| VID |
29125 |
| Severity |
40 |
| Port |
161 |
| Protocol |
UDP |
| Class |
CISCO |
| Detailed Description |
The Cisco IOS, according to its version number, has multiple denial of service vulnerabilities in Cisco IOS Secure Shell Server (CISCO bug ID CSCed65778). Secure Shell (SSH) is a protocol that provides a secure, remote connection to a network device. Cisco IOS versions 12.0S, 12.1T, 12.2, 12.2T, and 12.3T are vulnerable to multiple denial of service vulnerabilities in the implementations of the SSH as follows:
1) Memory leak in Secure Shell (SSH) in Cisco IOS 12.0 through 12.3, when authenticating against a TACACS+ server, allows remote attackers to cause a denial of service (memory consumption) via an incorrect username or password.
2) Secure Shell (SSH) 2 in Cisco IOS 12.0 through 12.3 allows remote attackers to cause a denial of service (device reload) (1) via a username that contains a domain name when using a TACACS+ server to authenticate, (2) when a new SSH session is in the login phase and a currently logged in user issues a send command, or (3) when IOS is logging messages and an SSH session is terminated while the server is sending data.
* Note: This check solely relied on the version number of the remote system to assess these vulnerabilities, so this might be a false positive. Also, it requires a read access SNMP community string to collect the version number. To provide this access, add the valid community string to the check item, "snmp/guessable/r" from the Policy Editor.
* References:
http://www.cisco.com/warp/public/707/cisco-sa-20050406-ssh.shtml
http://secunia.com/advisories/14854
http://www.securitytracker.com/alerts/2005/Apr/1013655.html
* Platforms Affected:
Cisco IOS versions 12.0S, 12.1T, 12.2, 12.2T, and 12.3T |
| Recommendation |
Upgrade to the fixed Cisco IOS version, as listed in "Software Versions and Fixes" of Cisco Security Advisory (Vulnerabilities in Cisco IOS Secure Shell Server) at http://www.cisco.com/warp/public/707/cisco-sa-20050406-ssh.shtml
Upgrades should be obtained through the Software Center on Cisco's worldwide web site at http://www.cisco.com |
| Related URL |
CVE-2005-1020,CVE-2005-1021 (CVE) |
| Related URL |
13042,13043 (SecurityFocus) |
| Related URL |
19987,19989,19990,19991 (ISS) |
|
