Tuesday, September 15, 2009

CERT-In Vulnerability Note CIVN-2009-115

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Cisco Nexus 5000 Series Switches Remote TCP Denial of Service Vulnerability
http://www.cert-in.org.in/vulnerability/civn-2009-115.htm
Original Issue Date: September 15, 2009
Severity Rating:High

Systems Affected

Cisco Nexus 5000 Series Switches running Cisco NX-OS Software versions
prior to 4.0(1a)N2(1)

Overview

A vulnerability has been reported in Cisco NX-OS Software  that could allow
an unauthenticated, remote attacker to cause a denial of service (DoS)
condition.

Description

The vulnerability is due to an error when the affected device processes
certain TCP packets. An unauthenticated, remote attacker could force the
TCP connection to remain in a indefinitely long period. If enough TCP
connections are forced into a long-lived state, resources on a system under
attack may be consumed, preventing new TCP connections from being accepted.
resulting in denial of service (DoS) conditions.

Solution

Apply appropriate fixed versions as mentioned in CISCO Security Advisory.
http://www.cisco.com/warp/public/707/cisco-sa-20090908-tcp24.shtml

Vendor Information

CISCO
http://www.cisco.com/warp/public/707/cisco-sa-20090908-tcp24.shtml

References

CISCO
http://www.cisco.com/warp/public/707/cisco-sa-20090908-tcp24.shtml
http://tools.cisco.com/security/center/viewAlert.x?alertId=18800

SecurityTracker
http://www.securitytracker.com/alerts/2009/Sep/1022847.html

CVE Name
CVE-2009-0627

Disclaimer

The information provided herein is on "as is" basis, without warranty of
any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003

 

Note: Please do not reply to this e-mail. For further queries contact
CERT-In Information Desk. Email: info@cert-in.org.in


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.3 (Build 4028)
Charset: utf-8

wsBVAwUBSrCFqHWXeYNsoT30AQoueAgAowKfm3k4vGVdXD/T/mGm5xB90Wz4eXTc
Fa+pTcB2v5fDLPjAJGP0sWdg9XplOoigHOWexf0w/6V0HCSPxN3jX7BigDSmxVnN
k4QJkkfH6oppUup24zGn0xYdoYa1btJ0HuqrFbGo/LcTzg3rhX8MBzaXPy1kTD/z
XKxhJqKUxXk8nxf2K8jFiRM+KStaMycqj4vRGxdNuMxgc4B/lVn6aCvOx3z3mWtt
tpYgsiDnFhF+QaQ1qCWvlf9UNLzURHidNOMb56ks2kBeREScPAfGJ/c8KBNh+pHP
V/wid1T8DNkTiWm2afDkMTXyuAsEnu6r37iosadCShEeHtM0fcsOUA==
=mAXD
-----END PGP SIGNATURE-----


--
For More Security Related Stuff visit http://wiki.secureit.in.A Wiki Website dedicated to Information Security.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)