Two vulnerabilities have been reported in Cisco IOS, which can be exploited by malicious people to cause a DoS (Denial of Service).
1) An error when acting as a SSH v2 server for remote management and authenticating against a TACACS+ server can be exploited to cause a vulnerable device to reload.
2) A memory leak can be exploited to exhaust memory resources when authenticating SSH users against a TACACS+ server and login fails due to invalid credentials.
OPERATING SYSTEM:
Cisco IOS R12.x
Cisco IOS 12.x
SOLUTION:
See patch matrix in the vendor advisory for information about fixes.
http://www.cisco.com/warp/public/707/cisco-sa-20050406-ssh.shtml#software
PROVIDED AND/OR DISCOVERED BY:
Reported by vendor.
ORIGINAL ADVISORY:
http://www.cisco.com/warp/public/707/cisco-sa-20050406-ssh.shtml
VERIFY ADVISORY:
http://secunia.com/advisories/14854/
Secunia Security Advisories
http://community.securityteam.us/article.php/20050408104750293