Cisco Content Service Switch Long Filename Denial of Service Vulnerability
BID:2330
Info
Cisco Content Service Switch Long Filename Denial of Service Vulnerability
| Bugtraq ID: | 2330 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2001-0019 |
| Remote: | No |
| Local: | Yes |
| Published: | Jan 31 2001 12:00AM |
| Updated: | Jul 11 2009 04:46AM |
| Credit: | This vulnerability was announced to Bugtraq in a Cisco Security Advisory on January 31, 2001. It was initially discovered by Ollie Whitehouse <[email protected]>. |
| Vulnerable: |
Cisco WebNS 4.0 Cisco WebNS 3.0 |
| Not Vulnerable: | |
Discussion
Cisco Content Service Switch Long Filename Denial of Service Vulnerability
The Cisco Content Services (CSS) switches are hardware designed to provide enhanced web services for e-commerece and Web Content delivery using the Cisco Web Network Services (Web NS). The CSS switch is distributed by Cisco Systems.
A problem in the CSS could allow a local user to deny service to legitimate users. The problem occurs in the handling of input by local users. A user must have access to the switch command line interface prior to launching an attack, but not have administrative privileges. Upon connecting to a non-privileged account, a user can locally execute a command on the switch which requires a file name as an argument. Upon specifying a filename that is the maximum size of the filename buffer, the switch reboots and starts system checks.
This vulnerability makes it possible for a user with malicious intentions to connect to a switch granting sufficient privileges, and execute a command that could deny service to legitimate network users. This vulnerability affects CSS switches 11050, 11150, and 11800.
The Cisco Content Services (CSS) switches are hardware designed to provide enhanced web services for e-commerece and Web Content delivery using the Cisco Web Network Services (Web NS). The CSS switch is distributed by Cisco Systems.
A problem in the CSS could allow a local user to deny service to legitimate users. The problem occurs in the handling of input by local users. A user must have access to the switch command line interface prior to launching an attack, but not have administrative privileges. Upon connecting to a non-privileged account, a user can locally execute a command on the switch which requires a file name as an argument. Upon specifying a filename that is the maximum size of the filename buffer, the switch reboots and starts system checks.
This vulnerability makes it possible for a user with malicious intentions to connect to a switch granting sufficient privileges, and execute a command that could deny service to legitimate network users. This vulnerability affects CSS switches 11050, 11150, and 11800.
Exploit / POC
Cisco Content Service Switch Long Filename Denial of Service Vulnerability
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
Cisco Content Service Switch Long Filename Denial of Service Vulnerability
Solution:
Upgrades available:
Cisco WebNS 3.0
Cisco WebNS 4.0
Solution:
Upgrades available:
Cisco WebNS 3.0
-
Cisco WebNS 3.1.0
http://www.cisco.com/public/sw-center/sw-web.shtml
Cisco WebNS 4.0
-
Cisco WebNS 4.0.1
http://www.cisco.com/public/sw-center/sw-web.shtml
References
Cisco Content Service Switch Long Filename Denial of Service Vulnerability
References:
References: