Avaya Cajun Switch DoS

2003-06-18T12:16:03
ID OSVDB:2178
Type osvdb
Reporter OSVDB
Modified 2003-06-18T12:16:03

Description

Vulnerability Description

Avaya Cajun switches contain a flaw with firmware versions up to and including 3.x that may allow a malicious attacker to cause a Denial of Service. The switch does not properly handle traffic to port 4000 and it may cause the switch to stop responding and eventually reset.

Technical Description

By connecting to tcp port 4000 on the switch and sending at least five bytes, of which the first four represent a negative integer will cause the switch to stall, after some time the switch reboots. Example:

sq5bpf@hash:~$ printf "x80dupa"|nc -v -v -v -n 192.168.66.3 4000 (UNKNOWN) [192.168.66.3] 4000 (?) open [the connections stalls]

The time the switch needs to become operational again is about 30 seconds, after this time the attack can be repeated.

Solution Description

Upgrade to software version 4.0 or higher as it has been reported to have fixed the issue. If unable to upgrade then it is advised to filter access to the device so that only trusted hosts can establish TCP connections.

Short Description

Avaya Cajun switches contain a flaw with firmware versions up to and including 3.x that may allow a malicious attacker to cause a Denial of Service. The switch does not properly handle traffic to port 4000 and it may cause the switch to stop responding and eventually reset.

References:

Vendor Specific Advisory URL Secunia Advisory ID:9075 Nessus Plugin ID:11759 ISS X-Force ID: 12356 Bugtraq ID: 7961