NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Secunia Advisories> 2003-q3

[sec-adv] Cisco Multiple Products Affected by OpenSSH Vulnerability

From: Secunia Security Advisories (sec-advsecunia.com)
Date: Wed Sep 17 2003 - 09:23:45 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

TITLE:
Cisco Multiple Products Affected by OpenSSH Vulnerability

SECUNIA ADVISORY ID:
SA9756

VERIFY ADVISORY:
http://www.secunia.com/advisories/9756/

CRITICAL:
Highly critical

IMPACT:
DoS, System access

WHERE:
From remote

OPERATING SYSTEM:
CiscoWorks 1105 for Wireless LAN Solution Engine
Cisco SN 5428 Storage Router
Cisco CATOS 7.x
Cisco CATOS 6.x
Cisco CATOS 5.x
Cisco 1105 for Hosting Solution Engine

DESCRIPTION:
Cisco has released an interim advisory stating that certain Cisco
products are vulnerable to the OpenSSH "buffer_append_space()" Buffer
Management Vulnerability.

For more information:
SA9743

The following software has been identified as vulnerable by Cisco:
Cisco Catalyst Switching Software (CatOS)
CiscoWorks 1105 Hosting Solution Engine (HSE)
CiscoWorks 1105 Wireless LAN Solution Engine (WLSE)
Cisco SN 5428 Storage Router

Vulnerable versions are:
SN5428-2.5.1-K9
SN5428-3.2.1-K9
SN5428-3.2.2-K9
SN5428-3.3.1-K9
SN5428-3.3.2-K9
SN5428-2-3.3.1-K9
SN5428-2-3.3.2-K9

Other Cisco products such as IOS, PIX, Catalyst 6000 Firewall Service
Module, VPN3000 and VPN5000 are not vulnerable.

SOLUTION:
Disable SSH or filter access at your perimeter so that only trusted
IP addresses can access the service.

----------------------------------------------------------------------

Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

Contact details:
Web : http://www.secunia.com/
E-mail : supportsecunia.com
Tel : +45 7020 5144
Fax : +45 7020 5145

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories

----------------------------------------------------------------------

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]