ID
VAR-200512-0078
CVE
CVE-2005-4436
TITLE
Cisco IOS of EIGRP Service disruption in (DoS) Vulnerabilities
Trust: 0.8
DESCRIPTION
Extended Interior Gateway Routing Protocol (EIGRP) 1.2, as implemented in Cisco IOS after 12.3(2), 12.3(3)B, and 12.3(2)T and other products, allows remote attackers to cause a denial of service by sending a "spoofed neighbor announcement" with (1) mismatched k values or (2) "goodbye message" Type-Length-Value (TLV). ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. Cisco IOS Implemented in EIGRP There are several problems: 1) EIGRP Adjacent devices are notified when the routing process ends Goodbye Message There is a problem with improper handling. Intentionally created by a remote attacker Goodbye Message If is sent, adjacency with the device may be lost. 2) Authenticated EIGRP There is a flaw in the packet verification method, MD5 Contains a hash value EIGRP There is a problem that allows eavesdropping on packets and reusing their hash values. A remote attacker EIGRP HELLO If a packet is sent to the target device, the response from the target device EIGRP You may get information about your domain. Also, BID 6443 Like the problem of network bandwidth ARP It can be exhausted with requests and eventually result in an unusable network.Please refer to the “Overview” for the impact of this vulnerability. This issue allows attackers to gain access to potentially sensitive network information in EIGRP UPDATE reply packets, or to cause a denial of service condition by flooding routers with HELLO packets. By utilizing replayed HELLO packets with MD5 enabled, attackers may cause a more severe denial of service condition. The Cisco EIGRP protocol is susceptible to a remote denial of service vulnerability. This issue is possible when MD5 neighbor authentication is not in use. This issue allows attackers to cause routing relationships to be torn down, forcing them to be reestablished. The routing link will be unavailable during the time that the link is torn down, until it is reestablished. By repeating the attack, a sustained denial of network service is possible. This issue is being tracked by Cisco Bug ID CSCsc13698. Internet Operating System (IOS) is an operating system used on CISCO routers. There is a loophole in the EIGRP implementation of IOS, and attackers may use this loophole to carry out denial-of-service attacks on routers. Attackers can inject forged packets into the network outside the perimeter so that receiving hosts will believe them. Successful exploitation of this vulnerability could lead to the destruction and reconstruction of routing neighbor relationships, and repeated attacks could lead to persistent denial of service
Trust: 2.25
AFFECTED PRODUCTS
| vendor: | cisco | model: | ios | scope: | eq | version: | 12.0 | Trust: 0.8 |
| vendor: | cisco | model: | ios | scope: | eq | version: | 12.1 | Trust: 0.8 |
| vendor: | cisco | model: | ios | scope: | eq | version: | 12.2 | Trust: 0.8 |
| vendor: | cisco | model: | ios | scope: | eq | version: | 12.3 | Trust: 0.8 |
| vendor: | cisco | model: | ios | scope: | eq | version: | 12.4 | Trust: 0.8 |
| vendor: | cisco | model: | eigrp | scope: | eq | version: | 1.2 | Trust: 0.6 |
| vendor: | extended interior gateway routing protocol | model: | extended interior gateway routing protocol | scope: | eq | version: | 1.2 | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | NVD-CWE-Other | Trust: 1.0 |
THREAT TYPE
network
Trust: 0.6
TYPE
Design Error
Trust: 1.2
CONFIGURATIONS
PATCH
