Info

Disclosure

Feb 20, 2003

Discovery

Unknown

Dates

Exploit

Feb 20, 2003

Solution

Unknown

Description

A remote overflow exists in Cisco IOS. The operating system fails to gracefully handle more than 255 Open Shortest Path First (OSPF) neighbors on an interface, resulting in a buffer overflow. With a specially crafted request, an attacker can cause denial of service, command execution, or manipulate the router's configuration, resulting in a loss of integrity and/or availability.

Classification

Location: Remote / Network Access
Attack Type: Denial of Service, Input Manipulation
Impact: Loss of Integrity, Loss of Availability
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Upgrade to version 12.0(19)S, 12.0(19)ST, 12.1(1), 12.1(1)DB, 12.1(1)DC, 12.1(1)T or higher, as this has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Cisco Systems, Inc.	IOS	12.0(1)
		12.0(2)
		12.0(3)
		12.0(4)
		12.0(5)
		12.0(6)
		12.0(7)
		12.0(8)
		12.0(9)
		12.0(10)
		12.0(11)
		12.0(12)
		12.0(13)
		12.0(14)
		12.0(15)
		12.0(16)
		12.0(17)
		12.0(18)
		11.x
		12.1(0)
		12.1(0)DB
		12.1(0)DC
		12.1(0)T

References

ISS X-Force ID: 11373
CVE ID: 2003-0100 (see also: NVD)
Bugtraq ID: 6895
Secunia Advisory ID: 8130
CERT VU: 959203
Keyword: Cisco Bug ID CSCdp58462
Mail List Post: http://marc.theaimsgroup.com/?l=bugtraq&m=104576100719090&w=2
http://marc.theaimsgroup.com/?l=bugtraq&m=104587206702715&w=2
Vendor URL: http://www.cisco.com

Credit

FX - fxphenoelit.de - Phenoelit Group

Direct URL: http://osvdb.org/6455

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Cisco Systems, Inc.

IOS

References

Credit