Vulnerability Note VU#290140

Multiple Cisco products consume excessive CPU resources in response to large SSH packets

Overview

Multiple Cisco networking products contain a denial-of-service vulnerability.

I. Description

Multiple Cisco networking products contain a vulnerability that allows large SSH packets to cause excessive consumption of CPU resources. In some circumstances, this resource consumption may cause the affected device to reboot.

This vulnerability is a side effect of a Cisco patch for VU#13877, an SSH packet injection vulnerability. Please note that this patch does not contain the integer overflow vulnerability described in VU#945216. However, according to Cisco's Security Advisory, this denial-of-service vulnerability may be triggered by attempts to exploit VU#945216.

II. Impact

Remote attackers may conduct denial-of-service attacks against affected devices.

III. Solution

Apply a patch

Cisco has published a Security Advisory to address this vulnerability. For information regarding affected devices and obtaining patches, please see

http://www.cisco.com/warp/public/707/SSH-scanning.shtml

Systems Affected

Vendor	Status	Date Notified	Date Updated
Cisco Systems Inc.	Vulnerable	28-Jun-2002

References

VU#13877, VU#945216
http://www.cisco.com/warp/public/707/SSH-scanning.shtml
http://www.cert.org/advisories/CA-2001-35.html
http://www.kb.cert.org/vuls/id/945216
http://www.kb.cert.org/vuls/id/13877
http://www.securityfocus.com/bid/5114

Credit

This document was written by Jeffrey P. Lanza and is based on information provided by Cisco.

Other Information

Date Public:	2002-06-27
Date First Published:	2002-06-27
Date Last Updated:	2002-12-12
CERT Advisory:
CVE-ID(s):	CAN-2002-1024
NVD-ID(s):	CAN-2002-1024
US-CERT Technical Alerts:
Metric:	21.09
Document Revision:	9

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Get Adobe Reader