cisco-sa-20090908-tcp24

cisco-sa-20090908-tcp24 - Cisco Security Advisory TCP State...

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
Cisco Security Advisory: TCP State Manipulation Denial of Service Vulnerabilities in Multiple Cisco Products Document ID: 109444 Advisory ID: cisco-sa-20090908-tcp24 http://www.cisco.com/warp/public/707/cisco-sa-20090908-tcp24.shtml Revision 1.2 Last Updated 2009 September 16 1530 UTC (GMT UTC (GMT) For Public Release 2009 September 8 1700 UTC (GMT) Please provide your feedback on this document. Contents Summary Affected Products Details Vulnerability Scoring Details Impact Software Versions and Fixes Workarounds Obtaining Fixed Software Exploitation and Public Announcements Status of this Notice: FINAL Distribution Revision History Cisco Security Procedures
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Summary Multiple Cisco products are affected by denial of service (DoS) vulnerabilities that manipulate the state of Transmission Control Protocol (TCP) connections. By manipulating the state of a TCP connection, an attacker could force the TCP connection to remain in a long-lived state, possibly indefinitely. If enough TCP connections are forced into a long-lived or indefinite state, resources on a system under attack may be consumed, preventing new TCP connections from being accepted. In some cases, a system reboot may be necessary to recover normal system operation. To exploit these vulnerabilities, an attacker must be able to complete a TCP three-way handshake with a vulnerable system. In addition to these vulnerabilities, Cisco Nexus 5000 devices contain a TCP DoS vulnerability that may result in a system crash. This additional vulnerability was found as a result of testing the TCP state manipulation vulnerabilities. Cisco has released free software updates for download from the Cisco website that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20090908-tcp24.shtml . Affected Products Vulnerable Products The following Cisco products have a TCP implementation that is affected by these vulnerabilities. Refer to the Software Versions and Fixes section for information on fixed software. Cisco IOS Software To determine the Cisco IOS ® Software release that is running on a Cisco product, administrators can log into the device and issue the show version command to display the system banner. The system banner confirms that the device is running Cisco IOS Software by displaying text similar to "Cisco Internetwork Operating System Software" or "Cisco IOS Software." The image name displays in parentheses, followed by "Version" and the Cisco IOS Software release name. Other Cisco devices do not have the show version command or may provide different output. The following example identifies a Cisco product that is running Cisco IOS Software Release 12.3(26) with an installed image name of C2500-IS-L: Router# show version Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-IS-L), Version 12.3(26), RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport
Background image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

This document was uploaded on 12/05/2009.

Page1 / 55

cisco-sa-20090908-tcp24 - Cisco Security Advisory TCP State...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online