Bindview Security Advisory: Denial of Service Vulnerability in Cabletron's SmartSwitch Router (SSR). Remote users can flood the ARP table and stop the processing of packets.
85b52a0144618cc558cd1f34d6755e7f885a84a66d835af7ef076846c52575a7Bindview Security Advisory
--------
Cabletron SmartSwitch Router 8000 Firmware v2.x
Issue date: November 24, 1999
Contact: Scott Blake <blake@bos.bindview.com>
Topic:
Denial of Service Vulnerability in Cabletron's SmartSwitch Router (SSR)
Overview:
Cabletron's SSR is a Layers 2-4 routing and switching device with one of
the fastest switching architectures in the industry. Attackers can cause
the SSR to stop handling any network traffic.
Affected Systems:
Bindview only confirms the vulnerability in the SSR 8000 running firmware
revision 2.x. Due to the nature of the problem, other equipment may
be vulnerable, including other manufacturers' products.
Impact:
A malicious attacker can cause the SSR to stop functioning for as long
as the attacker can continue feeding packets to the device.
Details:
Cabletron indicates that the bottleneck appears to occur in the ARP handling
mechanism of the SSR. The SSR appears to only be capable of handling ~200
ARP requests per second. Thus, by initiating network traffic to more than
this critical number of IP addresses, an attacker can cause the router to
stop
functioning while the ARP handler is flooded. In extreme cases, with input
rates only available on the local network, it may be possible to corrupt the
SSR's configuration with a sustained flood of new IP addresses.
The danger in this problem arises from the fact that many perimeter defenses
(firewalls) permit ICMP through, which means that remote, anonymous
attackers
may be able to crash the SSR.
Fix Information:
Upgrade your SSR firmware to version 3.x:
http://www.cabletron.com/download/download.cgi?lib=ssr
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed