Info

Disclosure

May 22, 2007

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

IOS contains a flaw that may allow a remote denial of service. The issue is triggered when malformed SSL ClientHello, ChangeCipherSpec and Finished messages are processed, and will result in loss of availability for the platform.

Classification

Location: Remote / Network Access
Attack Type: Denial of Service, Input Manipulation
Impact: Loss of Availability
Exploit: Exploit Unknown
Disclosure: OSVDB Verified
OSVDB: Security Software

Solution

Upgrade to the version recommended in Cisco advisory for the affected platform, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Cisco Systems, Inc.	IOS	12.0
		12.1
		12.2
		12.3
		12.4

References

Security Tracker: 1018094
CVE ID: 2007-2813 (see also: NVD)
Bugtraq ID: 24097
Secunia Advisory ID: 25361
ISS X-Force ID: 34432 34436 34442
VUPEN Advisory: ADV-2007-1910
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-05/0321.html
Vendor Specific Advisory URL: http://www.cisco.com/en/US/products/products_security_advisory09186a0080847c49.shtml

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/35339

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Cisco Systems, Inc.

IOS

References

Credit