exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

s21sec-025-en.txt

s21sec-025-en.txt
Posted Aug 10, 2003
Authored by Eduardo Cruz, Emilin Garcia, Jordi Andre | Site s21sec.com

The Cisco CSS 11000 Series is vulnerable to a denial of service when there is a heavy storm of TCP SYN packets directed to the circuit address. It may also cause a high CPU load or sudden reboots.

tags | advisory, denial of service, tcp
systems | cisco
SHA-256 | f428cbfd82405bf502ceb2aa293ef7892c0d9d5b82c9b6b3f2bc160a5ec34590

s21sec-025-en.txt

Change Mirror Download
###############################################################
ID: S21SEC-025-en
Title: Cisco CSS 11000 Series DoS
Date: 04/07/2003
Status: Solution available
Scope: Interruption of service, high CPU load.
Platforms: All/Chassis CS800.
Author: ecruz, egarcia, jandre
Location: http://www.s21sec.com/en/avisos/s21sec-025-en.txt
Release: External
###############################################################

S 2 1 S E C

http://www.s21sec.com

Cisco CSS 11000 Series Denial of service



Description of vulnerability
----------------------------

A heavy storm of TCP SYN packets directed to the circuit address of the
CSS
can cause DoS on it, high cpu load or even sudden reboots.

The issue is known by cisco as the ONDM Ping failure (CSCdz00787). On the
CS800 chassis the
system controller module (SCM) sends ONDM (online diagnostics monitor)
pings to each SFP card
in order to see if they are alive, if the SCM doesn't get a response in
about 30 seconds the
SCM will reboot the CS800 and there will be no core.

By attacking the circuit IP address of the CSS with SYN packets the
traffic is sent up to the SCM
over the internal MADLAN ethernet interface. If this internal interface
becomes overloaded
the ONDM ping request and response traffic can be dropped leading this to
an internal DoS
since no internal comunications are available.

Any attacker could do this externally with a few sessions of NMAP and a
cable/ADSL internet
connection.


Affected Versions and platforms
-------------------------------

This vulnerability affects the models 11800, 11150 and 11050 with chassis
CS800.


Solution
--------

Upgrade to software release WebNS 5.00.110s or above.
http://www.cisco.com/en/US/products/hw/contnetw/ps789/prod_release_note0918
6a008014ee04.html

AcL's to protect the circuit address are recomended.


Additional information
----------------------

These vulnerabilities have been found and researched by:

Eduardo Cruz ecruz@s21sec.com
Emilin Garcia egarcia@s21sec.com
Jordi Andre jandre@s21sec.com

You can find the last version of this warning in:

http://www.s21sec.com/en/avisos/s21sec-025-en.txt

And other S21SEC warnings in http://www.s21sec.com/en/avisos/


Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close