Cisco Firewall Services Module DoS

2003-12-15T12:05:32
ID OSVDB:3025
Type osvdb
Reporter OSVDB
Modified 2003-12-15T12:05:32

Description

Vulnerability Description

Cisco Firewall Services Module contains a flaw that may allow a remote denial of service. The issue is triggered when a remote attacker sends a specially crafted SNMP message. The attack will cause an overflow resulting in loss of availability for the device.

Technical Description

The Cisco FWSM crashes and reloads while processing a received SNMPv3 message when snmp-server host <ip_addr> is configured on the Cisco FWSM. This happens even though the Cisco FWSM does not support SNMPv3

Solution Description

Upgrade to FWSM version 1.1.3 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s): Restrict access to only allow trusted hosts on specific interfaces to poll the SNMP server on the FWSM.

Short Description

Cisco Firewall Services Module contains a flaw that may allow a remote denial of service. The issue is triggered when a remote attacker sends a specially crafted SNMP message. The attack will cause an overflow resulting in loss of availability for the device.

Manual Testing Notes

The Cisco FWSM may crash and reload due to a buffer overflow vulnerability while processing HTTP traffic requests for authentication using TACACS+ or RADIUS and while processing a received SNMPv3 message when snmp-server host <ip_addr> is configured on the Cisco FWSM.

References:

Vendor Specific Advisory URL Secunia Advisory ID:10433 CVE-2003-1002 Bugtraq ID: 9222