Vigil@nce - Cisco IOS XR: denial of service via SSH
August 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can cause an incomplete disconnection of the SSH
server of Cisco IOS XR, in order to block all SSH access to the
device.
Impacted products: Cisco ASR, IOS XR Cisco.
Severity: 2/4.
Creation date: 19/06/2015.
DESCRIPTION OF THE VULNERABILITY
The Cisco IOS XR product offers an SSH access.
The SSH server must provide a pseudo-terminal to the shell, so
that the shell can run as a local process. However, at disconnect
time, the pseudo-terminal is not always suitably released. In such
a case, it becomes unusable and all following SSH connection
attempts will fail.
An attacker can therefore cause an incomplete disconnection of the
SSH server of Cisco IOS XR, in order to block all SSH access to
the device.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Cisco-IOS-XR-denial-of-service-via-SSH-17174