ID

VAR-200512-0078


CVE

CVE-2005-4436


TITLE

Cisco IOS of EIGRP Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2005-000748

DESCRIPTION

Extended Interior Gateway Routing Protocol (EIGRP) 1.2, as implemented in Cisco IOS after 12.3(2), 12.3(3)B, and 12.3(2)T and other products, allows remote attackers to cause a denial of service by sending a "spoofed neighbor announcement" with (1) mismatched k values or (2) "goodbye message" Type-Length-Value (TLV). ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. Cisco IOS Implemented in EIGRP There are several problems: 1) EIGRP Adjacent devices are notified when the routing process ends Goodbye Message There is a problem with improper handling. Intentionally created by a remote attacker Goodbye Message If is sent, adjacency with the device may be lost. 2) Authenticated EIGRP There is a flaw in the packet verification method, MD5 Contains a hash value EIGRP There is a problem that allows eavesdropping on packets and reusing their hash values. A remote attacker EIGRP HELLO If a packet is sent to the target device, the response from the target device EIGRP You may get information about your domain. Also, BID 6443 Like the problem of network bandwidth ARP It can be exhausted with requests and eventually result in an unusable network.Please refer to the “Overview” for the impact of this vulnerability. This issue allows attackers to gain access to potentially sensitive network information in EIGRP UPDATE reply packets, or to cause a denial of service condition by flooding routers with HELLO packets. By utilizing replayed HELLO packets with MD5 enabled, attackers may cause a more severe denial of service condition. The Cisco EIGRP protocol is susceptible to a remote denial of service vulnerability. This issue is possible when MD5 neighbor authentication is not in use. This issue allows attackers to cause routing relationships to be torn down, forcing them to be reestablished. The routing link will be unavailable during the time that the link is torn down, until it is reestablished. By repeating the attack, a sustained denial of network service is possible. This issue is being tracked by Cisco Bug ID CSCsc13698. Internet Operating System (IOS) is an operating system used on CISCO routers. There is a loophole in the EIGRP implementation of IOS, and attackers may use this loophole to carry out denial-of-service attacks on routers. Attackers can inject forged packets into the network outside the perimeter so that receiving hosts will believe them. Successful exploitation of this vulnerability could lead to the destruction and reconstruction of routing neighbor relationships, and repeated attacks could lead to persistent denial of service

Trust: 2.25

sources: NVD: CVE-2005-4436 // JVNDB: JVNDB-2005-000748 // BID: 15970 // BID: 15978 // VULHUB: VHN-15644

AFFECTED PRODUCTS

vendor:ciscomodel:iosscope:eqversion:12.0

Trust: 0.8

vendor:ciscomodel:iosscope:eqversion:12.1

Trust: 0.8

vendor:ciscomodel:iosscope:eqversion:12.2

Trust: 0.8

vendor:ciscomodel:iosscope:eqversion:12.3

Trust: 0.8

vendor:ciscomodel:iosscope:eqversion:12.4

Trust: 0.8

vendor:ciscomodel:eigrpscope:eqversion:1.2

Trust: 0.6

vendor:extended interior gateway routing protocolmodel:extended interior gateway routing protocolscope:eqversion:1.2

Trust: 0.6

sources: BID: 15970 // BID: 15978 // JVNDB: JVNDB-2005-000748 // CNNVD: CNNVD-200512-465

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2005-4436
value: HIGH

Trust: 1.0

NVD: CVE-2005-4436
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200512-465
value: HIGH

Trust: 0.6

VULHUB: VHN-15644
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2005-4436
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-15644
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-15644 // JVNDB: JVNDB-2005-000748 // CNNVD: CNNVD-200512-465 // NVD: CVE-2005-4436

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-4436

THREAT TYPE

network

Trust: 0.6

sources: BID: 15970 // BID: 15978

TYPE

Design Error

Trust: 1.2

sources: BID: 15970 // BID: 15978 // CNNVD: CNNVD-200512-465

CONFIGURATIONS

sources: JVNDB: JVNDB-2005-000748

PATCH

title:cisco-response-20051220-eigrpurl:http://www.cisco.com/warp/public/707/cisco-response-20051220-eigrp.shtml

