ID

VAR-200601-0270


CVE

CVE-2006-0309


TITLE

Linksys BEFVP41 IP Option Remote Denial of Service Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200601-215

DESCRIPTION

Linksys BEFVP41 VPN Router 2.0 with firmware 1.01.04 allows remote attackers on the local network, to cause a denial of service via IP packets with a null IP option length. Linksys BEFVP41 routers are susceptible to a remote denial of service vulnerability. This issue is due to a failure of the devices to properly handle unexpected network traffic. This issue allows remote attackers to crash affected devices, denying service to legitimate users. Reportedly, attackers must be located on the internal network, and be able to pass traffic through the router to exploit this issue. It may also be possible from the external side of the network, but this has not been confirmed. The vulnerability has been reported in version 2.0 with firmware revision 1.01.04. SOLUTION: Use the device on trusted networks only. PROVIDED AND/OR DISCOVERED BY: Paul ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.35

sources: NVD: CVE-2006-0309 // BID: 16307 // VULHUB: VHN-16417 // PACKETSTORM: 43166

AFFECTED PRODUCTS

vendor:linksysmodel:befvp41scope:eqversion:1.01.04

Trust: 1.6

vendor:linksysmodel:befvp41scope:eqversion:1.42.7

Trust: 0.3

vendor:linksysmodel:befvp41scope:eqversion:1.40.4

Trust: 0.3

vendor:linksysmodel:befvp41 .3fscope:eqversion:1.40

Trust: 0.3

sources: BID: 16307 // CNNVD: CNNVD-200601-215 // NVD: CVE-2006-0309

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-0309
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200601-215
value: MEDIUM

Trust: 0.6

VULHUB: VHN-16417
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2006-0309
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-16417
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-16417 // CNNVD: CNNVD-200601-215 // NVD: CVE-2006-0309

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-0309

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200601-215

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200601-215

EXTERNAL IDS

db:BIDid:16307

Trust: 2.0

db:SECUNIAid:18461

Trust: 1.8

db:VUPENid:ADV-2006-0238

Trust: 1.7

db:SECTRACKid:1015490

Trust: 1.7

db:NVDid:CVE-2006-0309

Trust: 1.7

db:CNNVDid:CNNVD-200601-215

Trust: 0.7

db:XFid:24125

Trust: 0.6

db:BUGTRAQid:20060113 LINKSYS VPN ROUTER (BEFVP41) DOS VULNERABILITY

Trust: 0.6

db:BUGTRAQid:20060116 RE: LINKSYS VPN ROUTER (BEFVP41) DOS VULNERABILITY

Trust: 0.6

db:BUGTRAQid:20060117 RE: LINKSYS VPN ROUTER (BEFVP41) DOS VULNERABILITY

Trust: 0.6

db:VULHUBid:VHN-16417

Trust: 0.1

db:PACKETSTORMid:43166

Trust: 0.1

sources: VULHUB: VHN-16417 // BID: 16307 // PACKETSTORM: 43166 // CNNVD: CNNVD-200601-215 // NVD: CVE-2006-0309

REFERENCES

url:http://www.securityfocus.com/bid/16307

Trust: 1.7

url:http://securitytracker.com/id?1015490

Trust: 1.7

url:http://secunia.com/advisories/18461

Trust: 1.7

url:http://www.securityfocus.com/archive/1/421929/100/0/threaded

Trust: 1.1

url:http://www.securityfocus.com/archive/1/422064/100/0/threaded

Trust: 1.1

url:http://www.securityfocus.com/archive/1/422266/100/0/threaded

Trust: 1.1

url:http://www.vupen.com/english/advisories/2006/0238

Trust: 1.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/24125

Trust: 1.1

url:http://www.securityfocus.com/archive/1/archive/1/422064/100/0/threaded

Trust: 0.6

url:http://www.securityfocus.com/archive/1/archive/1/421929/100/0/threaded

Trust: 0.6

url:http://www.frsirt.com/english/advisories/2006/0238

Trust: 0.6

url:http://xforce.iss.net/xforce/xfdb/24125

Trust: 0.6

url:http://www.securityfocus.com/archive/1/archive/1/422266/100/0/threaded

Trust: 0.6

url:http://www1.linksys.com/products/product.asp?grid=34&scid=29&prid=607

Trust: 0.3

url:/archive/1/422266

Trust: 0.3

url:http://secunia.com/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/about_secunia_advisories/

Trust: 0.1

url:http://secunia.com/product/685/

Trust: 0.1

url:http://secunia.com/advisories/18461/

Trust: 0.1

sources: VULHUB: VHN-16417 // BID: 16307 // PACKETSTORM: 43166 // CNNVD: CNNVD-200601-215 // NVD: CVE-2006-0309

CREDITS

paul14075@gmail.com discovered this issue.

Trust: 0.9

sources: BID: 16307 // CNNVD: CNNVD-200601-215

SOURCES

db:VULHUBid:VHN-16417
db:BIDid:16307
db:PACKETSTORMid:43166
db:CNNVDid:CNNVD-200601-215
db:NVDid:CVE-2006-0309

LAST UPDATE DATE

2024-11-23T22:47:06.924000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-16417date:2018-10-19T00:00:00
db:BIDid:16307date:2006-02-07T20:55:00
db:CNNVDid:CNNVD-200601-215date:2006-01-20T00:00:00
db:NVDid:CVE-2006-0309date:2024-11-21T00:06:09.887

SOURCES RELEASE DATE

db:VULHUBid:VHN-16417date:2006-01-19T00:00:00
db:BIDid:16307date:2006-01-18T00:00:00
db:PACKETSTORMid:43166date:2006-01-19T02:04:53
db:CNNVDid:CNNVD-200601-215date:2006-01-18T00:00:00
db:NVDid:CVE-2006-0309date:2006-01-19T01:03:00