Cisco 7xx routers running IOS 700 may crash using a password buffer overflow
| cisco-7xxcrash (699) |  Medium Risk |
Description:
Cisco 7xx routers running IOS 700 are vulnerable to a denial of service attack caused by a buffer overflow. By establishing a Telnet connection to the router and entering a very long password string, a remote attacker can overflow a buffer and cause the router to crash, denying service to legitimate users.
Consequences:
Denial of Service
Remedy:
A fix was integrated in IOS/700 version 4.1(2.1). The first regular production release containing this fix was 4.2(1). Cisco will be making the fixed software available to all IOS/700 customers who are presently running 4.1 software, regardless of contract status.
Workaround: The vulnerability may be avoided by controlling access to the system console port, and by restricting access to the telnet service to trusted hosts. Telnet access may be restricted either by using filters on firewalls or surrounding routers, or by using filters on the 7xx router itself.
To restrict access to the telnet service on a 7xx router running 4.1(x) software to a single trusted management host, use the command "set ip filter tcp in source = not trusted-ip-address destination = 7xx-address:23 block". The command should be applied in every profile that may be active when the router is connected to a potentially hostile network.
References:
- CIAC Information Bulletin I-020: Cisco 7xx Password Buffer Overflow.
- Cisco Systems Field Notice, December 15, 1997: 7xx Router Password Buffer Overflow.
- BID-704: Cisco IOS/700 Router Password Buffer Overflow
- CVE-1999-0230: Buffer overflow in Cisco 7xx routers through the telnet service.
- OSVDB ID: 1102: Cisco 700 Router Telnet Password Overflow DoS
Platforms Affected:
- Cisco IOS 4.1
- Cisco IOS 4.1.1
- Cisco IOS 4.1.2
Reported:
Dec 15, 1997
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net