CERTA-2002-AVI-138
Vulnerability from certfr_avis
Une vulnérabilité présente dans le correctif fourni par CISCO pour corriger une vulnérabilité SSH sur certains équipements CISCO, permet à un individu mal intentionné d'effectuer un déni de service.
Description
Un correctif publié par CISCO afin de corriger certaines vulnérabilités SSH (Voir l'avis CERTA-2001-AVI-097 du CERTA) permet à un individu mal intentionné d'effectuer un déni de service. Effectivement, lors de l'envoi de paquets excessivement grands, le processus SSH va occuper une partie importante des cycles d'instructions du processeur causant un déni de service.
Solution
Appliquer les correctifs de CISCO selon les produits et leurs versions (cf. Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "les commutateurs Catalyst 6000 fonctionnant avec CatOS ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Tous les \u00e9quipements CISCO poss\u00e9dant une version d\u0027IOS supportant le protocole SSH ;",
"product": {
"name": "IOS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "les pare-feux PIX ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "la famille des commutateurs CSS 11000.",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nUn correctif publi\u00e9 par CISCO afin de corriger certaines vuln\u00e9rabilit\u00e9s\nSSH (Voir l\u0027avis CERTA-2001-AVI-097 du CERTA) permet \u00e0 un individu mal\nintentionn\u00e9 d\u0027effectuer un d\u00e9ni de service. Effectivement, lors de\nl\u0027envoi de paquets excessivement grands, le processus SSH va occuper une\npartie importante des cycles d\u0027instructions du processeur causant un\nd\u00e9ni de service.\n\n## Solution\n\nAppliquer les correctifs de CISCO selon les produits et leurs versions\n(cf. Documentation).\n",
"cves": [],
"initial_release_date": "2002-06-28T00:00:00",
"last_revision_date": "2002-06-28T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 CISCO \"Scanning for SSH Can Cause Crash\" :",
"url": "http://www.cisco.com/warp/public/707/SSH-scanning.shtml"
}
],
"reference": "CERTA-2002-AVI-138",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2002-06-28T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 pr\u00e9sente dans le correctif fourni par CISCO pour\ncorriger une vuln\u00e9rabilit\u00e9 SSH sur certains \u00e9quipements CISCO, permet \u00e0\nun individu mal intentionn\u00e9 d\u0027effectuer un d\u00e9ni de service.\n",
"title": "Vuln\u00e9rabilit\u00e9 CISCO aux scans SSH",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 CISCO : \"Scanning for SSH Can Cause a Crach\"",
"url": null
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…