[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
 
 discussions
- read forum
- new topic
- search
 

 meetings
- meetings list
- recent additions
- add your info
 
 top 100 sites
- visit top sites
- sign up now
- members
 
 webmasters

- add your url
- add domain
- search box
- link to us

 
 projects
- our projects
- free email
 
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : Cisco Catalyst SSH Protocol Mismatch Vulnerability

Title: Cisco Catalyst SSH Protocol Mismatch Vulnerability
Released by: Cisco
Date: 15th December 2000
Printable version: Click here
Cisco Catalyst SSH Protocol Mismatch Vulnerability



Revision 1.0



For Public Release 2000 December 13 10:00 AM US/Pacific (UTC+0700)



     _________________________________________________________________





Summary



Non-Secure Shell (SSH) connection attempts to an enabled SSH service on

a Cisco Catalyst 6000, 5000, or 4000 switch might cause a "protocol

mismatch" error,

resulting in a supervisor engine failure.  The supervisor engine failure

causes the switch to fail to pass traffic and  reboots the switch. This

problem is resolved in

release 6.1(1c).  Due to a very limited number of customer downloads,

Cisco has chosen to notify affected customers directly.



This vulnerability has been assigned Cisco bug ID CSCds85763.



The full text of this advisory can be viewed at:

http://www.cisco.com/warp/public/707/catalyst-ssh-protocolmismatch-pub.html.



Affected Products



Catalyst 6000, 5000, 4000 images with SSH support.  Version 6.1(1),

6.1(1a), 6.1(1b) with 3 Data Encryption Standard (DES) features only.



Only the following images are affected:



    cat4000-k9.6-1-1.bin

    cat5000-sup3cvk9.6-1-1a.bin

    cat5000-sup3k9.6-1-1.bin

    cat5000-supgk9.6-1-1.bin

    cat6000-sup2cvk9.6-1-1b.bin

    cat6000-sup2k9.6-1-1b.bin

    cat6000-supcvk9.6-1-1b.bin

    cat6000-supk9.6-1-1b.bin



Cisco IOS 12.1 SSH implementation is not affected by this

vulnerability.  No other Cisco devices are affected.



Details



 Non SSH protocol connection attempts to the SSH service cause a

"protocol mismatch" error, which causes a switch to reload.  SSH is not

enabled by default, and

must be configured by the administrator.



To verify if your image is affected, run the command "show version".  If

the image filename is listed above, and you have enabled SSH, you are

affected by this

vulnerability and should upgrade to a fixed version immediately.



Impact



This vulnerability enables a Denial of Service attack on the Catalyst

switch.



Software Versions and Fixes



This defect is resolved in Cisco Catalyst version 6.1(1c).  Previous

affected versions will be deferred, and will no longer be available for

customer download.



Getting Fixed Software



Cisco is offering free software upgrades to remedy this vulnerability

for all affected customers.



Customers with contracts should obtain upgraded software through their

regular update channels. For most customers, this means that upgrades

should be obtained

via the Software Center on Cisco's Worldwide Web site at

http://www.cisco.com.



Customers without contracts should get their upgrades by contacting the

Cisco Technical Assistance Center (TAC). TAC contacts are as follows:



     +1 800 553 2447 (toll-free from within North America)

     +1 408 526 7209 (toll call from anywhere in the world)

     e-mail: tac@cisco.com



Give the URL of this notice as evidence of your entitlement to a free

upgrade. Free upgrades for non-contract customers must be requested

through the TAC.

Please do not contact either "psirt@cisco.com" or

"security-alert@cisco.com" for software upgrades.



Workarounds



The workaround for this vulnerability is to disable SSH service.  For

most customers using this image, SSH support is necessary, so the

recommended action is to

upgrade to a fixed version.



Exploitation and Public Announcements



This vulnerability was reported to Cisco by a customer who discovered

the issue during routine networking tests.  There has been no public

disclosure, and no

reports of malicious activity with regard to this vulnerability.



Status of This Notice: FINAL



This is a final notice. Although Cisco cannot guarantee the accuracy of

all statements in this notice, all of the facts have been checked to the

best of our ability.

Cisco does not anticipate issuing updated versions of this notice unless

there is some material change in the facts. Should there be a

significant change in the facts,

Cisco may update this notice.





Distribution



This notice is available on Cisco's Worldwide Web site at

http://www.cisco.com/warp/public/707/catalyst-ssh-protocolmismatch-pub.html.

In addition to

Worldwide Web posting, a text version of this notice is clear-signed

with the Cisco PSIRT PGP key and is posted to the following e-mail

recipients:



     cust-security-announce@cisco.com

     Various internal Cisco mailing lists

     Specifically affected customers



Future updates of this notice, if any, will be placed on Cisco's

Worldwide Web server, but may or may not be actively announced on

mailing lists or newsgroups.

Users concerned about this problem are encouraged to check the URL given

above for any updates.



Revision History



 Revision 1.0 For public release 13-DEC-2000 10:00 AM US/Pacific

(UTC+0700)





Cisco Security Procedures



Complete information on reporting security vulnerabilities in Cisco

products, obtaining assistance with security incidents, and registering

to receive security

information from Cisco, is available on Cisco's Worldwide Web site at

http://www.cisco.com/warp/public/707/sec_incident_response.html. This

includes

instructions for press inquiries regarding Cisco security notices.



     _________________________________________________________________





This notice is copyright 2000 by Cisco Systems, Inc. This notice may be

redistributed freely after the release date given at the top of the

text, provided that

redistributed copies are complete and unmodified, including all date and

version information.



     _________________________________________________________________





--



Kevin van der Raad 



ITsec Nederland B.V. <http://www.itsec.nl>

Exploit & Vulnerability Alerting Service



P.O. box 5120

NL 2000 GC Haarlem

Tel +31(0)23 542 05 78

Fax +31(0)23 534 54 77



--



ITsec Nederland B.V. may not be held liable for the effects or damages

caused by the direct or indirect use of the information or functionality

provided by this posting, nor the content contained within. Use them at

your own risk. ITsec Nederland B.V. bears no responsibility for misuse

of this posting or any derivatives thereof.








(C) 1999-2000 All rights reserved.