Details of VAR-200609-0398

ID

VAR-200609-0398

CVE

CVE-2006-4910

TITLE

Cisco IPS fails to properly check fragmented IP packets

Trust: 0.8

sources: CERT/CC: VU#658884

DESCRIPTION

The web administration interface (mainApp) to Cisco IDS before 4.1(5c), and IPS 5.0 before 5.0(6p1) and 5.1 before 5.1(2) allows remote attackers to cause a denial of service (unresponsive device) via a crafted SSLv2 Client Hello packet. Cisco IPS systems may fail to check specially-crafted IP packets that are fragmented. The web administration interface of Cisco Intrusion Prevention System and Intrusion Detection System devices fails to properly handle certain Secure Socket Layer packets. This vulnerability may cause a denial of service. Cisco Intrusion Prevention and Intrusion Detection Systems are prone to an inspection-bypass vulnerability. An attacker can exploit this issue to bypass the inspection mechanism. This may allow attackers to covertly attack presumably protected systems. This issue is being tracked by Cisco bug IDs CSCse17206 and CSCsf12379. An attacker can exploit this issue to cause the interface to become unresponsive, effectively denying administrative access to devices. Remote attackers may use this vulnerability to cause the management port to fail. This can be exploited to bypass the Intrusion Prevention System to e.g. ---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. The vulnerability is caused due to an error within the processing of SSL v2 client Hello packets. This can be exploited to cause a DoS by sending a specially crafted Hello packet to a vulnerable system. Successful exploitation can cause the mainApp process to fail, stopping a system from responding to remote management request sent to the web administration interface or the command-line interface via SSH, sending SMTP traps, and automatically updating ACLs (Access Control Lists) on remote firewall systems. The vulnerability affects the following products: - Cisco IDS 4.1(x) software prior to 4.1(5c) - Cisco IPS 5.0(x) software prior to 5.0(6p1) - Cisco IPS 5.1(x) software prior to 5.1(2) SOLUTION: Apply updated software. Cisco IDS 4.1(5b) and earlier: Update to Cisco IDS 4.1(5c) Cisco IPS 5.0(6p1) and earlier: Update to Cisco IPS 5.0(6p2) Cisco IPS 5.1(1) and earlier: Update to Cisco IPS 5.1(2) PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20060920-ips.shtml OTHER REFERENCES: US-CERT VU#658884: http://www.kb.cert.org/vuls/id/658884 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 3.96

sources: NVD: CVE-2006-4910 // CERT/CC: VU#658884 // CERT/CC: VU#642076 // JVNDB: JVNDB-2006-001291 // BID: 20127 // BID: 20124 // VULHUB: VHN-21018 // VULMON: CVE-2006-4910 // PACKETSTORM: 50207 // PACKETSTORM: 50204

AFFECTED PRODUCTS

vendor:	cisco	model:	intrusion prevention system 5.1	scope:	-	version:	-	Trust: 3.0
vendor:	cisco	model:	-	scope:	-	version:	-	Trust: 1.6
vendor:	cisco	model:	ids sensor software	scope:	eq	version:	4.1\(5b\)	Trust: 1.6
vendor:	cisco	model:	ips sensor software	scope:	eq	version:	5.1\(1\)	Trust: 1.6
vendor:	cisco	model:	ips sensor software	scope:	eq	version:	5.0\(6\)p1	Trust: 1.6
vendor:	cisco	model:	intrusion prevention system software	scope:	lt	version:	5.0(6p1)	Trust: 0.8
vendor:	cisco	model:	intrusion prevention system	scope:	eq	version:	5.1(1)	Trust: 0.6
vendor:	cisco	model:	intrusion prevention system 5.0	scope:	ne	version:	-	Trust: 0.6
vendor:	cisco	model:	intrusion prevention system	scope:	eq	version:	5.1	Trust: 0.6
vendor:	cisco	model:	intrusion prevention system	scope:	ne	version:	5.1(2)	Trust: 0.6
vendor:	cisco	model:	intrusion prevention system	scope:	eq	version:	5.0(3)	Trust: 0.6
vendor:	cisco	model:	intrusion prevention system	scope:	eq	version:	5.0(1)	Trust: 0.6
vendor:	cisco	model:	intrusion prevention system	scope:	eq	version:	5.0(2)	Trust: 0.6
vendor:	cisco	model:	intrusion prevention system	scope:	eq	version:	5.1\(1\)	Trust: 0.6
vendor:	cisco	model:	ids	scope:	eq	version:	4.1\(5b\)	Trust: 0.6
vendor:	cisco	model:	intrusion prevention system	scope:	eq	version:	5.0\(6\)p1	Trust: 0.6
vendor:	cisco	model:	intrusion prevention system 5.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	intrusion prevention system	scope:	eq	version:	4.x	Trust: 0.3
vendor:	cisco	model:	intrusion detection system 4.1	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	intrusion detection system 4.1	scope:	-	version:	-	Trust: 0.3

