Signature Detail

DOS: CISCO Catalyst 5000

This signature detects attempts to exploit a known software vulnerability in Cisco Catalyst LAN switches. Versions prior to Cisco Catalyst 12xx supervisor 4.30, 29xx supervisor 2.1.6, and 5xxx supervisor 2.1.6 are susceptible. Attackers can remotely connect to TCP/7161 and reload the switch supervisor module, causing a denial-of-service (DoS).

Extended Description

This desciprion was taken from the Cisco advisory. A remote attacker who knows how to exploit this vulnerability, and who can make a connection to TCP port 7161 on an affected switch, can cause the supervisor module of that switch to reload. While the supervisor is reloading, the switch will not forward traffic, and the attack will therefore deny service to the equipment attached to the switch. The switch will recover automatically, but repeated attacks can extend the denial of service indefinitely.

Affected Products

• Cisco Catalyst 12xx supervisor software 4.29.0
• Cisco Catalyst 29xx supervisor software 1.0.0
• Cisco Catalyst 29xx supervisor software 2.1.5
• Cisco Catalyst 29xx supervisor software 2.1.5 01
• Cisco Catalyst 29xx supervisor software 2.1.5 02
• Cisco Catalyst 5xxx supervisor software 1.0.0
• Cisco Catalyst 5xxx supervisor software 2.1.5
• Cisco Catalyst 5xxx supervisor software 2.1.5 01
• Cisco Catalyst 5xxx supervisor software 2.1.5 02

References

• BugTraq: 0705
• CVE: CVE-1999-0430
• URL: http://www.securityfocus.com/advisories/1770
• URL: http://www.cisco.com/en/US/products/products_security_advisory09186a00800b1399.shtml