ID

VAR-200512-0918


CVE

CVE-2005-4723


TITLE

Multiple D-Link Products IP Packet Reassembly Denial of Service Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2006-0807

DESCRIPTION

D-Link DI-524 Wireless Router, DI-624 Wireless Router, and DI-784 allow remote attackers to cause a denial of service (device reboot) via a series of crafted fragmented UDP packets, possibly involving a missing fragment. D-Link is an internationally renowned provider of network equipment and solutions, and its products include a variety of router equipment.  D-Link's multiple wireless access routers have a denial of service vulnerability. Remote attackers may use this vulnerability to conduct denial of service attacks on devices.  If the attacker sends three consecutive fragmented UDP packets as follows, the device will restart:  The IP header of all messages must have the same Identification Number.  Message 1:  The MORE_FRAGMENTS flag must be set to 1 (IP_MF)  Debris offset = 0  The effective part size of the message is 8 bytes. Null bytes were used in the attack code.  Message 2:  Set the MORE_FRAGMENTS flag to 1 (0x2002)  Debris offset = 16  The valid part is 8 bytes long.  Message 3:  Set the MORE_FRAGMENTS flag to 0 (0x0003)  Debris offset = 24  The valid part is 8 bytes long.  Upon receiving the above message, the affected router will immediately terminate all current connections. DI-524 takes about 1 minute to restart to restore the connection, and DI-624 takes about 30 seconds to restart. This issue is due to a flaw in affected devices that causes them to fail when attempting to reassemble certain IP packets. D-Link DI-524, DI-624, and Di-784 devices are affected by this issue. Due to code reuse among routers, other devices may also be affected. It is reported that US Robotics USR8054 devices are also affected. D-Link is a network company founded by Taiwan D-Link Group, dedicated to the R&D, production and marketing of LAN, broadband network, wireless network, voice network and related network equipment. TITLE: D-Link Wireless Access Point Denial of Service Vulnerability SECUNIA ADVISORY ID: SA18833 VERIFY ADVISORY: http://secunia.com/advisories/18833/ CRITICAL: Moderately critical IMPACT: DoS WHERE: >From remote OPERATING SYSTEM: D-Link DI-784 http://secunia.com/product/8029/ D-Link DI-624 http://secunia.com/product/3660/ D-Link DI-524 http://secunia.com/product/8028/ DESCRIPTION: Aaron Portnoy and Keefe Johnson has reported a vulnerability in D-Link Wireless Access Point, which potentially can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the handling of fragmented UDP packets. The vulnerability has been reported in the following products: * D-Link DI-524 Wireless Router (firmware version 3.20 August 18, 2005). * D-Link DI-624 Wireless Router. * D-Link DI-784. SOLUTION: The vulnerability has reportedly been fixed in the latest firmware. PROVIDED AND/OR DISCOVERED BY: Aaron Portnoy and Keefe Johnson ORIGINAL ADVISORY: http://www.thunkers.net/~deft/advisories/dlink_udp_dos.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.89

sources: NVD: CVE-2005-4723 // CNVD: CNVD-2006-0807 // BID: 16621 // VULHUB: VHN-15931 // PACKETSTORM: 43828

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2006-0807

AFFECTED PRODUCTS

vendor:d linkmodel:di-524scope:eqversion:3.20

Trust: 1.9

vendor:dlinkmodel:di-624scope:eqversion:*

Trust: 1.0

vendor:dlinkmodel:di-524scope:eqversion:*

Trust: 1.0

vendor:d linkmodel:di-784scope:eqversion:*

Trust: 1.0

vendor:nonemodel: - scope: - version: -

Trust: 0.6

vendor:d linkmodel:di-784scope: - version: -

Trust: 0.6

vendor:d linkmodel:di-524scope: - version: -

Trust: 0.6

vendor:d linkmodel:di-624scope: - version: -

Trust: 0.6

vendor:u s roboticsmodel:usr8054scope:eqversion:0

Trust: 0.3

vendor:d linkmodel:di-784scope:eqversion:0

Trust: 0.3

vendor:d linkmodel:di-624scope:eqversion:0

Trust: 0.3

vendor:d linkmodel:di-524scope:eqversion:0

Trust: 0.3

vendor:d linkmodel:di-614+scope:neversion:2.30

Trust: 0.3

vendor:d linkmodel:di-614+scope:neversion:2.18

Trust: 0.3

vendor:d linkmodel:di-614+scope:neversion:2.10

Trust: 0.3

vendor:d linkmodel:di-614+ fscope:neversion:2.0

Trust: 0.3

vendor:d linkmodel:di-614+ 3gscope:neversion:2.0

Trust: 0.3

vendor:d linkmodel:di-614+scope:neversion:2.03

Trust: 0.3

vendor:d linkmodel:di-614+scope:neversion:2.0

Trust: 0.3

vendor:d linkmodel:di-604scope:neversion: -

Trust: 0.3

sources: CNVD: CNVD-2006-0807 // BID: 16621 // CNNVD: CNNVD-200512-848 // NVD: CVE-2005-4723

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2005-4723
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200512-848
value: LOW

Trust: 0.6

VULHUB: VHN-15931
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2005-4723
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-15931
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-15931 // CNNVD: CNNVD-200512-848 // NVD: CVE-2005-4723

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-4723

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200512-848

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200512-848

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-15931

EXTERNAL IDS

db:NVDid:CVE-2005-4723

Trust: 2.3

db:BIDid:16621

Trust: 2.0

db:SECUNIAid:18833

Trust: 1.8

db:VUPENid:ADV-2006-0563

Trust: 1.7

db:CNNVDid:CNNVD-200512-848

Trust: 0.7

db:CNVDid:CNVD-2006-0807

Trust: 0.6

db:EXPLOIT-DBid:1496

Trust: 0.1

db:VULHUBid:VHN-15931

Trust: 0.1

db:PACKETSTORMid:43828

Trust: 0.1

sources: CNVD: CNVD-2006-0807 // VULHUB: VHN-15931 // BID: 16621 // PACKETSTORM: 43828 // CNNVD: CNNVD-200512-848 // NVD: CVE-2005-4723

REFERENCES

url:http://www.thunkers.net/~deft/advisories/dlink_udp_dos.txt

Trust: 1.8

url:http://www.securityfocus.com/bid/16621

Trust: 1.7

url:http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0188.html

Trust: 1.7

url:http://secunia.com/advisories/18833

Trust: 1.7

url:http://www.vupen.com/english/advisories/2006/0563

Trust: 1.7

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/24631

Trust: 1.7

url:http://thunkers.net/~deft/advisories/dlink_udp_dos.txt

Trust: 0.3

url:http://www.usr.com/

Trust: 0.3

url:http://www.d-link.com/

Trust: 0.3

url:http://secunia.com/product/8029/

Trust: 0.1

url:http://secunia.com/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/product/8028/

Trust: 0.1

url:http://secunia.com/advisories/18833/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/about_secunia_advisories/

Trust: 0.1

url:http://secunia.com/product/3660/

Trust: 0.1

sources: VULHUB: VHN-15931 // BID: 16621 // PACKETSTORM: 43828 // CNNVD: CNNVD-200512-848 // NVD: CVE-2005-4723

CREDITS

Aaron Portnoy aportnoy@ccs.neu.edu

Trust: 0.6

sources: CNNVD: CNNVD-200512-848

SOURCES

db:CNVDid:CNVD-2006-0807
db:VULHUBid:VHN-15931
db:BIDid:16621
db:PACKETSTORMid:43828
db:CNNVDid:CNNVD-200512-848
db:NVDid:CVE-2005-4723

LAST UPDATE DATE

2024-11-23T22:20:09.043000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2006-0807date:2006-02-13T00:00:00
db:VULHUBid:VHN-15931date:2017-07-20T00:00:00
db:BIDid:16621date:2006-02-14T18:53:00
db:CNNVDid:CNNVD-200512-848date:2023-04-27T00:00:00
db:NVDid:CVE-2005-4723date:2024-11-21T00:05:01.300

SOURCES RELEASE DATE

db:CNVDid:CNVD-2006-0807date:2006-02-13T00:00:00
db:VULHUBid:VHN-15931date:2005-12-31T00:00:00
db:BIDid:16621date:2006-02-13T00:00:00
db:PACKETSTORMid:43828date:2006-02-14T20:21:41
db:CNNVDid:CNNVD-200512-848date:2005-12-31T00:00:00
db:NVDid:CVE-2005-4723date:2005-12-31T05:00:00