| title: | cisco-response-20051220-eigrp | url: | http://www.cisco.com/warp/public/707/cisco-response-20051220-eigrp.shtml | Trust: 0.8 |
EXTERNAL IDS
| db: | BID | id: | 15978 | Trust: 2.8 |
| db: | NVD | id: | CVE-2005-4436 | Trust: 2.5 |
| db: | SECTRACK | id: | 1015382 | Trust: 1.7 |
| db: | VUPEN | id: | ADV-2005-3008 | Trust: 1.7 |
| db: | BID | id: | 15970 | Trust: 1.1 |
| db: | JVNDB | id: | JVNDB-2005-000748 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-200512-465 | Trust: 0.7 |
| db: | FULLDISC | id: | 20051220 RE: AUTHENTICATED EIGRP DOS / INFORMATION LEAK | Trust: 0.6 |
| db: | FULLDISC | id: | 20051219 UNAUTHENTICATED EIGRP DOS | Trust: 0.6 |
| db: | BUGTRAQ | id: | 20051220 RE: UNAUTHENTICATED EIGRP DOS | Trust: 0.6 |
| db: | OVAL | id: | OVAL:ORG.MITRE.OVAL:DEF:5454 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-15644 | Trust: 0.1 |
REFERENCES
| url: | http://www.securityfocus.com/bid/15978 | Trust: 2.5 |
| url: | http://lists.grok.org.uk/pipermail/full-disclosure/2005-december/040330.html | Trust: 1.7 |
| url: | http://securitytracker.com/id?1015382 | Trust: 1.7 |
| url: | http://www.frsirt.com/english/advisories/2005/3008 | Trust: 1.4 |
| url: | http://www.securityfocus.com/archive/1/419898/100/0/threaded | Trust: 1.1 |
| url: | https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a5454 | Trust: 1.1 |
| url: | http://www.vupen.com/english/advisories/2005/3008 | Trust: 1.1 |
| url: | http://marc.info/?l=full-disclosure&m=113504451523186&w=2 | Trust: 1.0 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-4437 | Trust: 0.8 |
| url: | http://nvd.nist.gov/nvd.cfm?cvename=cve-2005-4436 | Trust: 0.8 |
| url: | http://www.securityfocus.com/bid/15970 | Trust: 0.8 |
| url: | http://www.cisco.com/en/us/products/sw/voicesw/ps4625/index.html | Trust: 0.6 |
| url: | http://www.cisco.com/public/sw-center/sw-ios.shtml | Trust: 0.6 |
| url: | /archive/1/419898 | Trust: 0.6 |
| url: | http://www.securityfocus.com/archive/1/archive/1/419898/100/0/threaded | Trust: 0.6 |
| url: | http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:5454 | Trust: 0.6 |
| url: | http://marc.theaimsgroup.com/?l=full-disclosure&m=113504451523186&w=2 | Trust: 0.6 |
| url: | /archive/1/419830 | Trust: 0.3 |
| url: | http://marc.info/?l=full-disclosure&m=113504451523186&w=2 | Trust: 0.1 |
CREDITS
Konstantin V. Gavrilenko mlists@arhont.com Andrew A. Vladimirov mlists@arhont.com Paul Oxman poxman@cisco.com
Trust: 0.6
SOURCES
| db: | VULHUB | id: | VHN-15644 |
| db: | BID | id: | 15970 |
| db: | BID | id: | 15978 |
| db: | JVNDB | id: | JVNDB-2005-000748 |
| db: | CNNVD | id: | CNNVD-200512-465 |
| db: | NVD | id: | CVE-2005-4436 |
LAST UPDATE DATE
2024-08-14T14:48:14.009000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-15644 | date: | 2018-10-19T00:00:00 |
| db: | BID | id: | 15970 | date: | 2005-12-19T00:00:00 |
| db: | BID | id: | 15978 | date: | 2005-12-19T00:00:00 |
| db: | JVNDB | id: | JVNDB-2005-000748 | date: | 2007-04-01T00:00:00 |
| db: | CNNVD | id: | CNNVD-200512-465 | date: | 2009-03-04T00:00:00 |
| db: | NVD | id: | CVE-2005-4436 | date: | 2018-10-19T15:40:56.317 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-15644 | date: | 2005-12-21T00:00:00 |
| db: | BID | id: | 15970 | date: | 2005-12-19T00:00:00 |
| db: | BID | id: | 15978 | date: | 2005-12-19T00:00:00 |
| db: | JVNDB | id: | JVNDB-2005-000748 | date: | 2007-04-01T00:00:00 |
| db: | CNNVD | id: | CNNVD-200512-465 | date: | 2005-12-20T00:00:00 |
| db: | NVD | id: | CVE-2005-4436 | date: | 2005-12-21T01:03:00 |