Multiple Cisco device SSH scanning denial of service

cisco-ssh-scan-dos (9437) The risk level is classified as LowLow Risk

Description:

The fixes provided in the Cisco Security Advisory: Multiple SSH (Secure Shell) Vulnerabilities (See References) introduced a new SSH vulnerability in several Cisco products. A remote attacker attempting to exploit the "SSH CRC32" vulnerability could cause the SSH module in the affected Cisco devices to consume all available CPU resources.

For more information on the "SSH CRC32" vulnerability, refer to Internet Security Systems Security Alert #100. See References.


Consequences:

Denial of Service

Remedy:

For CSS 11000 series devices:
Upgrade to WebNS version R5.00.045 or later, or version 5.10.1.01 when it becomes available in July 2002, as listed in Cisco Security Advisory, 2002 June 27 16:00 (UTC 0000). See References.

For Catalyst 6000 switches:
Upgrade to the appropriate version of CatOS, as listed in Cisco Security Advisory, 2002 June 27 16:00 (UTC 0000). See References.

For Cisco Pix Software and Cisco IOS:
Upgrade to the appropriate software versions, as listed in Cisco Security Advisory, 2002 June 27 16:00 (UTC 0000). See References.

References:

Platforms Affected:

  • Cisco Catalyst 6000 5.4
  • Cisco Catalyst 6000 5.4(1)
  • Cisco Catalyst 6000 5.4(2)
  • Cisco Catalyst 6000 5.4(3)
  • Cisco Catalyst 6000 5.4(4)
  • Cisco Catalyst 6000 5.5
  • Cisco Catalyst 6000 5.5(1)
  • Cisco Catalyst 6000 5.5(2)
  • Cisco Catalyst 6000 5.5(3)
  • Cisco Catalyst 6000 5.5(4)
  • Cisco Catalyst 6000 5.5(4A)
  • Cisco Catalyst 6000CSX 5.3(1)
  • Cisco Catalyst 6000CSX 5.3(1A)
  • Cisco Catalyst 6000CSX 5.3(2)
  • Cisco Catalyst 6000CSX 5.3(3)
  • Cisco Catalyst 6000CSX 5.3(4)
  • Cisco Catalyst 6000CSX 5.3(5)
  • Cisco Catalyst 6000CSX 5.3(5A)
  • Cisco Catalyst 6000CSX 5.3(6)
  • Cisco Content Services Switch 11000
  • Cisco IOS 12.0S
  • Cisco IOS 12.0SP
  • Cisco IOS 12.0ST
  • Cisco IOS 12.0XB
  • Cisco IOS 12.0XM
  • Cisco IOS 12.0XV
  • Cisco IOS 12.1(1)EX
  • Cisco IOS 12.1(5C)EX
  • Cisco IOS 12.1(8A)EX
  • Cisco IOS 12.1(9)EX
  • Cisco IOS 12.1E
  • Cisco IOS 12.1EC
  • Cisco IOS 12.1T
  • Cisco IOS 12.1XB
  • Cisco IOS 12.1XC
  • Cisco IOS 12.1XF
  • Cisco IOS 12.1XG
  • Cisco IOS 12.1XH
  • Cisco IOS 12.1XI
  • Cisco IOS 12.1XJ
  • Cisco IOS 12.1XL
  • Cisco IOS 12.1XM
  • Cisco IOS 12.1XP
  • Cisco IOS 12.1XQ
  • Cisco IOS 12.1XT
  • Cisco IOS 12.1XU
  • Cisco IOS 12.1YB
  • Cisco IOS 12.1YC
  • Cisco IOS 12.1YD
  • Cisco IOS 12.1YE
  • Cisco IOS 12.1YF
  • Cisco IOS 12.1YI
  • Cisco IOS 12.2
  • Cisco IOS 12.2B
  • Cisco IOS 12.2BC
  • Cisco IOS 12.2DA
  • Cisco IOS 12.2DD
  • Cisco IOS 12.2S
  • Cisco IOS 12.2T
  • Cisco IOS 12.2XA
  • Cisco IOS 12.2XB
  • Cisco IOS 12.2XD
  • Cisco IOS 12.2XE
  • Cisco IOS 12.2XF
  • Cisco IOS 12.2XG
  • Cisco IOS 12.2XH
  • Cisco IOS 12.2XI
  • Cisco IOS 12.2XJ
  • Cisco IOS 12.2XK
  • Cisco IOS 12.2XL
  • Cisco IOS 12.2XM
  • Cisco IOS 12.2XN
  • Cisco IOS 12.2XQ
  • Cisco IOS 12.2XR
  • Cisco IOS 12.2XS
  • Cisco IOS 12.2XT
  • Cisco IOS 12.2XW
  • Cisco IOS 12.2YA
  • Cisco IOS 12.2YB
  • Cisco IOS 12.2YC
  • Cisco IOS 12.2YD
  • Cisco IOS 12.2YF
  • Cisco IOS 12.2YG
  • Cisco IOS 12.2YH
  • Cisco PIX Firewall 5.2
  • Cisco PIX Firewall 5.3
  • Cisco PIX Firewall 6.0
  • Cisco PIX Firewall 6.1
  • Cisco PIX Firewall 6.2

Reported:

Jun 27, 2002

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page