-
Sending a flood of data to the SSL or regular telnet port can cause the Cisco VPN 3000 series concentrators to reboot. After rebooting, the equipment would function normally until the flood of data is sent again.
To remove the vulnerability, Cisco is offering free software upgrades to revision 2.5.2(F) for all affected platforms. The defect is described in companion DDTS's CSCds90807 and CSCds64223.
This notice will be posted at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20010328-vpn3k-telnet
-
This section provides details on affected products.
Vulnerable Products
Cisco VPN 3000 series concentrators running software releases up to but not including version 2.5.2(F) are affected by this vulnerability. This series includes models 3005, 3015, 3030, 3060, and 3080. Any model running version 2.5.2(F) or later is unaffected by this vulnerability.
To determine if a Cisco VPN 3000 series concentrator is running affected software, check version via the web interface or the console login.
Products Confirmed Not Vulnerable
This vulnerability does not affect the VPN 5000 series concentrators. No other Cisco product is affected by this vulnerability.
No other Cisco products are currently known to be affected by these vulnerabilities.
-
The vulnerability occurs because the SSL or regular telnet session does not disconnect after repeated failed attempts and the system keeps trying to interpret the data coming in on the SSL or regular telnet port. Therefore, data coming in at an uncontrolled rate can flood the telnet queues causing a shortage of memory on the system resulting in a reboot. This has been fixed by ensuring that a SSL or regular telnet session is terminated after three repeated failed attempts. The vulnerability is documented in two companion DDTS's CSCds90807 and CSCds64223.
-
The vulnerability can be avoided by disabling all Telnet access to the equipment until you upgrade.
There are two ways to disallow telnet on any given interface - you can use a filter whose rules don't allow telnet, or by creating a rule that specifically denies telnet access and applying that to your existing filter(s).
Further details can be found at the this URL http://www.cisco.com/univercd/cc/td/doc/product/vpn/vpn3000/vpn3kco/vcoug/usr_3_0/polmgt.htm
After disabling SSL and regular telnet the equipment can be managed via the console port or via browser access.
-
The vulnerability has been fixed in revision 2.5.2(F) code. The fix will be carried forward into all future releases.
-
The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory. This was reported to Cisco by a customer who discovered this vulnerability as a side effect of using a SSL telnet tool.
-
To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.
-
Revision 1.1
2001-March-30
Change in revision of fixed software
Revision 1.0
2001-March-28
Initial public release.
-
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A stand-alone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy, and may lack important information or contain factual errors. The information in this document is intended for end-users of Cisco products.