Cisco Catalyst switches in DoS risk
Print
Retweet
FacebookMy buffer floweth over
Posted in Security, 18th October 2002 11:02 GMT
Free whitepaper – The Reg Guide to Solutions for the Virtual Era
Cisco yesterday warned of a potential DoS risk affecting its popular line of Catalyst LAN switches. Catalyst switches running specific versions of Cisco CatOS software are vulnerable to a buffer overflow in an embedded HTTP server.
In an advisory issued yesterday Cisco warns: "If the HTTP server is enabled a buffer overflow can be remotely exploited which will cause the switch to fail and reload. The vulnerability can be exploited repeatedly and result in a denial of service."
Only users of Catalyst switches running CatOS versions from 5.4 up to and including 7.3 which contain a "cv" in the image name are affected. Cisco customers are advised to upgrade the CatOS software on their switches, either through Cisco's Software Centeror their resellers. Pending this affected users are advised to apply a workaround, which involves disabling the HTTP server on a vulnerable switch. ®
Related Stories
Crackers exploit Cisco LAN switch flaw
SSH hits the fan for Cisco on security
WinXP falls over old Cisco bug
Free whitepaper – The Register Guide to Enterprise Virtualization
Four principles of effective threat protection
The 10 myths of safe web browsing
Five tips to reduce risk from modern web threats
How to implement a data loss prevention strategy
What is FakeAV?
