Details about the vulnerability here: http://www.cisco.com/warp/public/707/cisco-sa-20030709-swtcp.shtml
Summary After receiving eight TCP connection attempts using a non-standard TCP flags combination, a Catalyst switch will stop responding to further TCP connections to that particular service. In order to re-establish functionality of that service, the switch must be rebooted. There is no workaround. This vulnerability affects only CatOS. No other Cisco products are affected. This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20030709-swtcp.shtml. Affected Products The CatOS for the following Catalyst models are affected: * Catalyst 4000 Series including models 2948G and 2980G/2980G-A * Catalyst 5000 Series including models 2901, 2902 and 2926 * Catalyst 6000 No other Cisco products are affected. On Wed, 2003-07-16 at 18:12, asi wrote: > I've heard it only effects routers using BGP, but it's only rumours > > > On Wed, 16 Jul 2003, Len Rose wrote: > > > > > They've been discussing the existence of > > a new Cisco IOS attack on the NANOG mailing > > list (see http://www.merit.edu/mail.archives/nanog/ for > > details) > > > > According to what I've been reading it's a remotely > > exploitable denial of service situation, based on > > specially crafted packets designed to fill up the > > "process switched" input queues on an interface. > > > > It seemingly will cause the router to crash or > > reboot. > > > > I have no further details. > > > > Len > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.netsys.com/full-disclosure-charter.html > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html -- Christopher Neitzert http://www.neitzert.com/~chris [EMAIL PROTECTED] - GPG Key ID: 7DCC491B
signature.asc
Description: This is a digitally signed message part
