Vulnerabilities > CVE-2011-0949 - Resource Management Errors vulnerability in Cisco IOS XR
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
COMPLETE Summary
Cisco IOS XR 3.6.x, 3.8.x before 3.8.3, and 3.9.x before 3.9.1 does not properly remove sshd_lock files from /tmp/, which allows remote attackers to cause a denial of service (disk consumption) by making many SSHv1 connections, aka Bug ID CSCtd64417.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 8 |
Common Weakness Enumeration (CWE)
Seebug
| bulletinFamily | exploit |
| description | Bugtraq ID: 47982 CVE ID:CVE-2011-0949 Cisco IOS是一款流行的Internet操作系统。Cisco IOS XR是Cisco IOS软件家族的一员,使用基于微内核分配操作系统架构。 Cisco IOS XR软件中SSH应用存在一个漏洞,当使用SSH版本1(SSHv1)协议时可导致拒绝服务攻击。漏洞会导致不能删除的sshd_lock文件消耗所有/tmp文件系统中的可用空间。 当SSHv1连接连接到Cisco IOS XR设备上运行的SSH服务器时,会在/tmp目录中创建文件,文件开头使用"sshd_lock"文本,当会话结束时没有正确删除。多个连接会消耗大量/tmp文件系统中可用空间,导致系统崩溃,造成拒绝服务攻击。 Cisco IOS XR 3.9 Cisco IOS XR 3.8.2 Cisco IOS XR 3.8.1 Cisco IOS XR 3.8 Cisco IOS XR 3.7.3 Cisco IOS XR 3.7.2 Cisco IOS XR 3.7.1 Cisco IOS XR 3.7 Cisco IOS XR 3.6.3 Cisco IOS XR 3.6.2 厂商解决方案 用户可参考如下供应商提供的安全公告获得补丁信息: http://www.cisco.com/warp/public/707/cisco-sa-20110525-iosxr-ssh.shtml |
| id | SSV:20591 |
| last seen | 2017-11-19 |
| modified | 2011-05-26 |
| published | 2011-05-26 |
| reporter | Root |
| title | Cisco IOS XR SSHv1 '/tmp/ssh_lock'远程拒绝服务漏洞 |