Details of VAR-200609-0446

ID

VAR-200609-0446

CVE

CVE-2006-4911

TITLE

Cisco IPS fails to properly check fragmented IP packets

Trust: 0.8

sources: CERT/CC: VU#658884

DESCRIPTION

Unspecified vulnerability in Cisco IPS 5.0 before 5.0(6p2) and 5.1 before 5.1(2), when running in inline or promiscuous mode, allows remote attackers to bypass traffic inspection via a "crafted sequence of fragmented IP packets". Cisco IPS systems may fail to check specially-crafted IP packets that are fragmented. The web administration interface of Cisco Intrusion Prevention System and Intrusion Detection System devices fails to properly handle certain Secure Socket Layer packets. This vulnerability may cause a denial of service. Cisco Intrusion Prevention and Intrusion Detection Systems are prone to an inspection-bypass vulnerability. An attacker can exploit this issue to bypass the inspection mechanism. This may allow attackers to covertly attack presumably protected systems. This issue is being tracked by Cisco bug IDs CSCse17206 and CSCsf12379. An attacker can exploit this issue to cause the interface to become unresponsive, effectively denying administrative access to devices. This could allow an attacker to bypass the protection provided by the IPS device and gain access to internal systems. This can be exploited to bypass the Intrusion Prevention System to e.g. ---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. The vulnerability is caused due to an error within the processing of SSL v2 client Hello packets. This can be exploited to cause a DoS by sending a specially crafted Hello packet to a vulnerable system. Successful exploitation can cause the mainApp process to fail, stopping a system from responding to remote management request sent to the web administration interface or the command-line interface via SSH, sending SMTP traps, and automatically updating ACLs (Access Control Lists) on remote firewall systems. The vulnerability affects the following products: - Cisco IDS 4.1(x) software prior to 4.1(5c) - Cisco IPS 5.0(x) software prior to 5.0(6p1) - Cisco IPS 5.1(x) software prior to 5.1(2) SOLUTION: Apply updated software. Cisco IDS 4.1(5b) and earlier: Update to Cisco IDS 4.1(5c) Cisco IPS 5.0(6p1) and earlier: Update to Cisco IPS 5.0(6p2) Cisco IPS 5.1(1) and earlier: Update to Cisco IPS 5.1(2) PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20060920-ips.shtml OTHER REFERENCES: US-CERT VU#658884: http://www.kb.cert.org/vuls/id/658884 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 3.87

sources: NVD: CVE-2006-4911 // CERT/CC: VU#658884 // CERT/CC: VU#642076 // JVNDB: JVNDB-2006-001292 // BID: 20127 // BID: 20124 // VULHUB: VHN-21019 // PACKETSTORM: 50207 // PACKETSTORM: 50204

AFFECTED PRODUCTS

vendor:	cisco	model:	intrusion prevention system 5.1	scope:	-	version:	-	Trust: 3.0
vendor:	cisco	model:	-	scope:	-	version:	-	Trust: 1.6
vendor:	cisco	model:	ips sensor software	scope:	lt	version:	5.0\(6p2\)	Trust: 1.0
vendor:	cisco	model:	ips sensor software	scope:	gte	version:	5.0	Trust: 1.0
vendor:	cisco	model:	ips sensor software	scope:	lt	version:	5.1\(2\)	Trust: 1.0
vendor:	cisco	model:	ips sensor software	scope:	gte	version:	5.1	Trust: 1.0
vendor:	cisco	model:	intrusion prevention system software	scope:	lt	version:	5.0(6p2)	Trust: 0.8
vendor:	cisco	model:	intrusion prevention system	scope:	eq	version:	5.1(1)	Trust: 0.6
vendor:	cisco	model:	intrusion prevention system 5.0	scope:	ne	version:	-	Trust: 0.6
vendor:	cisco	model:	intrusion prevention system	scope:	eq	version:	5.1	Trust: 0.6
vendor:	cisco	model:	intrusion prevention system	scope:	ne	version:	5.1(2)	Trust: 0.6
vendor:	cisco	model:	intrusion prevention system	scope:	eq	version:	5.0(3)	Trust: 0.6
vendor:	cisco	model:	intrusion prevention system	scope:	eq	version:	5.0(1)	Trust: 0.6
vendor:	cisco	model:	intrusion prevention system	scope:	eq	version:	5.0(2)	Trust: 0.6
vendor:	cisco	model:	ips sensor software	scope:	eq	version:	5.0\(6\)p1	Trust: 0.6
vendor:	cisco	model:	intrusion prevention system	scope:	eq	version:	5.1\(1\)	Trust: 0.6
vendor:	cisco	model:	intrusion prevention system	scope:	eq	version:	5.0\(6\)p1	Trust: 0.6
vendor:	cisco	model:	ips sensor software	scope:	eq	version:	5.1\(1\)	Trust: 0.6
vendor:	cisco	model:	intrusion prevention system 5.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	intrusion prevention system	scope:	eq	version:	4.x	Trust: 0.3
vendor:	cisco	model:	intrusion detection system 4.1	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	intrusion detection system 4.1	scope:	-	version:	-	Trust: 0.3

