ID
VAR-200102-0055
CVE
CVE-2001-0019
TITLE
Cisco Content service Switch Very long filename service denial vulnerability
Trust: 0.6
DESCRIPTION
Arrowpoint (aka Cisco Content Services, or CSS) allows local users to cause a denial of service via a long argument to the "show script," "clear script," "show archive," "clear archive," "show log," or "clear log" commands. The Cisco Content Services (CSS) switches are hardware designed to provide enhanced web services for e-commerece and Web Content delivery using the Cisco Web Network Services (Web NS). The CSS switch is distributed by Cisco Systems. A problem in the CSS could allow a local user to deny service to legitimate users. The problem occurs in the handling of input by local users. A user must have access to the switch command line interface prior to launching an attack, but not have administrative privileges. Upon connecting to a non-privileged account, a user can locally execute a command on the switch which requires a file name as an argument. Upon specifying a filename that is the maximum size of the filename buffer, the switch reboots and starts system checks. This vulnerability makes it possible for a user with malicious intentions to connect to a switch granting sufficient privileges, and execute a command that could deny service to legitimate network users. This vulnerability affects CSS switches 11050, 11150, and 11800
Trust: 1.26
AFFECTED PRODUCTS
| vendor: | cisco | model: | content services switch | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | cisco | model: | arrowpoint | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | cisco | model: | arrowpoint | scope: | - | version: | - | Trust: 0.6 |
| vendor: | cisco | model: | content services switch | scope: | - | version: | - | Trust: 0.6 |
| vendor: | cisco | model: | webns | scope: | eq | version: | 4.0 | Trust: 0.3 |
| vendor: | cisco | model: | webns | scope: | eq | version: | 3.0 | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | NVD-CWE-Other | Trust: 1.0 |
THREAT TYPE
local
Trust: 0.9
TYPE
other
Trust: 0.6
EXTERNAL IDS
| db: | NVD | id: | CVE-2001-0019 | Trust: 2.0 |
| db: | CNNVD | id: | CNNVD-200102-037 | Trust: 0.7 |
| db: | CISCO | id: | 20010131 CISCO CONTENT SERVICES SWITCH VULNERABILITY | Trust: 0.6 |
| db: | ATSTAKE | id: | A013101-1 | Trust: 0.6 |
| db: | BID | id: | 2330 | Trust: 0.4 |
| db: | VULHUB | id: | VHN-2841 | Trust: 0.1 |
REFERENCES
| url: | http://www.atstake.com/research/advisories/2001/a013101-1.txt | Trust: 2.0 |
| url: | http://www.cisco.com/warp/public/707/arrowpoint-cli-filesystem-pub.shtml | Trust: 1.7 |
CREDITS
This vulnerability was announced to Bugtraq in a Cisco Security Advisory on January 31, 2001. It was initially discovered by Ollie Whitehouse <ollie@atstake.com>.
Trust: 0.9
SOURCES
| db: | VULHUB | id: | VHN-2841 |
| db: | BID | id: | 2330 |
| db: | CNNVD | id: | CNNVD-200102-037 |
| db: | NVD | id: | CVE-2001-0019 |
LAST UPDATE DATE
2024-08-14T13:08:39.389000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-2841 | date: | 2008-09-05T00:00:00 |
| db: | BID | id: | 2330 | date: | 2009-07-11T04:46:00 |
| db: | CNNVD | id: | CNNVD-200102-037 | date: | 2005-10-20T00:00:00 |
| db: | NVD | id: | CVE-2001-0019 | date: | 2008-09-05T20:23:03.980 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-2841 | date: | 2001-02-12T00:00:00 |
| db: | BID | id: | 2330 | date: | 2001-01-31T00:00:00 |
| db: | CNNVD | id: | CNNVD-200102-037 | date: | 2001-02-12T00:00:00 |
| db: | NVD | id: | CVE-2001-0019 | date: | 2001-02-12T05:00:00 |