| VID |
29066 |
| Severity |
30 |
| Port |
161 |
| Protocol |
UDP |
| Class |
CISCO |
| Detailed Description |
The Cisco CatOS has a memory leak denial of service vulnerability(Cisco Bug ID CSCds66191).
The Telnet server that is built into the Catalyst firmware for remote administration contains a memory leak vulnerability that can result in a denial of service. Each time that the Telnet service started, memory resources are used without being freed afterwards. As a result, memory can be depleted by connecting multiple clients to the Catalyst Telnet server leaving the device unable to function properly.
This can lead to a denial of service of network services dependent on the Catalyst until the device is manually reset.
* Note: This check solely relied on the version number of the remote system to assess this vulnerability, so this might be a false positive. Also, it requires a read access SNMP community string to collect the version number. To provide this access, add the valid community string to the check item, "snmp/guessable/r" from the Policy Editor.
* References:
http://www.cisco.com/warp/public/707/catalyst-memleak-pub.shtml
* Platforms Affected:
Cisco Catalyst 4000 4.5.2 to 5.5.4
Cisco Catalyst 5000 4.5.2 to 5.5.4
Cisco Catalyst 6000 5.3.1 to 5.5.4 |
| Recommendation |
Upgrade to the fixed version of Cisco CatOS below:
Catalyst Release 4.5(10) for Catalyst 4000 and 5000.
Catalyst Release 5.5(4b) for Catalyst 4000, 5000 and 6000.
Catalyst Release 6.1(1)b and 6.1(2) for Catalyst 6000.
Upgrades should be obtained through the Software Center on Cisco's Worldwide Web site at http://www.cisco.com .
For details, see http://www.cisco.com/warp/public/707/catalyst-memleak-pub.shtml |
| Related URL |
CVE-2001-0041 (CVE) |
| Related URL |
2072 (SecurityFocus) |
| Related URL |
5656 (ISS) |
|
