Cisco IOS Secure Shell Server TACACS+ Authentication Failure Memory Exhaustion DoS

2005-04-06T09:01:21
ID OSVDB:15303
Type osvdb
Reporter OSVDB
Modified 2005-04-06T09:01:21

Description

Vulnerability Description

Cisco IOS contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker causes many failed logins to the device with SSH authentication using TACACS, which causes a memory leak to occur, and will result in loss of availability for the device.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Cisco has released applicable patches to address this vulnerability.

Short Description

Cisco IOS contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker causes many failed logins to the device with SSH authentication using TACACS, which causes a memory leak to occur, and will result in loss of availability for the device.

References:

Vendor URL: http://www.cisco.com/ Security Tracker: 1013655 Secunia Advisory ID:14854 Related OSVDB ID: 15302 Other Advisory URL: http://www.cisco.com/warp/public/707/cisco-sa-20050406-ssh.shtml Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-04/0101.html Keyword: CSCed65285