Some Cisco Catalyst switches, running certain CatOS based software releases, have a vulnerability wherein a buffer overflow in the Telnet option handling can cause the Telnet daemon to crash and result in a switch reload. This vulnerability can be exploited to initiate a denial of service (DoS) attack. This vulnerability is documented as Cisco bug ID CSCdw19195. There are workarounds available to mitigate the vulnerability. This advisory is available at http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20020129-catos-telrcv.
Some Cisco Catalyst switches, running certain CatOS based software releases, have a vulnerability wherein a buffer overflow in the Telnet option handling can cause the Telnet daemon to crash and result in a switch reload.
This vulnerability can be exploited to initiate a denial of service (DoS) attack. This vulnerability is documented as Cisco bug ID CSCdw19195. There are workarounds available to mitigate the vulnerability.
This advisory is available at http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20020129-catos-telrcv.
This section provides details on affected products.
The following Cisco Catalyst Switches are vulnerable:
For the switches above, the following CatOS-based switch software revisions are vulnerable.
|
Release 4 code base |
Release 5 code base |
Release 6 code base |
Release 7 code base |
---|---|---|---|---|
Catalyst 6000 series |
Not applicable |
Earlier than 5.5(13) |
Earlier than 6.3(4) |
Earlier than 7.1(2) |
Catalyst 5000 series |
Earlier than 4.5(13a) |
Earlier than 5.5(13) |
Earlier than 6.3(4) |
Not applicable |
Catalyst 4000 series |
All releases |
Earlier than 5.5(13) |
Earlier than 6.3(4) |
Earlier than 7.1(2) |
To determine your software revision, type show version at the command line prompt.
Cisco's various Catalyst family of switches run CatOS-based releases or IOS-based releases. IOS-based releases are not vulnerable.
The following Cisco Catalyst switches are not vulnerable:
No other Cisco products are currently known to be affected by these vulnerabilities.
Some Cisco Catalyst switches, running certain CatOS-based software releases, have a vulnerability wherein a buffer overflow in the Telnet option handling can cause the Telnet daemon to crash and result in a switch reload. This vulnerability can be exploited to initiate a denial of service (DoS) attack. Once the switch has reloaded, it is still vulnerable and the attack can be repeated as long as the switch is IP reachable on port 23 and has not been upgraded to a fixed version of CatOS switch software.
This vulnerability is documented as Cisco bug ID CSCdw19195, which requires a CCO account to view and can be viewed after 2002 January 30 at 1500 UTC.
The following workarounds can be implemented.
This vulnerability has been fixed in the following switch software revisions and the fix will be carried forward in all future releases.
|
Release 4 code base |
Release 5 code base |
Release 6 code base |
Release 7 code base |
---|---|---|---|---|
Catalyst 6000 series |
Not applicable |
5.5(13) and later |
6.3(4) and later |
7.1(2) and later |
Catalyst 5000 series |
4.5(13a) |
5.5(13) and later |
6.3(4) and later |
Not applicable |
Catalyst 4000 series |
Not available |
5.5(13) and later |
6.3(4) and later |
7.1(2) and later |
All previous releases must upgrade to the above releases. CatOS switch software release 4.5(13a) for the Catalyst 5000 series is expected on CCO by 2002 February 4. CatOS switch software release 7.1(2) is expected on CCO by 2002 February 6.
Software upgrade can be performed via the console interface. Please refer to software release notes for instructions.
This vulnerability has been exploited to initiate denial of service (DoS) attacks.
This vulnerability was reported by TESO and is detailed at http://www.cert.org/advisories/CA-2001-21.html.
To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.
Revision 1.2 |
2002-Feb-05 |
Minor Updates |
Revision 1.1 |
2002-Jan-30 |
More Workarounds Added |
Revision 1.0 |
2002-Jan-29 |
For Public Release 2002 January 29 at 1500 UTC |
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A stand-alone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy, and may lack important information or contain factual errors. The information in this document is intended for end-users of Cisco products.