Full Disclosure mailing list archives

Re: rumours of new Cisco IOS vulnerability

From: Rob Lemos <robert () infoserf net>
Date: 16 Jul 2003 17:23:06 -0700

I have been told that the July 9 issue is not the flaw in question.

Here is as much detail as I have confirmed at this point:

http://news.com.com/2100-1035_3-1026518.html?tag=fd_top

-R

On Wed, 2003-07-16 at 13:14, christopher neitzert wrote:

Details about the vulnerability here:
http://www.cisco.com/warp/public/707/cisco-sa-20030709-swtcp.shtml


Summary
After receiving eight TCP connection attempts using a non-standard TCP
flags combination, a Catalyst switch will stop responding to further TCP
connections to that particular service. In order to re-establish
functionality of that service, the switch must be rebooted. There is no
workaround. This vulnerability affects only CatOS. No other Cisco
products are affected.


-- 
| robert lemos | computer & tech journalist |
| v: 510/481-8166 | e: robert () infoserf net  |

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

rumours of new Cisco IOS vulnerability Len Rose (Jul 16)
- Re: rumours of new Cisco IOS vulnerability Blue Boar (Jul 16)
  - Re: rumours of new Cisco IOS vulnerability Christopher McCrory (Jul 16)
  - Re: rumours of new Cisco IOS vulnerability Len Rose (Jul 16)
- Re: rumours of new Cisco IOS vulnerability asi (Jul 16)
  - Re: rumours of new Cisco IOS vulnerability christopher neitzert (Jul 16)
    - Re: rumours of new Cisco IOS vulnerability Rob Lemos (Jul 16)
    - Re: rumours of new Cisco IOS vulnerability Christopher McCrory (Jul 16)
- Re: rumours of new Cisco IOS vulnerability Nigel Houghton (Jul 16)
- <Possible follow-ups>
- Re: rumours of new Cisco IOS vulnerability jklemenc (Jul 16)
  - Re: rumours of new Cisco IOS vulnerability Codex (Jul 16)
  - Re: rumours of new Cisco IOS vulnerability Mattias Ahnberg (Jul 16)