Cisco IOS Syslog Crash - Cisco Systems

This script is (C) 2010-2014 Tenable Network Security, Inc.


Synopsis :

The remote device is missing a vendor-supplied security patch

Description :

Certain versions of Cisco IOS software may crash or hang when they
receive invalid user datagram protocol (UDP) packets sent to their
"syslog" ports (port 514). At least one commonly-used Internet scanning
tool generates packets which can cause such crashes and hangs. This
fact has been announced on public Internet mailing lists which are
widely read both by security professionals and by security "crackers",
and should be considered public information.
This vulnerability affects devices running Cisco IOS software version
11.3AA, version 11.3DB, or any 12.0-based version (including 12.0
mainline, 12.0S, 12.0T, and any other regular released version whose
number starts with "12.0"). The vulnerability has been corrected in
certain special releases, and will be corrected in maintenance and
interim releases which will be issued in the future
see the section on
"Software Versions and Fixes" for details on which versions are
affected, and on which versions are, or will be, fixed. Cisco intends
to provide fixes for all affected IOS variants.
There is a configuration workaround for this vulnerability.

See also :

http://www.nessus.org/u?bc115c1e
http://www.nessus.org/u?9ed084ac

Solution :

Apply the relevant patch referenced in Cisco Security Advisory
cisco-sa-19990111-ios-syslog.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.1
(CVSS2#E:F/RL:OF/RC:C)

Family: CISCO

Nessus Plugin ID: 48946 (cisco-sa-19990111-ios-sysloghttp.nasl)

Bugtraq ID: 675

CVE ID: CVE-1999-0063