Cisco VPN Concentrator Invalid Login DoS

2001-03-28T23:10:35
ID OSVDB:5643
Type osvdb
Reporter OSVDB
Modified 2001-03-28T23:10:35

Description

Vulnerability Description

Cisco VPN 3000 series concentrators contain a flaw that may allow a remote denial of service. The issue is triggered when the SSL or regular telnet session does not disconnect after repeated failed attempts and the system keeps trying to interpret the incoming data causing a shortage of memory on the system resulting in a reboot, and will result in loss of availability for the service.

Solution Description

Upgrade to version 2.5.2(F) or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Cisco VPN 3000 series concentrators contain a flaw that may allow a remote denial of service. The issue is triggered when the SSL or regular telnet session does not disconnect after repeated failed attempts and the system keeps trying to interpret the incoming data causing a shortage of memory on the system resulting in a reboot, and will result in loss of availability for the service.

References:

Vendor URL: http://www.cisco.com/ Vendor Specific Advisory URL ISS X-Force ID: 6298 CVE-2001-0427 CIAC Advisory: l-068