sources: CERT/CC: VU#658884 // CERT/CC: VU#642076 // BID: 20127 // BID: 20124 // JVNDB: JVNDB-2006-001292 // CNNVD: CNNVD-200609-366 // NVD: CVE-2006-4911

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2006-4911
value:	HIGH
Trust: 1.0
CARNEGIE MELLON:	VU#658884
value:	4.59
Trust: 0.8
CARNEGIE MELLON:	VU#642076
value:	3.66
Trust: 0.8
NVD:	CVE-2006-4911
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200609-366
value:	HIGH
Trust: 0.6
VULHUB:	VHN-21019
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2006-4911
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-21019
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#658884 // CERT/CC: VU#642076 // VULHUB: VHN-21019 // JVNDB: JVNDB-2006-001292 // CNNVD: CNNVD-200609-366 // NVD: CVE-2006-4911

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-4911

THREAT TYPE

network

Trust: 0.6

sources: BID: 20127 // BID: 20124

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200609-366

CONFIGURATIONS

sources: JVNDB: JVNDB-2006-001292

PATCH

title:	cisco-sa-20060920-ips	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20060920-ips	Trust: 0.8
title:	Cisco IPS/IDS Remedial measures for fragmented messages to bypass security detection vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=95769	Trust: 0.6

sources: JVNDB: JVNDB-2006-001292 // CNNVD: CNNVD-200609-366

EXTERNAL IDS

db:	CERT/CC	id:	VU#658884	Trust: 3.8
db:	NVD	id:	CVE-2006-4911	Trust: 2.5
db:	BID	id:	20127	Trust: 2.0
db:	SECUNIA	id:	22022	Trust: 1.9
db:	OSVDB	id:	29036	Trust: 1.7
db:	SECTRACK	id:	1016891	Trust: 1.7
db:	VUPEN	id:	ADV-2006-3721	Trust: 1.7
db:	BID	id:	20124	Trust: 1.1
db:	SECUNIA	id:	22046	Trust: 1.0
db:	XF	id:	29056	Trust: 0.8
db:	CERT/CC	id:	VU#642076	Trust: 0.8
db:	JVNDB	id:	JVNDB-2006-001292	Trust: 0.8
db:	CNNVD	id:	CNNVD-200609-366	Trust: 0.7
db:	VULHUB	id:	VHN-21019	Trust: 0.1
db:	PACKETSTORM	id:	50207	Trust: 0.1
db:	PACKETSTORM	id:	50204	Trust: 0.1

sources: CERT/CC: VU#658884 // CERT/CC: VU#642076 // VULHUB: VHN-21019 // BID: 20127 // BID: 20124 // JVNDB: JVNDB-2006-001292 // PACKETSTORM: 50207 // PACKETSTORM: 50204 // CNNVD: CNNVD-200609-366 // NVD: CVE-2006-4911

