ID

VAR-200505-1072

CVE

CVE-2005-1021

TITLE

Cisco IOS Secure Shell Server Memory Leak Denial Of Service Vulnerability

DESCRIPTION

Memory leak in Secure Shell (SSH) in Cisco IOS 12.0 through 12.3, when authenticating against a TACACS+ server, allows remote attackers to cause a denial of service (memory consumption) via an incorrect username or password. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ SSH (Secure Shell) Is a protocol that allows a secure remote connection to a device. SSH Protocol version 1 And version 2 Is provided, Cisco IOS Supported by different versions SSH The protocol version is different. TACACS (Terminal Access Controller Access Control System) The authentication protocol used for remote login authentication 1 And extended TACACS+ Is AAA (Authentication, Authorization and Accounting ) Is supported. Cisco IOS 12.0/12.1/12.2/12.3-based Releases Included with SSH The server may not be able to service under certain circumstances 2 There are two problems. 1) IOS Device SSH version 2 Support SSH When configured as a server, there is a problem that the device reloads when any of the following events occur. (BID 13043) 1-1) TACACS+ If configured to authenticate users using a server, try to log in using a user name that includes the domain name 1-2) new SSH When a session is in the authentication phase, other logged-in users send Use commands 1-3) Already established SSH Message logging is directed to the session, SSH While the server is sending data to the client That IOS To device SSH The session ends 2) TACACS+ When configured to authenticate users using a server, there is a memory leak issue if login fails due to an incorrect username or password. This problem, SSH version 1 and 2 Both affected and version 2 In the case of, memory leak will occur even if login is successful. (BID 13042) A remote attacker who exploits these issues can cause the target device to go into a denial of service by intentionally repeating the above events. still, 1-1) and 2) Problem as an authentication method RADIUS If the server is used or authenticated with a local user database, it may not be affected. Cisco Systems Has been reported.Please refer to the “Overview” for the impact of this vulnerability. This condition is the result of a memory leak that may be triggered by remote clients under some circumstances. If the memory leak is triggered repeatedly, this could exhaust resources on the device, resulting in a reload of the device and persistent denial of service. 1) An error when acting as a SSH v2 server for remote management and authenticating against a TACACS+ server can be exploited to cause a vulnerable device to reload. SOLUTION: See patch matrix in the vendor advisory for information about fixes. http://www.cisco.com/warp/public/707/cisco-sa-20050406-ssh.shtml#software PROVIDED AND/OR DISCOVERED BY: Reported by vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20050406-ssh.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

resource management error

CONFIGURATIONS

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Cisco

SOURCES

LAST UPDATE DATE

2024-08-14T12:35:22.814000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE