Cisco IOS Telnet and Reverse Telnet TCP Bug Lets Remote Users Deny Subsequent Management Terminal Connections
|
|
SecurityTracker Alert ID: 1011079
|
|
SecurityTracker URL: http://securitytracker.com/id?1011079
|
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Aug 27 2004
|
Impact: Denial of service via network
|
Vendor Confirmed: Yes
|
Description: A vulnerability was reported in Cisco IOS in the processing of telnet and reverse telnet management connections. A remote user can prevent new connections to the device.
Cisco reported that this vulnerability is being actively exploited in the wild. A remote user can establish a specially crafted
TCP connection to a telnet or reverse telnet port on the target device to cause denial of service conditions. The device may fail
to accept any subsequent telnet, reverse telnet, remote shell (RSH), and secure shell (SSH) connections. In some cases (depending
on which HTTP server version is running), the device may fail to accept HTTP connections to the device. Existing sessions are not
affected. Other device services (such as packet forwarding and routing) are not affected, either.
The TCP connection must be
cleared or the device must be reloaded to return the system to normal operations.
Cisco has assigned Cisco bug ID CSCef46191
to this vulnerability.
Regarding HTTP connections, IOS versions prior to 12.2(15)T run HTTP server version 1.0 which is affected.
IOS versions 12.2(15)T and later run include HTTP server version 1.1, which is not affected (however, other services on these versions
of IOS are affected).
|
Impact: A remote user can prevent subsequent telnet, reverse telnet, remote shell (RSH), and secure shell (SSH) connections to the target device.
|
Solution: No solution was available at the time of this entry. Cisco indicates that they are working to release fixes for this vulnerability
in all currently maintained IOS releases. In the interim, Cisco has outlined in their advisory some potential workarounds involving
the configuration of access control lists:
http://www.cisco.com/warp/public/707/cisco-sa-20040827-telnet.shtml
|
Vendor URL: www.cisco.com/warp/public/707/cisco-sa-20040827-telnet.shtml (Links to External Site)
|
Cause: Exception handling error
|
|
Message History:
None.
|
Source Message Contents
|
Date: Aug 27, 2004
Subject: Cisco Security Advisory: Cisco Telnet Denial of Service Vulnerability
|
http://www.cisco.com/warp/public/707/cisco-sa-20040827-telnet.shtml
> Cisco Security Advisory: Cisco Telnet Denial of Service Vulnerability
> Document ID: 61671
Cisco reported a vulnerability in IOS. A remote user can establish a specially crafted
TCP connection to a telnet or reverse telnet port on the target device to
cause denial of service conditions. The device may fail to accept any subsequent
telnet, reverse telnet, remote shell (RSH), and secure shell (SSH) connections. In
some cases (depending on which HTTP server version is running), the device may fail
to accept HTTP connections to the device. Existing sessions are not affected. Other
device services (such as packet forwarding and routing) are not affected, either.
The TCP connection must be cleared or the device must be reloaded to return the
system to normal operations.
Cisco has assigned Cisco bug ID CSCef46191 to this vulnerability.
IOS versions prior to 12.2(15)T run HTTP server version 1.0 which is affected (if
configured). IOS versions 12.2(15)T and later run include HTTP server version 1.1,
which is not affected.
Cisco reports that this vulnerability is being actively exploited in the wild.
Cisco indicates that they are working to release fixes for this vulnerability in all
currently maintained IOS releases. In the interim, Cisco has outlined in their
advisory some potential workarounds involving the configuration of access control lists:
http://www.cisco.com/warp/public/707/cisco-sa-20040827-telnet.shtml
|
|
