Denial of Service Condition exists in Fore/Marconi ASX Switches

[Keith Pachulski <Keith.Pachulski () CORP PTD NET>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Denial of Service Condition exists in Fore/Marconi ASX Switches
- ----------------------------------------------------------------------
- -

Author: Keith Pachulski, PenTeleData Network Security Team
<keithp () corp ptd net>

Tested: Condition was tested and verified on ASX-1000 switches
running ForeThought6.2 software.

Problem: When an ASX switch receives a crafted packet with certain
attributes in the packet, the ASX switch telnetd and/or httpd will
enter into a close wait state and refuse telnet and web interface
management connections until the switch is reloaded. Which service to
enter into the close wait state depends on which service was
targeted. If both telnet and web are targeted, the switch will become
unresponseive to all remote management. The switch will need to be
physically power cycled to allow for management.  The attack does not
hinder the switches ability to operate though, it only refuses
connections for remote management.

Vulnerability: A combination of SYN-FIN and More Fragments will cause
the remote management service to enter into a close_wait state until
the switch is power cycled.

Workaround: Filter all traffic destined to the switches for remote
management. There is no vendor supplied patch or code upgrade as of
this writing for the Denial of Service condition. The vendor has been
notified and is aware of this condition in the device.

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

iQA/AwUBOpE99OGTq6qVSXTQEQLM0gCfcuUJqNUQbkahqGMgzs4cxYhV/wcAmwR2
0VNKvFxrPlrzMSB7lG0v3yU1
=HGl1
-----END PGP SIGNATURE-----