Details of VAR-200805-0298

ID

VAR-200805-0298

CVE

CVE-2008-2171

TITLE

AlaxalA AX Service disruption in routers (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2008-003048

DESCRIPTION

Unspecified vulnerability in AlaxalA AX routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, leading to route flapping, possibly a related issue to CVE-2007-6372. AlaxalA AX The router has a service disruption ( Session drop ) There is a vulnerability that becomes a condition. Multiple vendors' BGP implementations are prone to a remote denial-of-service vulnerability that arises when the software handles specially crafted BGP packets. It has been assigned its own record because details regarding what technologies are vulnerable and how the various vendors have implemented BGP are not currently available. As more information emerges, we will create individual records to further document the vulnerability for the various vulnerable technologies. AlaxalA Networks AX series and Hitachi GR series are reported vulnerable to this issue. Unspecified technologies from Avici Systems, Inc., Century Systems Inc., and Yamaha Corporation are also reported vulnerable. Juniper Networks Juniper Junos is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware system. The operating system provides a secure programming interface and Junos SDK. There is a loophole in the implementation of the BGP protocol in JUNOS, and a remote attacker may take advantage of this loophole. ---------------------------------------------------------------------- Secunia Network Software Inspector 2.0 (NSI) - Public Beta The Public Beta has ended. Thanks to all that participated. Learn more: http://secunia.com/network_software_inspector_2/ ---------------------------------------------------------------------- TITLE: ALAXALA Networks AX Series BGP UPDATE Message Processing Denial of Service SECUNIA ADVISORY ID: SA30054 VERIFY ADVISORY: http://secunia.com/advisories/30054/ CRITICAL: Moderately critical IMPACT: DoS WHERE: >From remote OPERATING SYSTEM: ALAXALA Networks AX7800S Series http://secunia.com/product/5125/ ALAXALA Networks AX7800R Series http://secunia.com/product/5124/ ALAXALA Networks AX7700R http://secunia.com/product/11176/ ALAXALA Networks AX5400S Series http://secunia.com/product/5126/ ALAXALA Networks AX3600S Series http://secunia.com/product/11174/ ALAXALA Networks AX2400S Series http://secunia.com/product/11175/ ALAXALA Networks AX2000R Series http://secunia.com/product/11177/ DESCRIPTION: A vulnerability has been reported in ALAXALA Networks AX series, which can be exploited by malicious people to cause a DoS (Denial of Service). SOLUTION: Restrict network access on affected systems. PROVIDED AND/OR DISCOVERED BY: Reported via US-CERT. ORIGINAL ADVISORY: US-CERT VU#929656: http://www.kb.cert.org/vuls/id/929656 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.25

sources: NVD: CVE-2008-2171 // JVNDB: JVNDB-2008-003048 // BID: 28999 // VULHUB: VHN-32296 // VULMON: CVE-2008-2171 // PACKETSTORM: 66123 // PACKETSTORM: 66130

AFFECTED PRODUCTS

vendor:	alaxala	model:	ax router	scope:	-	version:	-	Trust: 1.4
vendor:	alaxala	model:	ax router	scope:	eq	version:	*	Trust: 1.0
vendor:	hitachi	model:	gr4000	scope:	-	version:	-	Trust: 0.3
vendor:	hitachi	model:	gr3000	scope:	-	version:	-	Trust: 0.3
vendor:	hitachi	model:	gr2000-bh	scope:	-	version:	-	Trust: 0.3
vendor:	hitachi	model:	gr2000-2b+	scope:	-	version:	-	Trust: 0.3
vendor:	hitachi	model:	gr2000-2b	scope:	-	version:	-	Trust: 0.3
vendor:	hitachi	model:	gr2000-1b	scope:	-	version:	-	Trust: 0.3
vendor:	hitachi	model:	alaxala ax	scope:	-	version:	-	Trust: 0.3
vendor:	alaxala	model:	networks ax7800s	scope:	-	version:	-	Trust: 0.3
vendor:	alaxala	model:	networks ax7800r	scope:	-	version:	-	Trust: 0.3
vendor:	alaxala	model:	networks ax7700r	scope:	eq	version:	0	Trust: 0.3
vendor:	alaxala	model:	networks ax5400s	scope:	-	version:	-	Trust: 0.3
vendor:	alaxala	model:	networks ax3600s	scope:	eq	version:	0	Trust: 0.3
vendor:	alaxala	model:	networks ax2400s	scope:	eq	version:	0	Trust: 0.3
vendor:	alaxala	model:	networks ax2000r	scope:	eq	version:	0	Trust: 0.3

sources: BID: 28999 // JVNDB: JVNDB-2008-003048 // CNNVD: CNNVD-200805-126 // NVD: CVE-2008-2171

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2008-2171
value:	HIGH
Trust: 1.0
NVD:	CVE-2008-2171
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200805-126
value:	HIGH
Trust: 0.6
VULHUB:	VHN-32296
value:	HIGH
Trust: 0.1
VULMON:	CVE-2008-2171
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2008-2171
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-32296
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-32296 // VULMON: CVE-2008-2171 // JVNDB: JVNDB-2008-003048 // CNNVD: CNNVD-200805-126 // NVD: CVE-2008-2171

