Sign-up

ID

VAR-200805-0300


CVE

CVE-2008-2173


TITLE

Yamaha Service disruption in routers (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2008-005778

DESCRIPTION

Unspecified vulnerability in Yamaha routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, leading to route flapping, possibly a related issue to CVE-2007-6372. Yamaha Router disturbs service operation ( Session drop ) There is a vulnerability that becomes a condition. Multiple vendors' BGP implementations are prone to a remote denial-of-service vulnerability that arises when the software handles specially crafted BGP packets. It has been assigned its own record because details regarding what technologies are vulnerable and how the various vendors have implemented BGP are not currently available. As more information emerges, we will create individual records to further document the vulnerability for the various vulnerable technologies. AlaxalA Networks AX series and Hitachi GR series are reported vulnerable to this issue. Unspecified technologies from Avici Systems, Inc., Century Systems Inc., and Yamaha Corporation are also reported vulnerable. Juniper Networks Juniper Junos is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware system. The operating system provides a secure programming interface and Junos SDK. There is a loophole in the implementation of the BGP protocol in JUNOS, and a remote attacker may take advantage of this loophole. ---------------------------------------------------------------------- Secunia Network Software Inspector 2.0 (NSI) - Public Beta The Public Beta has ended. Thanks to all that participated. Learn more: http://secunia.com/network_software_inspector_2/ ---------------------------------------------------------------------- TITLE: ALAXALA Networks AX Series BGP UPDATE Message Processing Denial of Service SECUNIA ADVISORY ID: SA30054 VERIFY ADVISORY: http://secunia.com/advisories/30054/ CRITICAL: Moderately critical IMPACT: DoS WHERE: >From remote OPERATING SYSTEM: ALAXALA Networks AX7800S Series http://secunia.com/product/5125/ ALAXALA Networks AX7800R Series http://secunia.com/product/5124/ ALAXALA Networks AX7700R http://secunia.com/product/11176/ ALAXALA Networks AX5400S Series http://secunia.com/product/5126/ ALAXALA Networks AX3600S Series http://secunia.com/product/11174/ ALAXALA Networks AX2400S Series http://secunia.com/product/11175/ ALAXALA Networks AX2000R Series http://secunia.com/product/11177/ DESCRIPTION: A vulnerability has been reported in ALAXALA Networks AX series, which can be exploited by malicious people to cause a DoS (Denial of Service). SOLUTION: Restrict network access on affected systems. PROVIDED AND/OR DISCOVERED BY: Reported via US-CERT. ORIGINAL ADVISORY: US-CERT VU#929656: http://www.kb.cert.org/vuls/id/929656 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.16

sources: NVD: CVE-2008-2173 // JVNDB: JVNDB-2008-005778 // BID: 28999 // VULHUB: VHN-32298 // PACKETSTORM: 66123 // PACKETSTORM: 66130

AFFECTED PRODUCTS

vendor:yamahamodel:routerscope: - version: -

Trust: 1.4

vendor:yamahamodel:routerscope:eqversion:*

Trust: 1.0

vendor:hitachimodel:gr4000scope: - version: -

Trust: 0.3

vendor:hitachimodel:gr3000scope: - version: -

Trust: 0.3

vendor:hitachimodel:gr2000-bhscope: - version: -

Trust: 0.3

vendor:hitachimodel:gr2000-2b+scope: - version: -

Trust: 0.3

vendor:hitachimodel:gr2000-2bscope: - version: -

Trust: 0.3

vendor:hitachimodel:gr2000-1bscope: - version: -

Trust: 0.3

vendor:hitachimodel:alaxala axscope: - version: -

Trust: 0.3

vendor:alaxalamodel:networks ax7800sscope: - version: -

Trust: 0.3

vendor:alaxalamodel:networks ax7800rscope: - version: -

Trust: 0.3

vendor:alaxalamodel:networks ax7700rscope:eqversion:0

Trust: 0.3

vendor:alaxalamodel:networks ax5400sscope: - version: -

Trust: 0.3

vendor:alaxalamodel:networks ax3600sscope:eqversion:0

Trust: 0.3

vendor:alaxalamodel:networks ax2400sscope:eqversion:0

Trust: 0.3

vendor:alaxalamodel:networks ax2000rscope:eqversion:0

Trust: 0.3

sources: BID: 28999 // JVNDB: JVNDB-2008-005778 // CNNVD: CNNVD-200805-128 // NVD: CVE-2008-2173

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2008-2173
value: HIGH

Trust: 1.0

NVD: CVE-2008-2173
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200805-128
value: HIGH

