Marconi (Fore) ATM Switches Can Be Crashed By Remote Users Sending a Single 'Land' Packet to the Switch - SecurityTracker

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Device (Router/Bridge/Hub) > ASX Series (ATM Switches)

Vendors: Marconi Corporation plc.

Marconi (Fore) ATM Switches Can Be Crashed By Remote Users Sending a Single 'Land' Packet to the Switch

SecurityTracker Alert ID: 1004550

SecurityTracker URL: http://securitytracker.com/id/1004550

CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)

Date: Jun 17 2002

Impact: Denial of service via network

Exploit Included: Yes

Version(s): FT6.1.1 and FT7.0.1

Description: A denial of service vulnerability was reported in Marconi's ATM switches. A remote user can send a single 'land' packet to the switch to cause it to crash.

It is reported that a remote user can send a single 'land' packet to the telnet port of either the in-band or out-of-band interface to cause the switch to stop responding to IP traffic. This will also cause all CPU resources to be consumed and will eventually cause the switch to reboot.

A 'land' packet is a TCP SYN packet with both the source and destination IP address set to that of the target host.

The vendor has reportedly been notified.

Impact: A remote user can cause the device to stop processing IP traffic, consume all available CPU resources, and then reboot.

Solution: No solution was available at the time of this entry.

Vendor URL: www.marconi.com/ (Links to External Site)

Cause: Exception handling error

Underlying OS:

Message History: None.

Source Message Contents

Date: Fri, 14 Jun 2002 23:35:41 +0000
Subject: Fore/Marconi ATM Switch 'land' vulnerability




System Versions FT6.1.1 and FT7.0.1

Labratory testing indicates that a single 'land' packet sent to the telnet 
port (23) of
either the inband or out-of-band interface will cause the device to stop 
responding to
ip traffic. Over the  course of 6-1/2 minutes, all CPU will be consumed and  
device reboots.

Basically a packet is forged with the source and destination IP address and 
ports identical.

We reproduced it using Internet Security Scanner 6.01 and the 'land' and 
'ciscoland' tests.
Many sources and derivatives are available on public security websites.

It's a TCP/IP stack bug that's been known since 1997. Here are some links

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0016
http://www.cert.org/advisories/CA-1997-28.html
http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26mid%3D8081

Vendor notified one year ago today :-)

-oo-
seeker

_________________________________________________________________
Send and receive Hotmail on your mobile device: http://mobile.msn.com

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2013, SecurityGlobal.net LLC