Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
|
|
|
|
|
|
|
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
|
|
|
|
Become a Partner and License Our Database or Notification Service
|
|
|
|
|
|
|
|
|
|
|
|
|
(Cisco Issues Fix and Provides Workarounds) Re: Cisco Catalyst CatOS Telnet Daemon Buffer Overflow Lets Remote Users Crash and Reload the Switch
|
|
SecurityTracker Alert ID: 1003398 |
|
SecurityTracker URL: http://securitytracker.com/id/1003398
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Jan 30 2002
|
Impact:
Denial of service via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
|
Description:
Cisco reported a buffer overflow vulnerability in their CatOS software for Catalyst switches. A remote user can cause the switch to crash and reload.
It is reported that certain CatOS software releases have a buffer overflow vulnerability in the Telnet option handling. A remote user can cause the Telnet daemon to crash, resulting in a switch reload. This vulnerability can be repeatedly triggered to create a denial of service condition.
Cisco has documented this vulnerability as Cisco bug ID CSCdw19195.
The following Cisco Catalyst Switches are reported to be vulnerable:
Catalyst 6000 series
Catalyst 5000 series
Catalyst 4000 series
Catalyst 2948G
Catalyst 2900
See the Vendor URL for the Cisco advisory showing which specific releases are affected.
Cisco reports that the following Cisco Catalyst switches are not vulnerable:
Catalyst 8500 series
Catalyst 4800 series
Catalyst 4200 series
Catalyst 3900 series
Catalyst 3550 series
Catalyst 3500 XL series
Catalyst 4840G
Catalyst 4908G-l3
Catalyst 2948G-l3
Catalyst 2950
Catalyst 2900 XL
Catalyst 2900 LRE XL
Catalyst 2820
Catalyst 1900
|
Impact:
A remote user can cause the switch to crash and reload. This can be performed repeatedly to deny service on the switch.
|
Solution:
The vendor has released a fix, as described in an earlier alert. For more information on the fix, see the Cisco advisory:
http://www.cisco.com/warp/public/707/catos-telrcv-vuln-pub.shtml
Cisco has provided the following workarounds for the CatOS Telnet buffer overflow vulnerability:
1) Disable Telnet and use ssh instead (if ssh is available in the code base you are using). For instructions, see:
http://www.cisco.com/warp/public/707/ssh_cat_switches.html
2) User "IP Permit List" for Telnet to restrict access to the management interface to authorized and trusted IP addresses. This reportedly will not prevent spoofed packets from reaching the interface.
For instructions, see:
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat5000/rel_6_3/config/ip_perm.htm
3) On the Catalyst 6000 series switches, use a VLAN Access Control List (ACL), if that feature is available, instead of using the IP Permit List workaround above. Cisco notes that this, too, will not prevent spoofed IP packets from reaching the interface.
For instructions, see:
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sft_6_1/configgd/acc_list.htm
4) Assign all of the management interfaces of all the switches in the network to a unique VLAN and apply access control lists on the router switching between the VLANs.
For an example, see:
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sft_6_1/configgd/acc_list.htm
5) Apply access control lists on routers, switches, and firewalls sitting in front of the CatOS switches to block Telnet access (port 23) from reaching the management interface.
For an example, see:
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sft_6_1/configgd/acc_list.htm
|
Vendor URL: www.cisco.com/warp/public/707/catos-telrcv-vuln-pub.shtml (Links to External Site)
|
Cause:
Boundary error
|
Underlying OS:
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Wed, 30 Jan 2002 10:28:28 -0500
Subject: Cisco CatOS Telnet bug workarounds
|
Cisco has provided the following workarounds for the CatOS Telnet buffer
overflow vulnerability:
1) Disable Telnet and use ssh instead (if ssh is available in the code
base you are using). For instructions, see:
http://www.cisco.com/warp/public/707/ssh_cat_switches.html
2) User "IP Permit List" for Telnet to restrict access to the management
interface to authorized and trusted IP addresses. This reportedly will
not prevent spoofed packets from reaching the interface.
For instructions, see:
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat5000/rel_6_3/config/ip_perm.htm
3) On the Catalyst 6000 series switches, use a VLAN Access Control List
(ACL), if that feature is available, instead of using the IP Permit List
workaround above. Cisco notes that this, too, will not prevent spoofed
IP packets from reaching the interface.
For instructions, see:
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sft_6_1/configgd/acc_list.htm
4) Assign all of the management interfaces of all the switches in the
network to a unique VLAN and apply access control lists on the router
switching between the VLANs.
For an example, see:
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sft_6_1/configgd/acc_list.htm
5) Apply access control lists on routers, switches, and firewalls
sitting in front of the CatOS switches to block Telnet access (port 23)
from reaching the management interface.
For an example, see:
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sft_6_1/configgd/acc_list.htm
For more information on this vulnerability, see the Cisco advisory:
http://www.cisco.com/warp/public/707/catos-telrcv-vuln-pub.shtml
|
|
Go to the Top of This SecurityTracker Archive Page
|