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-32296 // JVNDB: JVNDB-2008-003048 // NVD: CVE-2008-2171

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200805-126

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200805-126

CONFIGURATIONS

sources: JVNDB: JVNDB-2008-003048

PATCH

title:

Top Page

url:

http://www.alaxala.com/

Trust: 0.8

sources: JVNDB: JVNDB-2008-003048

EXTERNAL IDS

db:	NVD	id:	CVE-2008-2171	Trust: 2.9
db:	CERT/CC	id:	VU#929656	Trust: 2.3
db:	BID	id:	28999	Trust: 2.1
db:	SECUNIA	id:	30054	Trust: 2.0
db:	VUPEN	id:	ADV-2008-1407	Trust: 1.7
db:	JVNDB	id:	JVNDB-2008-003048	Trust: 0.8
db:	CNNVD	id:	CNNVD-200805-126	Trust: 0.7
db:	SECUNIA	id:	30028	Trust: 0.2
db:	VULHUB	id:	VHN-32296	Trust: 0.1
db:	VUPEN	id:	2008/1407	Trust: 0.1
db:	VULMON	id:	CVE-2008-2171	Trust: 0.1
db:	PACKETSTORM	id:	66123	Trust: 0.1
db:	PACKETSTORM	id:	66130	Trust: 0.1

sources: VULHUB: VHN-32296 // VULMON: CVE-2008-2171 // BID: 28999 // JVNDB: JVNDB-2008-003048 // PACKETSTORM: 66123 // PACKETSTORM: 66130 // CNNVD: CNNVD-200805-126 // NVD: CVE-2008-2171

REFERENCES

url:	http://www.kb.cert.org/vuls/id/929656	Trust: 2.3
url:	http://www.securityfocus.com/bid/28999	Trust: 1.9
url:	http://www.kb.cert.org/vuls/id/mimg-79uv2a	Trust: 1.8
url:	http://secunia.com/advisories/30054	Trust: 1.8
url:	http://www.vupen.com/english/advisories/2008/1407/references	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-2171	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-2171	Trust: 0.8
url:	http://www.frsirt.com/english/advisories/2008/1407/references	Trust: 0.6
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.2
url:	http://secunia.com/network_software_inspector_2/	Trust: 0.2
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.2
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/20.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	http://secunia.com/product/5126/	Trust: 0.1
url:	http://secunia.com/product/11176/	Trust: 0.1
url:	http://secunia.com/product/11174/	Trust: 0.1
url:	http://secunia.com/product/11177/	Trust: 0.1
url:	http://secunia.com/advisories/30054/	Trust: 0.1
url:	http://secunia.com/product/5125/	Trust: 0.1
url:	http://secunia.com/product/11175/	Trust: 0.1
url:	http://secunia.com/product/5124/	Trust: 0.1
url:	http://secunia.com/advisories/30028/	Trust: 0.1
url:	http://secunia.com/product/5131/	Trust: 0.1
url:	http://secunia.com/product/5129/	Trust: 0.1

CREDITS

Juniper Networks

Trust: 0.6

sources: CNNVD: CNNVD-200805-126

SOURCES

db:	VULHUB	id:	VHN-32296
db:	VULMON	id:	CVE-2008-2171
db:	BID	id:	28999
db:	JVNDB	id:	JVNDB-2008-003048
db:	PACKETSTORM	id:	66123
db:	PACKETSTORM	id:	66130
db:	CNNVD	id:	CNNVD-200805-126
db:	NVD	id:	CVE-2008-2171

LAST UPDATE DATE

2024-11-23T21:48:34.069000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-32296	date:	2011-03-08T00:00:00
db:	VULMON	id:	CVE-2008-2171	date:	2011-03-08T00:00:00
db:	BID	id:	28999	date:	2016-07-06T14:17:00
db:	JVNDB	id:	JVNDB-2008-003048	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200805-126	date:	2008-09-05T00:00:00
db:	NVD	id:	CVE-2008-2171	date:	2024-11-21T00:46:14.813

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-32296	date:	2008-05-13T00:00:00
db:	VULMON	id:	CVE-2008-2171	date:	2008-05-13T00:00:00
db:	BID	id:	28999	date:	2008-05-01T00:00:00
db:	JVNDB	id:	JVNDB-2008-003048	date:	2012-06-26T00:00:00
db:	PACKETSTORM	id:	66123	date:	2008-05-08T17:30:50
db:	PACKETSTORM	id:	66130	date:	2008-05-08T17:30:50
db:	CNNVD	id:	CNNVD-200805-126	date:	2007-12-14T00:00:00
db:	NVD	id:	CVE-2008-2171	date:	2008-05-13T22:20:00