Cisco IOS Secure Shell Server Memory Leak Denial Of Service Vulnerability

Bugtraq ID:	13042
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2005-1021
Remote:	Yes
Local:	No
Published:	Apr 06 2005 12:00AM
Updated:	Mar 19 2015 08:27AM
Credit:	This issue was announced by the vendor.
Vulnerable:	Cisco IOS 12.3YK Cisco IOS 12.3YJ Cisco IOS 12.3YH Cisco IOS 12.3YG Cisco IOS 12.3YF Cisco IOS 12.3YD Cisco IOS 12.3YA Cisco IOS 12.3XY Cisco IOS 12.3XX Cisco IOS 12.3XW Cisco IOS 12.3XU Cisco IOS 12.3XS Cisco IOS 12.3XR Cisco IOS 12.3XQ Cisco IOS 12.3XM Cisco IOS 12.3XL Cisco IOS 12.3XK Cisco IOS 12.3XJ Cisco IOS 12.3XI Cisco IOS 12.3XH Cisco IOS 12.3XG Cisco IOS 12.3XF Cisco IOS 12.3XE Cisco IOS 12.3XD Cisco IOS 12.3T Cisco IOS 12.2ZA Cisco IOS 12.2YZ Cisco IOS 12.2YX Cisco IOS 12.2YO Cisco IOS 12.2YK Cisco IOS 12.2YE Cisco IOS 12.2XS Cisco IOS 12.2XN Cisco IOS 12.2XF Cisco IOS 12.2XC Cisco IOS 12.2XA Cisco IOS 12.2T Cisco IOS 12.2SZ Cisco IOS 12.2SY Cisco IOS 12.2SXD Cisco IOS 12.2SXB Cisco IOS 12.2SXA Cisco IOS 12.2SX Cisco IOS 12.2SV Cisco IOS 12.2SU Cisco IOS 12.2SEB Cisco IOS 12.2SEA Cisco IOS 12.2SE Cisco IOS 12.2S Cisco IOS 12.2EX Cisco IOS 12.2EX Cisco IOS 12.2EWA Cisco IOS 12.2EWA Cisco IOS 12.2EW Cisco IOS 12.2EW Cisco IOS 12.2EW Cisco IOS 12.2EU Cisco IOS 12.2EU Cisco IOS 12.2DX Cisco IOS 12.2DX Cisco IOS 12.2DD Cisco IOS 12.2DD Cisco IOS 12.2B Cisco IOS 12.2B Cisco IOS 12.2 Cisco IOS 12.1YI Cisco IOS 12.1YH Cisco IOS 12.1YF Cisco IOS 12.1YE Cisco IOS 12.1YD Cisco IOS 12.1YC Cisco IOS 12.1YB Cisco IOS 12.1YA Cisco IOS 12.1XV Cisco IOS 12.1XU Cisco IOS 12.1XT Cisco IOS 12.1XR Cisco IOS 12.1XQ Cisco IOS 12.1XP Cisco IOS 12.1XM Cisco IOS 12.1XL Cisco IOS 12.1XI Cisco IOS 12.1XH Cisco IOS 12.1XG Cisco IOS 12.1XF Cisco IOS 12.1XE Cisco IOS 12.1XD Cisco IOS 12.1T Cisco IOS 12.1EX Cisco IOS 12.1EW Cisco IOS 12.1EU Cisco IOS 12.1EC Cisco IOS 12.1EB Cisco IOS 12.1EA Cisco IOS 12.1E Cisco IOS 12.1DC Cisco IOS 12.1DB Cisco IOS 12.1AZ Cisco IOS 12.1AX Cisco IOS 12.0SX Cisco IOS 12.0S
Not Vulnerable:

Cisco IOS Secure Shell Server Memory Leak Denial Of Service Vulnerability

A denial of service vulnerability has been reported in the Cisco IOS Secure Shell Server implementation.

This condition is the result of a memory leak that may be triggered by remote clients under some circumstances. If the memory leak is triggered repeatedly, this could exhaust resources on the device, resulting in a reload of the device and persistent denial of service.

Cisco IOS Secure Shell Server Memory Leak Denial Of Service Vulnerability

There is no exploit required.

Cisco IOS Secure Shell Server Memory Leak Denial Of Service Vulnerability

Solution:
Cisco has provided a fix matrix in the attached advisory. Please refer to the advisory for further information. Cisco fixes may be obtained through customers through the regular update channels.

Cisco IOS Secure Shell Server Memory Leak Denial Of Service Vulnerability

References: