Vulnerabilities > CVE-2001-0041 - Resource Management Errors vulnerability in Cisco Catos

047910
CVSS 7.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
COMPLETE
network
low complexity
cisco
CWE-399
nessus
exploit available
NVD
Published: 2001-02-16
Updated: 2017-10-10

Summary

Memory leak in Cisco Catalyst 4000, 5000, and 6000 series switches allows remote attackers to cause a denial of service via a series of failed telnet authentication attempts.

Vulnerable Configurations

Part Description Count
OS
Cisco
40

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionCisco Catalyst 4000 4.x/5.x,Catalyst 5000 4.5/5.x,Catalyst 6000 5.x Memory Leak DoS. CVE-2001-0041. Dos exploit for hardware platform
idEDB-ID:20473
last seen2016-02-02
modified2000-12-06
published2000-12-06
reporterblackangels
sourcehttps://www.exploit-db.com/download/20473/
titleCisco Catalyst 4000 4.x/5.x,Catalyst 5000 4.5/5.x,Catalyst 6000 5.x Memory Leak DoS

Nessus

NASL familyCISCO
NASL idCSCDS66191.NASL
descriptionA series of failed telnet authentication attempts to the switch can cause the Catalyst Switch to fail to pass traffic or accept management connections until the system is rebooted or a power cycle is performed. All types of telnet authentication are affected, including Kerberized telnet, and AAA authentication. This vulnerability is documented as Cisco bug ID CSCds66191.
last seen2020-06-01
modified2020-06-02
plugin id10978
published2002-06-05
reporterThis script is (C) 2002-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/10978
titleCisco Catalyst Telnetd Authentication Failure Saturation Memory Leak Remote DoS (CSCds66191)
code
#
# (C) Tenable Network Security, Inc.
#

# Script audit and contributions from Carmichael Security
#      Erik Anderson <[email protected]> (nb: domain no longer exists)
#      Added BugtraqID and CVE
#


include("compat.inc");

if(description)
{
 script_id(10978);
 script_version("1.20");
 script_cve_id("CVE-2001-0041");
 script_bugtraq_id(2072);

 script_name(english:"Cisco Catalyst Telnetd Authentication Failure Saturation Memory Leak Remote DoS (CSCds66191)");

 script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch." );
 script_set_attribute(attribute:"description", value:
"A series of failed telnet authentication attempts to the switch can 
cause the Catalyst Switch to fail to pass traffic or accept 
management connections until the system is rebooted or a power cycle 
is performed. All types of telnet authentication are affected, 
including Kerberized telnet, and AAA authentication.

This vulnerability is documented as Cisco bug ID CSCds66191." );
 script_set_attribute(attribute:"solution", value:
"http://www.nessus.org/u?2d0daaea" );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
 script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");
 script_cwe_id(399);

 script_set_attribute(attribute:"plugin_publication_date", value: "2002/06/05");
 script_cvs_date("Date: 2018/06/27 18:42:25");
 script_set_attribute(attribute:"vuln_publication_date", value: "2000/12/06");
 script_set_attribute(attribute:"plugin_type", value:"local");
 script_set_attribute(attribute:"cpe", value: "cpe:/o:cisco:ios");
 script_end_attributes();

 script_summary(english:"Uses SNMP to determine if a flaw is present");
 script_category(ACT_GATHER_INFO);
 script_copyright(english:"This script is (C) 2002-2018 Tenable Network Security, Inc.");
 script_family(english:"CISCO");
 script_dependencie("snmp_sysDesc.nasl", "snmp_cisco_type.nasl");
 script_require_keys("SNMP/community", "SNMP/sysDesc", "CISCO/model");
 exit(0);
}

# The code starts here

ok=0;
os = get_kb_item("SNMP/sysDesc"); if(!os)exit(0);
hardware = get_kb_item("CISCO/model"); if(!hardware)exit(0);




# Check for the required hardware...
#----------------------------------------------------------------
# catalyst.*
if(ereg(string:hardware, pattern:"^catalyst.*$"))ok=1;

if(!ok)exit(0);
ok = 0;


# Check for the required operating system...
#----------------------------------------------------------------
# Is this CatOS ?
if(!egrep(pattern:".*Cisco Catalyst Operating System.*", string:os))exit(0);
# 4.5
if(egrep(string:os, pattern:"(4\.5\([0-9]\)|4\.5),"))ok=1;

# 5.5
if(egrep(string:os, pattern:"(5\.5\([0-4]\)|5\.5),"))ok=1;

# 6.3
if(egrep(string:os, pattern:"(6\.3\([0-2]\)|6\.3),"))ok=1;


#----------------------------------------------

if(ok)security_hole(port:161, proto:"udp");

References