REFERENCES

url:	http://www.cisco.com/warp/public/707/cisco-sa-20060920-ips.shtml	Trust: 4.1
url:	http://www.kb.cert.org/vuls/id/658884	Trust: 3.0
url:	http://www.securityfocus.com/bid/20127	Trust: 1.7
url:	http://www.osvdb.org/29036	Trust: 1.7
url:	http://securitytracker.com/id?1016891	Trust: 1.7
url:	http://secunia.com/advisories/22022	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2006/3721	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/29058	Trust: 1.7
url:	http://secunia.com/advisories/22046/	Trust: 0.9
url:	http://www.cisco.com/en/us/products/hw/vpndevc/ps4077/products_qanda_item0900aecd801e6a99.shtml	Trust: 0.8
url:	http://www.cisco.com/en/us/products/hw/vpndevc/ps4077/products_configuration_guide_chapter09186a008055df9a.html#wp1031536	Trust: 0.8
url:	http://www.securityfocus.com/bid/20124	Trust: 0.8
url:	http://secunia.com/advisories/22046	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/29056	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4911	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-4911	Trust: 0.8
url:	/archive/1/446491	Trust: 0.6
url:	http://www.cisco.com/en/us/products/sw/secursw/ps2113/	Trust: 0.3
url:	http://www.cisco.com/en/us/products/sw/secursw/ps2113/index.html	Trust: 0.3
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.2
url:	http://secunia.com/quality_assurance_analyst/	Trust: 0.2
url:	http://secunia.com/hardcore_disassembler_and_reverse_engineer/	Trust: 0.2
url:	http://secunia.com/product/5600/	Trust: 0.2
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.2
url:	http://secunia.com/web_application_security_specialist/	Trust: 0.2
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.2
url:	http://secunia.com/advisories/22022/	Trust: 0.1
url:	http://secunia.com/product/12069/	Trust: 0.1

CREDITS

The vendor disclosed this issue.

Trust: 0.6

sources: BID: 20127 // BID: 20124

SOURCES

db:	CERT/CC	id:	VU#658884
db:	CERT/CC	id:	VU#642076
db:	VULHUB	id:	VHN-21019
db:	BID	id:	20127
db:	BID	id:	20124
db:	JVNDB	id:	JVNDB-2006-001292
db:	PACKETSTORM	id:	50207
db:	PACKETSTORM	id:	50204
db:	CNNVD	id:	CNNVD-200609-366
db:	NVD	id:	CVE-2006-4911

LAST UPDATE DATE

2024-08-14T14:29:06.479000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#658884	date:	2006-09-20T00:00:00
db:	CERT/CC	id:	VU#642076	date:	2006-09-26T00:00:00
db:	VULHUB	id:	VHN-21019	date:	2019-07-31T00:00:00
db:	BID	id:	20127	date:	2006-09-21T18:46:00
db:	BID	id:	20124	date:	2006-09-21T18:26:00
db:	JVNDB	id:	JVNDB-2006-001292	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200609-366	date:	2019-08-01T00:00:00
db:	NVD	id:	CVE-2006-4911	date:	2019-07-31T12:55:22.097

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#658884	date:	2006-09-20T00:00:00
db:	CERT/CC	id:	VU#642076	date:	2006-09-22T00:00:00
db:	VULHUB	id:	VHN-21019	date:	2006-09-21T00:00:00
db:	BID	id:	20127	date:	2006-09-20T00:00:00
db:	BID	id:	20124	date:	2006-09-20T00:00:00
db:	JVNDB	id:	JVNDB-2006-001292	date:	2012-06-26T00:00:00
db:	PACKETSTORM	id:	50207	date:	2006-09-21T23:56:25
db:	PACKETSTORM	id:	50204	date:	2006-09-21T23:56:25
db:	CNNVD	id:	CNNVD-200609-366	date:	2006-09-20T00:00:00
db:	NVD	id:	CVE-2006-4911	date:	2006-09-21T00:07:00