Cisco IOS Telnet ENVIRON Option Handling DoS

2000-04-20T00:00:00
ID OSVDB:1289
Type osvdb
Reporter OSVDB
Modified 2000-04-20T00:00:00

Description

Vulnerability Description

IOS contains a flaw that may allow a remote denial of service. The issue is triggered when a specific option is sent to the Telnet daemon before it is ready to accept it, and will result in loss of availability for the device.

Technical Description

This vulnerability affects the following Cisco hardware products if they are running affected software:

AS5200, AS5300, and AS5800 series access servers 7200 and 7500 series routers ubr7200 series cable routers 7100 series routers 3660 series routers SC3640 System Controllers (see the explanation below) AS5800 series Voice Gateway products AccessPath LS-3, TS-3, and VS-3 Access Solutions products

Solution Description

Upgrade to version indicated by Cisco product matrix, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

IOS contains a flaw that may allow a remote denial of service. The issue is triggered when a specific option is sent to the Telnet daemon before it is ready to accept it, and will result in loss of availability for the device.

References:

Vendor Specific Advisory URL Other Advisory URL: http://marc.theaimsgroup.com/?l=bugtraq&m=95625022228399&w=2 ISS X-Force ID: 4312 CVE-2000-0268 Bugtraq ID: 1123