sources: CERT/CC: VU#658884 // CERT/CC: VU#642076 // BID: 20127 // BID: 20124 // JVNDB: JVNDB-2006-001291 // CNNVD: CNNVD-200609-363 // NVD: CVE-2006-4910

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2006-4910
value:	MEDIUM
Trust: 1.0
CARNEGIE MELLON:	VU#658884
value:	4.59
Trust: 0.8
CARNEGIE MELLON:	VU#642076
value:	3.66
Trust: 0.8
NVD:	CVE-2006-4910
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200609-363
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-21018
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2006-4910
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2006-4910
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-21018
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#658884 // CERT/CC: VU#642076 // VULHUB: VHN-21018 // VULMON: CVE-2006-4910 // JVNDB: JVNDB-2006-001291 // CNNVD: CNNVD-200609-363 // NVD: CVE-2006-4910

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-4910

THREAT TYPE

network

Trust: 0.6

sources: BID: 20127 // BID: 20124

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200609-363

CONFIGURATIONS

sources: JVNDB: JVNDB-2006-001291

PATCH

title:

cisco-sa-20060920-ips

url:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20060920-ips

Trust: 0.8

sources: JVNDB: JVNDB-2006-001291

EXTERNAL IDS

db:	CERT/CC	id:	VU#642076	Trust: 3.4
db:	BID	id:	20124	Trust: 2.9
db:	SECUNIA	id:	22046	Trust: 2.8
db:	NVD	id:	CVE-2006-4910	Trust: 2.6
db:	OSVDB	id:	29037	Trust: 1.8
db:	SECTRACK	id:	1016891	Trust: 1.7
db:	VUPEN	id:	ADV-2006-3721	Trust: 1.7
db:	XF	id:	29056	Trust: 1.4
db:	CERT/CC	id:	VU#658884	Trust: 1.3
db:	JVNDB	id:	JVNDB-2006-001291	Trust: 0.8
db:	CNNVD	id:	CNNVD-200609-363	Trust: 0.7
db:	CISCO	id:	20060920 CISCO SECURITY ADVISORY: CISCO INTRUSION PREVENTION SYSTEM MANAGEMENT INTERFACE DENIAL OF SERVICE AND FRAGMENTED PACKET EVASION VULNERABILITIES	Trust: 0.6
db:	BID	id:	20127	Trust: 0.3
db:	SECUNIA	id:	22022	Trust: 0.2
db:	VULHUB	id:	VHN-21018	Trust: 0.1
db:	VUPEN	id:	2006/3721	Trust: 0.1
db:	VULMON	id:	CVE-2006-4910	Trust: 0.1
db:	PACKETSTORM	id:	50207	Trust: 0.1
db:	PACKETSTORM	id:	50204	Trust: 0.1

sources: CERT/CC: VU#658884 // CERT/CC: VU#642076 // VULHUB: VHN-21018 // VULMON: CVE-2006-4910 // BID: 20127 // BID: 20124 // JVNDB: JVNDB-2006-001291 // PACKETSTORM: 50207 // PACKETSTORM: 50204 // CNNVD: CNNVD-200609-363 // NVD: CVE-2006-4910

