Cisco Catalyst Switches Embeded HTTP Server Long HTTP Request DoS

2002-10-16T00:00:00
ID OSVDB:8875
Type osvdb
Reporter OSVDB
Modified 2002-10-16T00:00:00

Description

Vulnerability Description

Cisco Catalyst switches running Cisco CatOS versions 5.4 through 7.3 are vulnerable to a denial of service attack caused by a buffer overflow in the CiscoView image (CV) that can occur when the embedded HTTP server is enabled. By sending an overly long HTTP query to the HTTP server's switch management port, a remote attacker could overflow a buffer and cause the switch to reset.

Technical Description

Workarounds: The HTTP server can be disabled on the on the Cisco switch. This example shows how to disable the HTTP server: Console (enable) set ip http server disable HTTP server disabled. The default setting for the HTTP server is disabled. You may also choose to block access to port 80 for your Cisco switch. This can be done with any device with traffic filtering capabilties

Solution Description

This vulnerability is only present in Cisco Catalyst switches running Cisco CatOS software versions 5.4 through 7.3 that contain an embedded HTTP server to support CiscoView network management software. The affected software images contain "cv" in the image name as seen here: cat6000-supcv.5-5-16.bin Cisco recommends you upgrade to product specific versions outside the 5.4 and 7.3 CAT/OS range. http://www.cisco.com/public/sw-center/sw-lan.shtml

Short Description

Cisco Catalyst switches running Cisco CatOS versions 5.4 through 7.3 are vulnerable to a denial of service attack caused by a buffer overflow in the CiscoView image (CV) that can occur when the embedded HTTP server is enabled. By sending an overly long HTTP query to the HTTP server's switch management port, a remote attacker could overflow a buffer and cause the switch to reset.

References:

Vendor Specific Advisory URL Secunia Advisory ID:7318 Other Advisory URL: http://www.securiteam.com/securitynews/6M00D1P5PK.html Keyword: CatOS crash with web server enabled in http_get_token ISS X-Force ID: 10382 Generic Exploit URL: http://packetstormsecurity.org/groups/blackangels/ CVE-2002-1222 Bugtraq ID: 5976