Cisco Content Switching Modules TCP packets denial of service

cisco-content-switching-tcp-dos (36450) The risk level is classified as LowLow Risk

Description:

The Cisco Content Switching Modules (CSM) and Cisco Content Switching Module with SSL (CSM-S) are vulnerable to a denial of service, caused by the improper handling of TCP packets. By sending specially-crafted TCP packets out of order, a remote attacker could exploit this vulnerability to cause a denial of service.

Platforms Affected:

  • Cisco, Content Switching Module 4.2 prior to 4.2.3a
  • Cisco, Content Switching Module with SSL 2.1 prior to 2.1.2a

Remedy:

Refer to cisco-sa-20070905-csm for patch, upgrade or suggested workaround information. See References.

Consequences:

Denial of Service

References:

  • cisco-sa-20070905-csm, Denial of Service Vulnerabilities in Content Switching Module at http://www.cisco.com/warp/public/707/cisco-sa-20070905-csm.shtml.
  • BID-25547: Cisco Content Switching Modules Multiple Remote Denial of Service Vulnerabilities
  • CVE-2007-4788: Cisco Content Switching Modules (CSM) 4.2 before 4.2.3a, and Cisco Content Switching Module with SSL (CSM-S) 2.1 before 2.1.2a, allow remote attackers to cause a denial of service (CPU consumption or reboot) via sets of out-of-order TCP packets with unspecified characteristics, aka CSCsd27478.
  • FrSIRT/ADV-2007-3062: Cisco Content Switching Module Multiple Remote Denial of Serice Vulnerabilities
  • SA26724: Cisco Catalyst Content Switching Modules Denial of Service Vulnerabilities
  • SECTRACK ID: 1018654: Cisco Content Switching Module TCP Packet and Service Termination Bugs Let Remote Users Deny Service

Reported:

Sep 05, 2007

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.

For corrections or additions please email xforce@iss.net

Return to the main page