Cisco Catalyst CatOS Telnet Daemon Buffer Overflow Lets Remote Users Crash and Reload the Switch
|
|
SecurityTracker Alert ID: 1003391 |
|
SecurityTracker URL: http://securitytracker.com/id/1003391
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Jan 29 2002
|
Impact:
Denial of service via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
|
Description:
Cisco reported a buffer overflow vulnerability in their CatOS software for Catalyst switches. A remote user can cause the switch to crash and reload.
It is reported that certain CatOS software releases have a buffer overflow vulnerability in the Telnet option handling. A remote user can cause the Telnet daemon to crash, resulting in a switch reload. This vulnerability can be repeatedly triggered to create a denial of service condition.
Cisco has documented this vulnerability as Cisco bug ID CSCdw19195.
The following Cisco Catalyst Switches are reported to be vulnerable:
Catalyst 6000 series
Catalyst 5000 series
Catalyst 4000 series
Catalyst 2948G
Catalyst 2900
See the Vendor URL for the Cisco advisory showing which specific releases are affected.
Cisco reports that the following Cisco Catalyst switches are not vulnerable:
Catalyst 8500 series
Catalyst 4800 series
Catalyst 4200 series
Catalyst 3900 series
Catalyst 3550 series
Catalyst 3500 XL series
Catalyst 4840G
Catalyst 4908G-l3
Catalyst 2948G-l3
Catalyst 2950
Catalyst 2900 XL
Catalyst 2900 LRE XL
Catalyst 2820
Catalyst 1900
|
Impact:
A remote user can cause the switch to crash and reload. This can be performed repeatedly to deny service on the switch.
|
Solution:
The vendor has released a fix. See the vendor's advisory for instruction on obtaining an upgrade, available at:
http://www.cisco.com/warp/public/707/catos-telrcv-vuln-pub.shtml
|
Vendor URL: www.cisco.com/warp/public/707/catos-telrcv-vuln-pub.shtml (Links to External Site)
|
Cause:
Boundary error
|
Underlying OS:
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Tue, 29 Jan 2002 11:47:48 -0500
Subject: Cisco Security Advisory: Cisco CatOS Telnet Buffer Vulnerability
|
The following is an excerpt from the Cisco Security Advisory: Cisco
CatOS Telnet Buffer Vulnerability
---------------------------------------------------------------
Revision 1.0
For Public Release 2002 January 29 at 1500 UTC
Summary
Some Cisco Catalyst switches, running certain CatOS based software
releases, have a vulnerability wherein a buffer overflow in the Telnet
option handling can cause the Telnet daemon to crash and result in a
switch reload. This vulnerability can be exploited to initiate a denial
of service (DoS) attack.
This vulnerability is documented as Cisco bug ID CSCdw19195. There are
workarounds available to mitigate the vulnerability.
This advisory will be posted at
http://www.cisco.com/warp/public/707/catos-telrcv-vuln-pub.shtml
Affected Products
Cisco's various Catalyst family of switches run CatOS-based releases or
IOS-based releases. IOS-based releases are not vulnerable.
The following Cisco Catalyst Switches are vulnerable:
Catalyst 6000 series
Catalyst 5000 series
Catalyst 4000 series
Catalyst 2948G
Catalyst 2900
---------------------------------------------------------------
See the Cisco advisory for a matrix showing which CatOS-based switch
software revisions are vulnerable.
Cisco reports that the following Cisco Catalyst switches are not
vulnerable:
Catalyst 8500 series
Catalyst 4800 series
Catalyst 4200 series
Catalyst 3900 series
Catalyst 3550 series
Catalyst 3500 XL series
Catalyst 4840G
Catalyst 4908G-l3
Catalyst 2948G-l3
Catalyst 2950
Catalyst 2900 XL
Catalyst 2900 LRE XL
Catalyst 2820
Catalyst 1900
---------------------------------------------------------------
|
|
