Bugtraq mailing list archives
BindView Security Advisory: SSR Denial of Service
From: advisory+ssrdos () BOS BINDVIEW COM (BindView Security Advisory)
Date: Wed, 24 Nov 1999 17:44:40 -0500
Bindview Security Advisory -------- Cabletron SmartSwitch Router 8000 Firmware v2.x Issue date: November 24, 1999 Contact: Scott Blake <blake () bos bindview com> Topic: Denial of Service Vulnerability in Cabletron's SmartSwitch Router (SSR) Overview: Cabletron's SSR is a Layers 2-4 routing and switching device with one of the fastest switching architectures in the industry. Attackers can cause the SSR to stop handling any network traffic. Affected Systems: Bindview only confirms the vulnerability in the SSR 8000 running firmware revision 2.x. Due to the nature of the problem, other equipment may be vulnerable, including other manufacturers' products. Impact: A malicious attacker can cause the SSR to stop functioning for as long as the attacker can continue feeding packets to the device. Details: Cabletron indicates that the bottleneck appears to occur in the ARP handling mechanism of the SSR. The SSR appears to only be capable of handling ~200 ARP requests per second. Thus, by initiating network traffic to more than this critical number of IP addresses, an attacker can cause the router to stop functioning while the ARP handler is flooded. In extreme cases, with input rates only available on the local network, it may be possible to corrupt the SSR's configuration with a sustained flood of new IP addresses. The danger in this problem arises from the fact that many perimeter defenses (firewalls) permit ICMP through, which means that remote, anonymous attackers may be able to crash the SSR. Fix Information: Upgrade your SSR firmware to version 3.x: http://www.cabletron.com/download/download.cgi?lib=ssr
Current thread:
- Re: Operational Issues: Applications & Appliances (was: Buffer Overflow Survey Paper), (continued)
- Re: Operational Issues: Applications & Appliances (was: Buffer Overflow Survey Paper) Scott Zimmerman (Nov 24)
- Re: Operational Issues: Applications & Appliances (was: Buffer Overflow Survey Paper) Simple Nomad (Nov 24)
- Netscape communicator 4.x Javascript security flaw Ahmed Ghandour (Nov 24)
- Re: Netscape communicator 4.x Javascript security flaw Metal Hurlant (Nov 26)
- Re: Netscape communicator 4.x Javascript security flaw Ahmed Ghandour (Nov 26)
- Windows NT 4.0 Service Pack 6A Breaks IP Forwarding Brendan Howes (Nov 25)
- Oracle Web Listener Mnemonix (Nov 25)
- [w00giving '99 #6]: UnixWare 7's Xsco Matt Conover (Nov 25)
- Re: Operational Issues: Applications & Appliances (was: Buffer Overflow Survey Paper) Mark Seiden (Nov 24)
- Netscape Communicator 4.7 - Navigator Overflows Mike Boto (Nov 24)
- BindView Security Advisory: SSR Denial of Service BindView Security Advisory (Nov 24)
- Re: BindView Security Advisory: SSR Denial of Service Alan Cox (Nov 24)
- Oracle 8i questions Brock Tellier (Nov 23)
- Printer Vulnerabilities (Tektronix and JetDirect) Elias Levy (Nov 23)
- Re: local users can panic linux kernel (was: SuSE syslogd advisory) Darren Reed (Nov 20)
- Re: local users can panic linux kernel (was: SuSE syslogd advisory) Cy Schubert - ITSD Open Systems Group (Nov 23)
- Re: local users can panic linux kernel (was: SuSE syslogdadvisory) Jefferson Ogata (Nov 23)
- Re: local users can panic linux kernel (was: SuSE syslogdadvisory) Shafik Yaghmour (Nov 23)
- Re: local users can panic linux kernel (was: SuSE syslogdadvisory) Olaf Kirch (Nov 24)
- Re: local users can panic linux kernel (was: SuSE syslogdadvisory) Goetz Babin-Ebell (Nov 24)
- more about IP ID antirez () INVECE ORG (Nov 20)