Reported December 15, 2003 by Cisco.





  • Cisco Firewall Services Module (FWSM) for the Cisco Catalyst 6500 Series and Cisco 7600 Series routers




Two vulnerabilities in the Cisco Firewall Services Module (FWSM) can result in a Denial of Service (DoS) condition on the vulnerable system. These two vulnerabilities are as follows:


·         The FWSM might crash and reload because of a buffer-overflow vulnerability while processing HTTP traffic requests for authentication using TACACS+ or RADIUS. This request is initiated when a user starts a connection through FTP, Telnet, or the Internet (HTTP) and is prompted for his or her username and password. If the designated TACACS+ or RADIUS authentication server verifies the username and password, the FWSM will permit further traffic between the authentication server and the connection to interact independently through the FWSM's "cut-through proxy" feature.


·         The Cisco FWSM crashes and reloads while processing a received SNMPv3 message when snmp-server host <ip_addr> is configured on the FWSM. This problem occurs even though the FWSM doesn't support SNMPv3.




Cisco has released a security bulletin concerning these vulnerabilities and recommends that affected customers obtain the patch available through normal support channels.




Discovered by Cisco.