releases. For
   additional information regarding availability of repaired releases,
   please refer to the "Software Versions and Fixes" section of the Cisco
   Security Advisory.



   Cisco recommends a number of workarounds, including disabling SNMP
   processing on affected devices. For a complete list of workarounds,
   see the Cisco Security Advisory.

Appendix A. Vendor Information

   This appendix contains information provided by vendors for this
   advisory. As vendors report new information to US-CERT, we will update
   this section and note the changes in our revision history. If a
   particular vendor is not listed below, we have not received their

Cisco Systems

   Please refer to Cisco Security Advisory: "Vulnerabilities in SNMP
   Message Processing". Cisco has published their advisory at the
   following location:


   US-CERT thanks Cisco Systems for notifying us about this problem.

   Feedback can be directed to the authors: Jeff Havrilla, Shawn Hernan,
   Damon Morda

  • Rating


Related Articles

Comments (12)

  • Gravatar - MooDa
    MooDa 18:29, January 16, 2006
    now when i activate safe mode some functions do not work successfully in my code like chmode for directory and copy function<br />
    how i can solve these problems?<br />
    answer me on my mail
  • Gravatar - coolkid
    coolkid 15:00, April 13, 2007<br />
    this link is not working. Plz, change it
  • Gravatar - wt
    wt 10:26, May 24, 2007
    a most-simply-made phpinfo() script could be:<br />
    <?php<br />
    phpinfo();<br />
    ?> <br />
    you can put these lines as phpinfo.php to your server.
  • Gravatar - Sharda
    Sharda 07:59, June 4, 2007
    hello, i want to turn on the register_globals flag in the /usr/local/Zend/etc/php.ini file, but not able to do that.<br />
    <br />
    please guide me.<br />
    <br />
    ur way of describing the process is excellent.
  • Gravatar - ahmad
    ahmad 20:06, August 24, 2007
    hello <br />
    how are you <br />
    >>>>>>>>>>>>>><br />
    i have free account in and i should turn off php safe mode because i want install flash chat on >>> can i make it off ???<br />
  • Gravatar - Ahmed
    Ahmed 16:56, February 21, 2008
    I think this is an old article cause I tried it on Apache 2.2 and it doesn't work with me :(<br />
  • Gravatar - Tester
    Tester 16:01, April 3, 2008
    View all script variables may be<br />
    <?php<br />
    echo '<pre>';<br />
    print_r(get_defined_vars());<br />
    echo '</pre>';<br />
  • Gravatar - Mick
    Mick 19:02, May 13, 2008
    PHP's safe_mode is a flawed system and will not be availble in PHP6. Secure your code first time, every time. Thats my two cents. Enjoy your false sense of security whilst you can.
  • Gravatar - dee
    dee 15:00, August 22, 2008
    Hi. I have a account with big company that own the server. Is possible to turn the save-mode off for my website? Tried to locate php.ini but couldn't find it.
  • Gravatar - Isaac Flores
    Isaac Flores 22:30, July 26, 2010
    Great post!
    thank you very much :)
  • Gravatar - Nabil L.
    Nabil L. 18:42, March 11, 2011
    Should we (shared host users) wait for PHP6?
    Or move to dedicated host? Still expensive yet...

Add Your Thoughts is a hosting directory, not a web host.

Copyright © 1998-2016