lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <200308081751.h78Hpe511058@rtp-cse-184.cisco.com>
Date: Fri, 8 Aug 2003 13:51:40 -0400 (EDT)
From: Mike Caudill <mcaudill@...co.com>
To: vul-serv@...seccom.s21sec.com (S21SEC)
Subject: Re: Cisco CSS 11000 Series DoS


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



This is to acknowledge your postings regarding a Denial of Service 
vulnerability in the Cisco CSS 11000 platforms located at:

Vulnwatch list:
http://lists.insecure.org/lists/vulnwatch/2003/Jul-Sep/0073.html

BUGTRAQ:
http://www.securityfocus.com/archive/1/332284/2003-08-05/2003-08-11/0

The Cisco PSIRT is investigating the issue further.  Once we have verified 
details surrounding this problem, we will post a response to both forums 
with more information regarding fixed software versions and applicable 
workarounds which can be used to mitigate the problem.

Thanks.

- -Mike-


> ###############################################################
> ID: S21SEC-025-en
> Title: Cisco CSS 11000 Series DoS
> Date: 04/07/2003
> Status: Solution available
> Scope: Interruption of service, high CPU load.
> Platforms: All/Chassis CS800.
> Author: ecruz, egarcia, jandre
> Location: http://www.s21sec.com/en/avisos/s21sec-025-en.txt
> Release: External
> ###############################################################
>
> 				S 2 1 S E C
>
> 			   http://www.s21sec.com
>
>                    Cisco CSS 11000 Series Denial of service
>
> Description of vulnerability
> ----------------------------
>
> A heavy storm of TCP SYN packets directed to the circuit address of the 
> CSS 
> can cause DoS on it, high cpu load or even sudden reboots.
>
> The issue is known by cisco as the ONDM Ping failure (CSCdz00787). On the 
> CS800 chassis the
> system controller module (SCM) sends ONDM (online diagnostics monitor) 
> pings to each SFP card
> in order to see if they are alive, if the SCM doesn't get a response in 
> about 30 seconds the
> SCM will reboot the CS800 and there will be no core.
>
> By attacking the circuit IP address of the CSS with SYN packets the 
> traffic is sent up to the SCM
> over the internal MADLAN ethernet interface. If this internal interface 
> becomes overloaded
> the ONDM ping request and response traffic can be dropped leading this to 
> an internal DoS
> since no internal comunications are available.
>
> Any attacker could do this externally with a few sessions of NMAP and a 
> cable/ADSL internet
> connection.
>
> Affected Versions and platforms
> -------------------------------
>
> This vulnerability affects the models 11800, 11150 and 11050 with chassis 
> CS800.
>
> Solution
> --------
>
> Upgrade to software release WebNS 5.00.110s or above.
> http://www.cisco.com/en/US/products/hw/contnetw/ps789/prod_release_note0918
> 6a008014ee04.html
>
> AcL's to protect the circuit address are recomended.
>
> Additional information
> ----------------------
>
> These vulnerabilities have been found and researched by:
>
>  Eduardo Cruz		   ecruz@...sec.com
>  Emilin Garcia		 egarcia@...sec.com
>  Jordi Andre		  jandre@...sec.com
>
> You can find the last version of this warning in:
>
>         http://www.s21sec.com/en/avisos/s21sec-025-en.txt
>
> And other S21SEC warnings in http://www.s21sec.com/en/avisos/

- -- 
- ----------------------------------------------------------------------------
|      ||        ||       | Mike Caudill              | mcaudill@...co.com |
|      ||        ||       | PSIRT Incident Manager    | 919.392.2855       |
|     ||||      ||||      | DSS PGP: 0xEBBD5271       | 919.522.4931 (cell)|
| ..:||||||:..:||||||:..  | RSA PGP: 0xF482F607       ---------------------|
| C i s c o S y s t e m s | http://www.cisco.com/go/psirt                  |
- ----------------------------------------------------------------------------

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.2

iQA/AwUBPzPjG4pjyUnrvVJxEQJNOwCfR7b6rjXNpcAmbgXue5pk6t6+PDEAoO4n
vZpl/lFWudgREMq98AwDGbFq
=DY/N
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