Reported August 27, 2004, by Cisco Systems

VERSIONS AFFECTED

  • All Cisco Systems' Internetwork Operating System (IOS)-based products running Telnet or reverse Telnet

DESCRIPTION
A Denial of Service (DoS) condition exists in all Cisco IOS-based products that use Telnet or reverse Telnet. A specifically crafted TCP connection to a Telnet or reverse Telnet port of a Cisco Systems' device that's running IOS might block further Telnet, reverse Telnet, remote shell (Rsh), Secure Shell (SSH), and in some cases HTTP access to the device.

VENDOR RESPONSE
Cisco Systems has released Security Advisory 61671, "Cisco Telnet Denial of Service Vulnerability," to address the vulnerability and recommends that affected users immediately apply the appropriate patch available via normal update channels.

CREDIT
Discovered by Cisco Systems.