Cisco ONS 15000 contains a flaw that may allow a remote denial of service against the device's control cards. The issue is triggered when connections are initiated to any of the administrative TCP ports listening on the server without completing a full three-way TCP handshake by omitting the final ACK packet. This will lead to a memory exhaustion problem and can result in a reset of the control cards on the platform, leading to a loss of availability.

This vulnerability only applies when IP is configured on the LAN interface. This is the default setting.

Upgrade to the software versions released and detailed by the vendor, as they have been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

• Security Tracker: 1015872
• Bugtraq ID: 17384
• Secunia Advisory ID: 19553
• CVE ID: 2006-1670 (see also: NVD)
• Related OSVDB ID: 24435 24436 24437 24438
• VUPEN Advisory: ADV-2006-1256
• Keyword: CSCei45910
• Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-04/0116.html
• Other Advisory URL: http://www.cisco.com/warp/public/707/cisco-sa-20060405-ons.shtml

Unknown or Incomplete