Cisco IOS Secure Shell Server TACACS+ Username Domain Name DoS

2005-04-06T09:01:21
ID OSVDB:15302
Type osvdb
Reporter OSVDB
Modified 2005-04-06T09:01:21

Description

Vulnerability Description

Cisco IOS Secure Shell Server contains a flaw that may allow a remote denial of service. The issue is triggered when the IOS device is configured to authenticate against a TACACS+ server and the account username contains a domain name occurs, and will result in loss of availability for the device.

Solution Description

Upgrade to applicable release train versions or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Cisco IOS Secure Shell Server contains a flaw that may allow a remote denial of service. The issue is triggered when the IOS device is configured to authenticate against a TACACS+ server and the account username contains a domain name occurs, and will result in loss of availability for the device.

References:

Vendor URL: http://www.cisco.com/ Security Tracker: 1013655 Secunia Advisory ID:14854 Related OSVDB ID: 15303 Other Advisory URL: http://www.cisco.com/warp/public/707/cisco-sa-20050406-ssh.shtml Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-04/0101.html Keyword: CSCed65778 CVE-2005-1020