Cisco MDS NX-OS FCIP Packet Decompression Denial of Service Vulnerability
Secunia Advisory SA50254
Release Date 2012-08-14
Criticality level Less criticalLess critical
Impact DoS
Where From local network
Authentication level Available in Customer Area
Report reliability Available in Customer Area
Solution Status Vendor Patch
Systems affected Available in Customer Area
Approve distribution Available in Customer Area
Remediation status Secunia CSI, Secunia PSI
Automated scanning Secunia CSI, Secunia PSI
Operating System
Cisco MDS 9000 Series
Cisco NX-OS 5.x
Secunia CVSS Score Available in Customer Area
CVE Reference(s) CVE-2012-1340 CVSS available in Customer Area
Description
A vulnerability has been reported in Cisco NX-OS, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an error when processing FCIP headers while decompressing a packet and can be exploited to cause a crash via a specially crafted FCIP packet.
The vulnerability is reported in Cisco NX-OS versions prior to 5.2(2) running on Cisco MDS 9000.
Solution
Update to version 5.2(2).
Provided and/or discovered by
Reported by the vendor.
Original Advisory
http://tools.cisco.com/security/center/viewAlert.x?alertId=26617
http://www.cisco.com/en/US/docs/switches/datacenter/mds9000/sw/5_2/release/notes/nx-os/mds_nxos_rel_notes_522.html
Posljednje sigurnosne preporuke