CERT-In Vulnerability Note CIVN-2008-65
Cisco IOS SSH Server Improper Memory Access Denial of Service Vulnerability

Original Issue Date: May 28, 2008

Severity Rating: High

System Affected

•  Cisco, IOS 12.4
•  Cisco, IOS 12.4(13d)JA
•  Cisco, IOS 12.4(13d)JA1
•  Cisco, IOS 12.4MR
•  Cisco, IOS 12.4SW
•  Cisco, IOS 12.4T
•  Cisco, IOS 12.4XE
•  Cisco, IOS 12.4XF
•  Cisco, IOS 12.4XJ
•  Cisco, IOS 12.4XK
•  Cisco, IOS 12.4XV
•  Cisco, IOS 12.4XW

Overview

A vulnerability has been reported in Cisco IOS A remote attacker could exploit this vulnerability using unknown attack vectors to utilize all memory resources or reload the device.

Description

Secure Shell or SSH is a network protocol that allows data to be exchanged using a secure channel between two computers. Encryption provides confidentiality and integrity of data over an insecure network, such as the Internet . SSH uses public-key cryptography to authenticate the remote computer.

Solution

Apply appropriate fix versions as mentioned in CISCO Security Advisory
http://www.cisco.com/warp/public/707/cisco-sa-20080521-ssh.shtml

Vendor Information

Cisco
http://www.cisco.com/warp/public/707/cisco-sa-20080521-ssh.shtml

References

AusCERT
http://www.auscert.org.au/render.html?it=9324

X-Force
http://xforce.iss.net/xforce/xfdb/42563

Secunia
http://secunia.com/advisories/30322/

CVE-Name
CVE-2008-1159

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003