[14926] in bugtraq
Re: Cisco Bug
daemon@ATHENA.MIT.EDU (James Sneeringer)
Wed May 17 14:36:00 2000
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.LNX.4.21.0005162308170.27991-100000@merlin.ocslink.com>
Date: Tue, 16 May 2000 23:23:44 -0500
Reply-To: James Sneeringer <jvs@OCSLINK.COM>
From: James Sneeringer <jvs@OCSLINK.COM>
X-To: Esteve Espuna <esteve@CTV.ES>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <4.2.0.58.20000516154546.00a874f0@pop.ctv.es>
On Tue, 16 May 2000, Esteve Espuna wrote:
| The bug: When you open about 98 connections to the port 23 of a Cisco
| 760 router it does a self reboot disconnecting it ,obviously, from the
| net, if you keep opening connections it results on a denial of
| service, I don't know if arbitrary code execution is possible at any
| point of the process.
Cisco issued a field notice for this over a year ago, and it was posted to
Bugtraq at that time. The notice can be found at:
http://www.cisco.com/warp/public/770/7xxconn-pub.shtml
The problem was fixed in release 4.3(1). You can get a free upgrade to
this version by calling TAC.
-James
