Bugtraq mailing list archives
Re: CISCO as5350 crashes with nmap connect scan
From: Thomas Munn <munn () bigfoot com>
Date: 29 Oct 2002 20:11:09 -0000
In-Reply-To: <20021028165345.11929.qmail () mail securityfocus com>
Received: (qmail 7861 invoked from network); 28 Oct
2002 22:14:00 -0000
Received: from outgoing2.securityfocus.com (HELO
outgoing.securityfocus.com) (205.206.231.26)
by mail.securityfocus.com with SMTP; 28 Oct 2002
22:14:00 -0000
I have managed to "reduplicate" at least five times the following scenario with a cisco as5250, with firmwrare 12.2 (11t) release firmware of cisco: nmap -dinsane -p 1-65535 ip.of.as5350 This causes a "hard" lockup, and the device must be powered off in order to have functionality restored to it. Mentioned to PSIRT at cisco, they didn't do anything. Sincerely, Thomas J. Munn
It seems to be the -p 1-65535 that causes a disconnect on the unit (via ssh) but doesn't crash it, the -dinsane part seems to lock it.A gentlemen emailed me that there is a known "ssh" bug, and yes, ssh was enabled. When just using nmap -sT -p 1-65535 ssh disconnects me, but doesn't kill the box. List of ports, quite fascinating by the way! 22/tcp open ssh 23/tcp open telnet 111/tcp filtered sunrpc 1720/tcp open H.323/Q.931 2216/tcp open unknown 2217/tcp open unknown 2218/tcp open unknown 2219/tcp open unknown 2220/tcp open unknown 2221/tcp open unknown 2222/tcp open unknown 2223/tcp open unknown 2224/tcp open unknown 2225/tcp open unknown 2226/tcp open unknown 2227/tcp open unknown 2228/tcp open unknown 2229/tcp open unknown 2230/tcp open unknown 2231/tcp open unknown 2232/tcp open ivs-video 2233/tcp open unknown 2234/tcp open unknown 2235/tcp open unknown 2236/tcp open unknown 2237/tcp open unknown 2238/tcp open unknown 2239/tcp open unknown 2240/tcp open unknown 2241/tcp open ivsd 2242/tcp open unknown 2243/tcp open unknown 2244/tcp open unknown 2245/tcp open unknown 2246/tcp open unknown 2247/tcp open unknown 2248/tcp open unknown 2249/tcp open unknown 2250/tcp open unknown 2251/tcp open unknown 2252/tcp open unknown 2253/tcp open unknown 2254/tcp open unknown 2255/tcp open unknown 2256/tcp open unknown 2257/tcp open unknown 2258/tcp open unknown 2259/tcp 2260/tcp open unknown 2261/tcp open unknown 2262/tcp open unknown 2263/tcp open unknown 2264/tcp open unknown 2265/tcp open unknown 2266/tcp open unknown 2267/tcp open unknown 2268/tcp open unknown 2269/tcp open unknown 2270/tcp open unknown 2271/tcp open unknown 2272/tcp open unknown 2273/tcp open unknown 2274/tcp open unknown 2275/tcp open unknown 3001/tcp open nessusd 4216/tcp open unknown 4217/tcp open unknown 4218/tcp open unknown 4219/tcp open unknown 4220/tcp open unknown 4221/tcp open unknown 4222/tcp open unknown 4223/tcp open unknown 4224/tcp open unknown 4225/tcp open unknown 4226/tcp open unknown 4227/tcp open unknown 4228/tcp open unknown 4229/tcp open unknown 4230/tcp open unknown 4231/tcp open unknown 4232/tcp open unknown 4233/tcp open unknown 4234/tcp open unknown 4235/tcp open unknown 4236/tcp open unknown 4237/tcp open unknown 4238/tcp open unknown 4239/tcp open unknown 4240/tcp open unknown 4241/tcp open unknown 4242/tcp open unknown 4243/tcp open unknown 4244/tcp open unknown 4245/tcp open unknown 4246/tcp open unknown 4247/tcp open unknown 4248/tcp open unknown 4249/tcp open unknown 4250/tcp open unknown 4251/tcp open unknown 4252/tcp open unknown 4253/tcp open unknown 4254/tcp open unknown 4255/tcp open unknnown Goes up far more
Current thread:
- CISCO as5350 crashes with nmap connect scan Thomas Munn (Oct 28)
- <Possible follow-ups>
- Re: CISCO as5350 crashes with nmap connect scan Thomas Munn (Oct 29)
- Re: CISCO as5350 crashes with nmap connect scan Thomas Munn (Oct 29)
- Re: CISCO as5350 crashes with nmap connect scan Wendy Garvin (Oct 29)