CERTA-2002-AVI-138
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité présente dans le correctif fourni par CISCO pour corriger une vulnérabilité SSH sur certains équipements CISCO, permet à un individu mal intentionné d'effectuer un déni de service.
Description
Un correctif publié par CISCO afin de corriger certaines vulnérabilités SSH (Voir l'avis CERTA-2001-AVI-097 du CERTA) permet à un individu mal intentionné d'effectuer un déni de service. Effectivement, lors de l'envoi de paquets excessivement grands, le processus SSH va occuper une partie importante des cycles d'instructions du processeur causant un déni de service.
Solution
Appliquer les correctifs de CISCO selon les produits et leurs versions (cf. Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "les commutateurs Catalyst 6000 fonctionnant avec CatOS ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Tous les \u00e9quipements CISCO poss\u00e9dant une version d\u0027IOS supportant le protocole SSH ;",
"product": {
"name": "IOS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "les pare-feux PIX ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "la famille des commutateurs CSS 11000.",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nUn correctif publi\u00e9 par CISCO afin de corriger certaines vuln\u00e9rabilit\u00e9s\nSSH (Voir l\u0027avis CERTA-2001-AVI-097 du CERTA) permet \u00e0 un individu mal\nintentionn\u00e9 d\u0027effectuer un d\u00e9ni de service. Effectivement, lors de\nl\u0027envoi de paquets excessivement grands, le processus SSH va occuper une\npartie importante des cycles d\u0027instructions du processeur causant un\nd\u00e9ni de service.\n\n## Solution\n\nAppliquer les correctifs de CISCO selon les produits et leurs versions\n(cf. Documentation).\n",
"cves": [],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 CISCO \"Scanning for SSH Can Cause Crash\" :",
"url": "http://www.cisco.com/warp/public/707/SSH-scanning.shtml"
}
],
"reference": "CERTA-2002-AVI-138",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2002-06-28T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 pr\u00e9sente dans le correctif fourni par CISCO pour\ncorriger une vuln\u00e9rabilit\u00e9 SSH sur certains \u00e9quipements CISCO, permet \u00e0\nun individu mal intentionn\u00e9 d\u0027effectuer un d\u00e9ni de service.\n",
"title": "Vuln\u00e9rabilit\u00e9 CISCO aux scans SSH",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 CISCO : \"Scanning for SSH Can Cause a Crach\"",
"url": null
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…