Signature Detail

DOS: Cisco Telnet Buffer Overflow

This signature detects attempts to exploit a known vulnerability against Cisco CBOS. CBOS versions earlier than 2.4.5 are vulnerable. Attackers can send overly large packets to the CBOS telnet daemon to cause a denial of service on the Cisco device.

Extended Description

CBOS (Cisco Broadband Operating System) is the operating system for Cisco 600 series routers. It is possible for a remote user to cause a denial of service of a CPE running CBOS software 2.4.4 and prior. Sending an unusually large packet to the telnet port will exploit this issue. The following devices in the Cisco 600 series of routers are affected by this issue: 605, 626, 627, 633, 673, 675, 675e, 676, 677, 677i and 678. This vulnerability has been assigned Cisco Bug ID CSCdv50135.

Affected Products

• Cisco CBOS 2.0.1
• Cisco CBOS 2.1.0
• Cisco CBOS 2.1.0 a
• Cisco CBOS 2.2.0
• Cisco CBOS 2.2.1
• Cisco CBOS 2.2.1 a
• Cisco CBOS 2.3.0
• Cisco CBOS 2.3.0 .053
• Cisco CBOS 2.3.2
• Cisco CBOS 2.3.5
• Cisco CBOS 2.3.5 .015
• Cisco CBOS 2.3.7
• Cisco CBOS 2.3.7 .002
• Cisco CBOS 2.3.8
• Cisco CBOS 2.3.9
• Cisco CBOS 2.4.1
• Cisco CBOS 2.4.2
• Cisco CBOS 2.4.2 ap
• Cisco CBOS 2.4.2 b
• Cisco CBOS 2.4.3
• Cisco CBOS 2.4.4

References

• BugTraq: 4814
• CVE: CVE-2002-0886
• URL: http://www.cisco.com/warp/public/707/CBOS-DoS.shtml