SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information

Report a Vulnerability

 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

Vulnerability Note VU#245190

Cisco CatOS TCP ACK handling vulnerability

Overview

A vulnerability in Cisco CatOS may allow a remote attacker to cause a denial of service on an affected device.

I. Description

Cisco's CatOS is an operating system that runs on some Cisco Catalyst switch products. A vulnerability in the way that TCP services on CatOS handle malformed connection attempts may allow a remote attacker to cause a denial of service on an affected device. According to the Cisco advisory on this issue:

    A TCP-ACK DoS attack is conducted by not sending the regular final ACK required for a 3-way TCP handshake to complete, and instead sending an invalid response to move the connection to an invalid TCP state. This attack can be initiated from a remote spoofed source.


Cisco states that any of the supported externally-facing TCP services supported on CatOS, i.e.,Telnet, SSH, or HTTP, may be used to exploit this vulnerability.

II. Impact

A remote attacker may cause the affected devices to stop functioning and reload.

III. Solution

Apply a patch from the vendor


Upgraded versions of the software that include fixes for this vulnerability are available. Please see the Cisco advisory for more details.

Workarounds

In addition to patched versions of the affected software, Cisco has published several workarounds in their advisory. Sites, particularly those that are unable to apply the patches, are encouraged to consider implementing these workarounds.

Systems Affected

VendorStatusDate NotifiedDate Updated
Cisco Systems Inc.Vulnerable9-Jun-2004

References

http://www.cisco.com/warp/public/707/cisco-sa-20040609-catos.shtml

Credit

Thanks to Cisco Systems Product Security Incident Response Team for reporting this vulnerability.

This document was written by Chad R Dougherty based on information provided by Cisco Systems.

Other Information

Date Public:2004-06-09
Date First Published:2004-06-15
Date Last Updated:2004-07-16
CERT Advisory: 
CVE-ID(s):CAN-2004-0551
NVD-ID(s):CAN-2004-0551
US-CERT Technical Alerts: 
Severity Metric:4.50
Document Revision:17

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Copyright 2004 Carnegie Mellon University
Disclaimers and copyright information
Get a PDF Reader