Cisco Catalyst switches in DoS risk
My buffer floweth over
Posted in Security, 18th October 2002 11:02 GMT
Watch Now : Virtual Machine Movement with Hyper-V
Cisco yesterday warned of a potential DoS risk affecting its popular line of Catalyst LAN switches. Catalyst switches running specific versions of Cisco CatOS software are vulnerable to a buffer overflow in an embedded HTTP server.
In an advisory issued yesterday Cisco warns: "If the HTTP server is enabled a buffer overflow can be remotely exploited which will cause the switch to fail and reload. The vulnerability can be exploited repeatedly and result in a denial of service."
Only users of Catalyst switches running CatOS versions from 5.4 up to and including 7.3 which contain a "cv" in the image name are affected. Cisco customers are advised to upgrade the CatOS software on their switches, either through Cisco's Software Centeror their resellers. Pending this affected users are advised to apply a workaround, which involves disabling the HTTP server on a vulnerable switch. ®
Related Stories
Crackers exploit Cisco LAN switch flaw
SSH hits the fan for Cisco on security
WinXP falls over old Cisco bug
Send corrections
Data control in the cloud
The new Office Garage series:
Top 10 SIEM implementer’s checklist
