Details of VAR-200610-0259

ID

VAR-200610-0259

CVE

CVE-2006-5425

TITLE

XORP Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2006-003325

DESCRIPTION

XORP (eXtensible Open Router Platform) 1.2 and 1.3 allows remote attackers to cause a denial of service (application crash) via an Open Shortest Path First (OSPF) Link State Advertisement (LSA) with an invalid LSA length field. Exploiting this issue allows remote, unauthenticated attackers to crash the application, denying further service to legitimate users. eXtensible Open Router Platform versions 1.2 and 1.3 are vulnerable to this issue. ---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. Currently the following type of positions are available: http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: XORP OSPF Link State Advertisements Denial of Service SECUNIA ADVISORY ID: SA22462 VERIFY ADVISORY: http://secunia.com/advisories/22462/ CRITICAL: Moderately critical IMPACT: DoS WHERE: >From remote SOFTWARE: XORP 1.x http://secunia.com/product/12372/ DESCRIPTION: Mu Security has reported a vulnerability in XORP, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an out of bounds read when processing Link State Advertisements (LSA). This can be exploited to crash the OSPF daemon by sending LSAs with invalid length values. The vulnerability is reported in XORP 1.2 and 1.3. Other versions may also be affected. SOLUTION: Follow vendor instructions to apply patches. http://www.xorp.org/advisories/XORP_SA_06:01.ospf.txt PROVIDED AND/OR DISCOVERED BY: Mu Security ORIGINAL ADVISORY: XORP Project Advisory: http://www.xorp.org/advisories/XORP_SA_06:01.ospf.txt Mu Security Advisory: http://labs.musecurity.com/advisories/MU-200610-01.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2006-5425 // JVNDB: JVNDB-2006-003325 // BID: 20597 // VULHUB: VHN-21533 // PACKETSTORM: 51101

AFFECTED PRODUCTS

vendor:	xorp	model:	extensible open router platform	scope:	eq	version:	1.3	Trust: 1.9
vendor:	xorp	model:	extensible open router platform	scope:	eq	version:	1.2	Trust: 1.9
vendor:	xorp	model:	extensible open router platform	scope:	eq	version:	1.2 and 1.3	Trust: 0.8

sources: BID: 20597 // JVNDB: JVNDB-2006-003325 // CNNVD: CNNVD-200610-337 // NVD: CVE-2006-5425

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2006-5425
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2006-5425
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200610-337
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-21533
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2006-5425
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-21533
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-21533 // JVNDB: JVNDB-2006-003325 // CNNVD: CNNVD-200610-337 // NVD: CVE-2006-5425

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-5425

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200610-337

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200610-337

CONFIGURATIONS

sources: JVNDB: JVNDB-2006-003325

PATCH

title:

XORP_SA_06:01.ospf

url:

http://www.xorp.org/advisories/XORP_SA_06:01.ospf.txt

Trust: 0.8

sources: JVNDB: JVNDB-2006-003325

EXTERNAL IDS

db:	NVD	id:	CVE-2006-5425	Trust: 2.8
db:	BID	id:	20597	Trust: 2.0
db:	SECUNIA	id:	22462	Trust: 1.8
db:	VUPEN	id:	ADV-2006-4107	Trust: 1.7
db:	SECTRACK	id:	1017079	Trust: 1.7
db:	JVNDB	id:	JVNDB-2006-003325	Trust: 0.8
db:	CNNVD	id:	CNNVD-200610-337	Trust: 0.7
db:	FULLDISC	id:	20061018 [MU-200610-01] DENIAL OF SERVICE IN XORP OSPFV2	Trust: 0.6
db:	XF	id:	29658	Trust: 0.6
db:	VULHUB	id:	VHN-21533	Trust: 0.1
db:	PACKETSTORM	id:	51101	Trust: 0.1

sources: VULHUB: VHN-21533 // BID: 20597 // JVNDB: JVNDB-2006-003325 // PACKETSTORM: 51101 // CNNVD: CNNVD-200610-337 // NVD: CVE-2006-5425

REFERENCES

url:	http://labs.musecurity.com/advisories/mu-200610-01.txt	Trust: 2.1
url:	http://www.xorp.org/advisories/xorp_sa_06:01.ospf.txt	Trust: 1.8
url:	http://www.securityfocus.com/bid/20597	Trust: 1.7
url:	http://securitytracker.com/id?1017079	Trust: 1.7
url:	http://secunia.com/advisories/22462	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2006/4107	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/29658	Trust: 1.1
url:	http://marc.info/?l=full-disclosure&m=116115975806681&w=2	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-5425	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-5425	Trust: 0.8
url:	http://marc.theaimsgroup.com/?l=full-disclosure&m=116115975806681&w=2	Trust: 0.6
url:	http://xforce.iss.net/xforce/xfdb/29658	Trust: 0.6
url:	http://www.frsirt.com/english/advisories/2006/4107	Trust: 0.6
url:	http://www.xorp.org	Trust: 0.3
url:	http://marc.info/?l=full-disclosure&m=116115975806681&w=2	Trust: 0.1
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1
url:	http://secunia.com/advisories/22462/	Trust: 0.1
url:	http://secunia.com/hardcore_disassembler_and_reverse_engineer/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/product/12372/	Trust: 0.1

sources: VULHUB: VHN-21533 // BID: 20597 // JVNDB: JVNDB-2006-003325 // PACKETSTORM: 51101 // CNNVD: CNNVD-200610-337 // NVD: CVE-2006-5425

CREDITS

MUSecurity is credited with the discovery of this issue.

Trust: 0.3

sources: BID: 20597

SOURCES

db:	VULHUB	id:	VHN-21533
db:	BID	id:	20597
db:	JVNDB	id:	JVNDB-2006-003325
db:	PACKETSTORM	id:	51101
db:	CNNVD	id:	CNNVD-200610-337
db:	NVD	id:	CVE-2006-5425

LAST UPDATE DATE

2024-08-14T14:00:11.157000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-21533	date:	2017-07-20T00:00:00
db:	BID	id:	20597	date:	2016-07-06T14:06:00
db:	JVNDB	id:	JVNDB-2006-003325	date:	2012-12-20T00:00:00
db:	CNNVD	id:	CNNVD-200610-337	date:	2006-10-23T00:00:00
db:	NVD	id:	CVE-2006-5425	date:	2017-07-20T01:33:44.273

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-21533	date:	2006-10-20T00:00:00
db:	BID	id:	20597	date:	2006-10-17T00:00:00
db:	JVNDB	id:	JVNDB-2006-003325	date:	2012-12-20T00:00:00
db:	PACKETSTORM	id:	51101	date:	2006-10-20T20:09:23
db:	CNNVD	id:	CNNVD-200610-337	date:	2006-10-20T00:00:00
db:	NVD	id:	CVE-2006-5425	date:	2006-10-20T17:07:00