Details of VAR-200601-0270

ID

VAR-200601-0270

CVE

CVE-2006-0309

TITLE

Linksys BEFVP41 IP Option Remote Denial of Service Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200601-215

DESCRIPTION

Linksys BEFVP41 VPN Router 2.0 with firmware 1.01.04 allows remote attackers on the local network, to cause a denial of service via IP packets with a null IP option length. Linksys BEFVP41 routers are susceptible to a remote denial of service vulnerability. This issue is due to a failure of the devices to properly handle unexpected network traffic. This issue allows remote attackers to crash affected devices, denying service to legitimate users. Reportedly, attackers must be located on the internal network, and be able to pass traffic through the router to exploit this issue. It may also be possible from the external side of the network, but this has not been confirmed. The vulnerability has been reported in version 2.0 with firmware revision 1.01.04. SOLUTION: Use the device on trusted networks only. PROVIDED AND/OR DISCOVERED BY: Paul ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.35

sources: NVD: CVE-2006-0309 // BID: 16307 // VULHUB: VHN-16417 // PACKETSTORM: 43166

AFFECTED PRODUCTS

vendor:	linksys	model:	befvp41	scope:	eq	version:	1.01.04	Trust: 1.6
vendor:	linksys	model:	befvp41	scope:	eq	version:	1.42.7	Trust: 0.3
vendor:	linksys	model:	befvp41	scope:	eq	version:	1.40.4	Trust: 0.3
vendor:	linksys	model:	befvp41 .3f	scope:	eq	version:	1.40	Trust: 0.3

sources: BID: 16307 // CNNVD: CNNVD-200601-215 // NVD: CVE-2006-0309

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2006-0309
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200601-215
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-16417
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2006-0309
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-16417
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-16417 // CNNVD: CNNVD-200601-215 // NVD: CVE-2006-0309

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-0309

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200601-215

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200601-215

EXTERNAL IDS

db:	BID	id:	16307	Trust: 2.0
db:	SECUNIA	id:	18461	Trust: 1.8
db:	VUPEN	id:	ADV-2006-0238	Trust: 1.7
db:	SECTRACK	id:	1015490	Trust: 1.7
db:	NVD	id:	CVE-2006-0309	Trust: 1.7
db:	CNNVD	id:	CNNVD-200601-215	Trust: 0.7
db:	XF	id:	24125	Trust: 0.6
db:	BUGTRAQ	id:	20060113 LINKSYS VPN ROUTER (BEFVP41) DOS VULNERABILITY	Trust: 0.6
db:	BUGTRAQ	id:	20060116 RE: LINKSYS VPN ROUTER (BEFVP41) DOS VULNERABILITY	Trust: 0.6
db:	BUGTRAQ	id:	20060117 RE: LINKSYS VPN ROUTER (BEFVP41) DOS VULNERABILITY	Trust: 0.6
db:	VULHUB	id:	VHN-16417	Trust: 0.1
db:	PACKETSTORM	id:	43166	Trust: 0.1

sources: VULHUB: VHN-16417 // BID: 16307 // PACKETSTORM: 43166 // CNNVD: CNNVD-200601-215 // NVD: CVE-2006-0309

REFERENCES

url:	http://www.securityfocus.com/bid/16307	Trust: 1.7
url:	http://securitytracker.com/id?1015490	Trust: 1.7
url:	http://secunia.com/advisories/18461	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/421929/100/0/threaded	Trust: 1.1
url:	http://www.securityfocus.com/archive/1/422064/100/0/threaded	Trust: 1.1
url:	http://www.securityfocus.com/archive/1/422266/100/0/threaded	Trust: 1.1
url:	http://www.vupen.com/english/advisories/2006/0238	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/24125	Trust: 1.1
url:	http://www.securityfocus.com/archive/1/archive/1/422064/100/0/threaded	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/421929/100/0/threaded	Trust: 0.6
url:	http://www.frsirt.com/english/advisories/2006/0238	Trust: 0.6
url:	http://xforce.iss.net/xforce/xfdb/24125	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/422266/100/0/threaded	Trust: 0.6
url:	http://www1.linksys.com/products/product.asp?grid=34&scid=29&prid=607	Trust: 0.3
url:	/archive/1/422266	Trust: 0.3
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1
url:	http://secunia.com/product/685/	Trust: 0.1
url:	http://secunia.com/advisories/18461/	Trust: 0.1

sources: VULHUB: VHN-16417 // BID: 16307 // PACKETSTORM: 43166 // CNNVD: CNNVD-200601-215 // NVD: CVE-2006-0309

CREDITS

paul14075@gmail.com discovered this issue.

Trust: 0.9

sources: BID: 16307 // CNNVD: CNNVD-200601-215

SOURCES

db:	VULHUB	id:	VHN-16417
db:	BID	id:	16307
db:	PACKETSTORM	id:	43166
db:	CNNVD	id:	CNNVD-200601-215
db:	NVD	id:	CVE-2006-0309

LAST UPDATE DATE

2024-08-14T14:15:51.801000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-16417	date:	2018-10-19T00:00:00
db:	BID	id:	16307	date:	2006-02-07T20:55:00
db:	CNNVD	id:	CNNVD-200601-215	date:	2006-01-20T00:00:00
db:	NVD	id:	CVE-2006-0309	date:	2018-10-19T15:44:19.940

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-16417	date:	2006-01-19T00:00:00
db:	BID	id:	16307	date:	2006-01-18T00:00:00
db:	PACKETSTORM	id:	43166	date:	2006-01-19T02:04:53
db:	CNNVD	id:	CNNVD-200601-215	date:	2006-01-18T00:00:00
db:	NVD	id:	CVE-2006-0309	date:	2006-01-19T01:03:00