Trust: 0.8

sources: JVNDB: JVNDB-2005-000748

EXTERNAL IDS

db:BIDid:15978

Trust: 2.8

db:NVDid:CVE-2005-4436

Trust: 2.5

db:SECTRACKid:1015382

Trust: 1.7

db:VUPENid:ADV-2005-3008

Trust: 1.7

db:BIDid:15970

Trust: 1.1

db:JVNDBid:JVNDB-2005-000748

Trust: 0.8

db:CNNVDid:CNNVD-200512-465

Trust: 0.7

db:FULLDISCid:20051220 RE: AUTHENTICATED EIGRP DOS / INFORMATION LEAK

Trust: 0.6

db:FULLDISCid:20051219 UNAUTHENTICATED EIGRP DOS

Trust: 0.6

db:BUGTRAQid:20051220 RE: UNAUTHENTICATED EIGRP DOS

Trust: 0.6

db:OVALid:OVAL:ORG.MITRE.OVAL:DEF:5454

Trust: 0.6

db:VULHUBid:VHN-15644

Trust: 0.1

sources: VULHUB: VHN-15644 // BID: 15970 // BID: 15978 // JVNDB: JVNDB-2005-000748 // CNNVD: CNNVD-200512-465 // NVD: CVE-2005-4436

REFERENCES

url:http://www.securityfocus.com/bid/15978

Trust: 2.5

url:http://lists.grok.org.uk/pipermail/full-disclosure/2005-december/040330.html

Trust: 1.7

url:http://securitytracker.com/id?1015382

Trust: 1.7

url:http://www.frsirt.com/english/advisories/2005/3008

Trust: 1.4

url:http://www.securityfocus.com/archive/1/419898/100/0/threaded

Trust: 1.1

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a5454

Trust: 1.1

url:http://www.vupen.com/english/advisories/2005/3008

Trust: 1.1

url:http://marc.info/?l=full-disclosure&m=113504451523186&w=2

Trust: 1.0

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-4437

Trust: 0.8

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2005-4436

Trust: 0.8

url:http://www.securityfocus.com/bid/15970

Trust: 0.8

url:http://www.cisco.com/en/us/products/sw/voicesw/ps4625/index.html

Trust: 0.6

url:http://www.cisco.com/public/sw-center/sw-ios.shtml

Trust: 0.6

url:/archive/1/419898

Trust: 0.6

url:http://www.securityfocus.com/archive/1/archive/1/419898/100/0/threaded

Trust: 0.6

url:http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:5454

Trust: 0.6

url:http://marc.theaimsgroup.com/?l=full-disclosure&m=113504451523186&w=2

Trust: 0.6

url:/archive/1/419830

Trust: 0.3

url:http://marc.info/?l=full-disclosure&m=113504451523186&w=2

Trust: 0.1

sources: VULHUB: VHN-15644 // BID: 15970 // BID: 15978 // JVNDB: JVNDB-2005-000748 // CNNVD: CNNVD-200512-465 // NVD: CVE-2005-4436

CREDITS

Konstantin V. Gavrilenko mlists@arhont.com Andrew A. Vladimirov mlists@arhont.com Paul Oxman poxman@cisco.com

Trust: 0.6

sources: CNNVD: CNNVD-200512-465

SOURCES

db:VULHUBid:VHN-15644
db:BIDid:15970
db:BIDid:15978
db:JVNDBid:JVNDB-2005-000748
db:CNNVDid:CNNVD-200512-465
db:NVDid:CVE-2005-4436

LAST UPDATE DATE

2024-11-23T21:50:13.012000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-15644date:2018-10-19T00:00:00
db:BIDid:15970date:2005-12-19T00:00:00
db:BIDid:15978date:2005-12-19T00:00:00
db:JVNDBid:JVNDB-2005-000748date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200512-465date:2009-03-04T00:00:00
db:NVDid:CVE-2005-4436date:2024-11-21T00:04:15.457

SOURCES RELEASE DATE

db:VULHUBid:VHN-15644date:2005-12-21T00:00:00
db:BIDid:15970date:2005-12-19T00:00:00
db:BIDid:15978date:2005-12-19T00:00:00
db:JVNDBid:JVNDB-2005-000748date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200512-465date:2005-12-20T00:00:00
db:NVDid:CVE-2005-4436date:2005-12-21T01:03:00