I Just found this out from SANS Critical Vulnerability Analysis...
HIGH: Cisco IOS SSH Denial of Service Vulnerability Affected Products: Cisco IOS versions 12.0S, 12.0ST, 12.1T, 12.1E, 12.1EA, 12.2, 12.2T, 12.2S. All products running these versions of IOS are vulnerable if the SSH server feature is enabled. Description: Cisco routers and Catalyst switches running affected versions of IOS will reboot upon receiving malicious traffic sent by Rapid7's SSHredder SSH test suite. Most Cisco devices will resume service following the reboot, but can be rendered unavailable for several minutes while the device reloads. The exception is the Cisco 3550, which requires a manual reset following a successful attack. Risk: Cisco routers and switches offering SSH services can be rebooted (repeatedly) by a remote unauthenticated attacker. Deployment: Significant. The affected IOS versions are widely deployed throughout the Internet infrastructure. Ease of Exploitation: Trivial. Exploit code exists and is publicly available. Status: This vulnerability has been confirmed by Cisco. The Cisco advisory provides a patch release schedule for the various IOS versions. References: Cisco Advisory: http://www.cisco.com/warp/public/707/ssh-packet-suite-vuln.shtml Rapid7 SSHredder Test Suite: http://www.rapid7.com/perl/DownloadRequest.pl?PackageChoice=666 Council Site Actions: The majority of the council sites do not use the SSH feature of Cisco IOS. Furthermore, many of these sites stated they block in-bound SSH connections at their security perimeters. The few sites that run SSH on affected devices plan to deploy the fixed version of the software when it becomes available later this month. One site has an extensive implementation of the SSH feature in IOS. They block in-bound SSH at the perimeters but are concerned that the vulnerability may be fodder for a new worm. Thus, they are investigating the likelihood and difficulty factor of such a worm. They do not have plans to turn off SSH or perform an immediate upgrade. However, they are prepared with scripts that will turn off SSH, if needed. -RD- Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=60996&t=60996 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