Trust: 0.6

VULHUB: VHN-32298
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2008-2173
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-32298
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-32298 // JVNDB: JVNDB-2008-005778 // CNNVD: CNNVD-200805-128 // NVD: CVE-2008-2173

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-32298 // JVNDB: JVNDB-2008-005778 // NVD: CVE-2008-2173

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200805-128

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200805-128

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2008-005778

PATCH
title:Top Pageurl:http://jp.yamaha.com/products/network/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2008-005778

EXTERNAL IDS
db:CERT/CCid:VU#929656
Trust: 3.0
db:NVDid:CVE-2008-2173
Trust: 2.8
db:BIDid:28999
Trust: 2.0
db:JVNDBid:JVNDB-2008-005778
Trust: 0.8
db:CNNVDid:CNNVD-200805-128
Trust: 0.7
db:SECUNIAid:30054
Trust: 0.2
db:SECUNIAid:30028
Trust: 0.2
db:VULHUBid:VHN-32298
Trust: 0.1
db:PACKETSTORMid:66123
Trust: 0.1
db:PACKETSTORMid:66130
Trust: 0.1
sources:
            
            
            VULHUB: VHN-32298 // 
            
            
            
            BID: 28999 // 
            
            
            
            JVNDB: JVNDB-2008-005778 // 
            
            
            
            PACKETSTORM: 66123 // 
            
            
            
            PACKETSTORM: 66130 // 
            
            
            
            CNNVD: CNNVD-200805-128 // 
            
            
            
            NVD: CVE-2008-2173

REFERENCES
url:http://www.kb.cert.org/vuls/id/929656
Trust: 3.0
url:http://www.securityfocus.com/bid/28999
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-2173
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-2173
Trust: 0.8
url:http://secunia.com/secunia_security_advisories/
Trust: 0.2
url:http://secunia.com/network_software_inspector_2/
Trust: 0.2
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.2
url:http://secunia.com/about_secunia_advisories/
Trust: 0.2
url:http://secunia.com/product/5126/
Trust: 0.1
url:http://secunia.com/product/11176/
Trust: 0.1
url:http://secunia.com/product/11174/
Trust: 0.1
url:http://secunia.com/product/11177/
Trust: 0.1
url:http://secunia.com/advisories/30054/
Trust: 0.1
url:http://secunia.com/product/5125/
Trust: 0.1
url:http://secunia.com/product/11175/
Trust: 0.1
url:http://secunia.com/product/5124/
Trust: 0.1
url:http://secunia.com/advisories/30028/
Trust: 0.1
url:http://secunia.com/product/5131/
Trust: 0.1
url:http://secunia.com/product/5129/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-32298 // 
            
            
            
            BID: 28999 // 
            
            
            
            JVNDB: JVNDB-2008-005778 // 
            
            
            
            PACKETSTORM: 66123 // 
            
            
            
            PACKETSTORM: 66130 // 
            
            
            
            CNNVD: CNNVD-200805-128 // 
            
            
            
            NVD: CVE-2008-2173

CREDITS
Juniper Networks
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200805-128

SOURCES
db:VULHUBid:VHN-32298
db:BIDid:28999
db:JVNDBid:JVNDB-2008-005778
db:PACKETSTORMid:66123
db:PACKETSTORMid:66130
db:CNNVDid:CNNVD-200805-128
db:NVDid:CVE-2008-2173

LAST UPDATE DATE
2024-11-23T21:48:34.029000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-32298date:2008-09-05T00:00:00
db:BIDid:28999date:2016-07-06T14:17:00
db:JVNDBid:JVNDB-2008-005778date:2012-12-20T00:00:00
db:CNNVDid:CNNVD-200805-128date:2008-09-05T00:00:00
db:NVDid:CVE-2008-2173date:2024-11-21T00:46:15.090

SOURCES RELEASE DATE
db:VULHUBid:VHN-32298date:2008-05-13T00:00:00
db:BIDid:28999date:2008-05-01T00:00:00
db:JVNDBid:JVNDB-2008-005778date:2012-12-20T00:00:00
db:PACKETSTORMid:66123date:2008-05-08T17:30:50
db:PACKETSTORMid:66130date:2008-05-08T17:30:50
db:CNNVDid:CNNVD-200805-128date:2007-12-14T00:00:00
db:NVDid:CVE-2008-2173date:2008-05-13T22:20:00