CERT-MU AD-2008-7
Cisco IOS Secure Shell Denial of Service
Vulnerabilities
Description
The Secure Shell server (SSH) implementation
in Cisco IOS contains multiple vulnerabilities that allow
unauthenticated users the ability to generate a spurious memory
access error or, in certain cases, reload the device.
The IOS SSH server is an optional service that is disabled
by default, but its use is highly recommended as a security
best practice for management of Cisco IOS devices. SSH can
be configured as part of the AutoSecure feature in the initial
configuration of IOS devices, AutoSecure run after initial
configuration, or manually. Devices that are not configured
to accept SSH connections are not affected by these vulnerabilities.
Original Issue Date: 21st May 2008
Affected system
Cisco devices running certain 12.4-based IOS releases and
configured to be managed via SSH may be affected by this issue.
The SSH server is not available in all IOS images. Devices
that do not support SSH are not vulnerable. Please consult
the table of fixed software in the Software Version and Fixes
section for the specific 12.4-based IOS releases that are
affected.
impact
Successful exploitation of these vulnerabilities may result
in a spurious memory access or, in certain cases, reload the
device potentially resulting in a DoS condition.
Workaround
disable the IOS SSH Server
Disclaimer
The information provided herein is on "as is" basis,
without warranty of any kind.
Vendor Information
CISCO
References
CISCO
CVE-Name
CVE-Name: CVE-2008-1159 |