REFERENCES

url:	http://www.cisco.com/warp/public/707/cisco-sa-20060920-ips.shtml	Trust: 4.2
url:	http://www.kb.cert.org/vuls/id/642076	Trust: 2.7
url:	http://www.securityfocus.com/bid/20124	Trust: 2.6
url:	http://secunia.com/advisories/22046	Trust: 2.6
url:	http://www.osvdb.org/29037	Trust: 1.8
url:	http://securitytracker.com/id?1016891	Trust: 1.8
url:	http://xforce.iss.net/xforce/xfdb/29056	Trust: 1.4
url:	http://www.vupen.com/english/advisories/2006/3721	Trust: 1.2
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/29056	Trust: 1.2
url:	http://secunia.com/advisories/22046/	Trust: 0.9
url:	http://www.cisco.com/en/us/products/hw/vpndevc/ps4077/products_qanda_item0900aecd801e6a99.shtml	Trust: 0.8
url:	http://www.cisco.com/en/us/products/hw/vpndevc/ps4077/products_configuration_guide_chapter09186a008055df9a.html#wp1031536	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4910	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-4910	Trust: 0.8
url:	/archive/1/446491	Trust: 0.6
url:	http://www.frsirt.com/english/advisories/2006/3721	Trust: 0.6
url:	http://www.kb.cert.org/vuls/id/658884	Trust: 0.5
url:	http://www.cisco.com/en/us/products/sw/secursw/ps2113/	Trust: 0.3
url:	http://www.cisco.com/en/us/products/sw/secursw/ps2113/index.html	Trust: 0.3
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.2
url:	http://secunia.com/quality_assurance_analyst/	Trust: 0.2
url:	http://secunia.com/hardcore_disassembler_and_reverse_engineer/	Trust: 0.2
url:	http://secunia.com/product/5600/	Trust: 0.2
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.2
url:	http://secunia.com/web_application_security_specialist/	Trust: 0.2
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=11732	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	http://secunia.com/advisories/22022/	Trust: 0.1
url:	http://secunia.com/product/12069/	Trust: 0.1

CREDITS

The vendor disclosed this issue.

Trust: 0.6

sources: BID: 20127 // BID: 20124

SOURCES

db:	CERT/CC	id:	VU#658884
db:	CERT/CC	id:	VU#642076
db:	VULHUB	id:	VHN-21018
db:	VULMON	id:	CVE-2006-4910
db:	BID	id:	20127
db:	BID	id:	20124
db:	JVNDB	id:	JVNDB-2006-001291
db:	PACKETSTORM	id:	50207
db:	PACKETSTORM	id:	50204
db:	CNNVD	id:	CNNVD-200609-363
db:	NVD	id:	CVE-2006-4910

LAST UPDATE DATE

2024-08-14T14:29:06.537000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#658884	date:	2006-09-20T00:00:00
db:	CERT/CC	id:	VU#642076	date:	2006-09-26T00:00:00
db:	VULHUB	id:	VHN-21018	date:	2018-10-30T00:00:00
db:	VULMON	id:	CVE-2006-4910	date:	2018-10-30T00:00:00
db:	BID	id:	20127	date:	2006-09-21T18:46:00
db:	BID	id:	20124	date:	2006-09-21T18:26:00
db:	JVNDB	id:	JVNDB-2006-001291	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200609-363	date:	2006-09-22T00:00:00
db:	NVD	id:	CVE-2006-4910	date:	2018-10-30T16:25:30.887

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#658884	date:	2006-09-20T00:00:00
db:	CERT/CC	id:	VU#642076	date:	2006-09-22T00:00:00
db:	VULHUB	id:	VHN-21018	date:	2006-09-21T00:00:00
db:	VULMON	id:	CVE-2006-4910	date:	2006-09-21T00:00:00
db:	BID	id:	20127	date:	2006-09-20T00:00:00
db:	BID	id:	20124	date:	2006-09-20T00:00:00
db:	JVNDB	id:	JVNDB-2006-001291	date:	2012-06-26T00:00:00
db:	PACKETSTORM	id:	50207	date:	2006-09-21T23:56:25
db:	PACKETSTORM	id:	50204	date:	2006-09-21T23:56:25
db:	CNNVD	id:	CNNVD-200609-363	date:	2006-09-20T00:00:00
db:	NVD	id:	CVE-2006-4910	date:	2006-09-21T00:07:00