CVE-2004-1454
CVSS5.0
发布时间 :2004-12-31 00:00:00
修订时间 :2008-09-05 16:41:25
NMCO    

[原文]Cisco IOS 12.0S, 12.2, and 12.3, with Open Shortest Path First (OSPF) enabled, allows remote attackers to cause a denial of service (device reload) via a malformed OSPF packet.


[CNNVD]Cisco IOS畸形OSPF包远程拒绝服务漏洞(CNNVD-200412-393)

        
        Cisco IOS是运行于很多Cisco设备操作系统。
        Cisco IOS处理畸形OSPF包时存在问题,远程攻击者可以利用这个漏洞使设备重载,产生拒绝服务。
        OSPF是RFC 2328定义的路由协议,设计用于管理AS内的IP路由。部分CISCO IOS在处理OSPF包时存在一个漏洞,可导致系统重载。要成功利用此漏洞攻击者必须知道配置在接口上的几个参数,如OSPF Area号码、Netmask、hello和dead timers。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:cisco:ios:12.3%284%29t1Cisco IOS 12.3 (4)T1
cpe:/o:cisco:ios:12.2%2815%29bCisco IOS 12.2 (15)B
cpe:/o:cisco:ios:12.2%2818%29svCisco IOS 12.2 (18)SV
cpe:/o:cisco:ios:12.2%2811%29yvCisco IOS 12.2(11)YV
cpe:/o:cisco:ios:12.0%2822%29sCisco IOS 12.0 (22)S
cpe:/o:cisco:ios:12.2%2811%29yuCisco IOS 12.2 (11)YU
cpe:/o:cisco:ios:12.3%282%29xc3Cisco IOS 12.3 (2)XC3
cpe:/o:cisco:ios:12.3%282%29t3Cisco IOS 12.3 (2)T3
cpe:/o:cisco:ios:12.3%285%29b1Cisco IOS 12.3 (5)B1
cpe:/o:cisco:ios:12.3%284%29xdCisco IOS 12.3 (4)XD
cpe:/o:cisco:ios:12.2%2815%29zlCisco IOS 12.2 (15)ZL
cpe:/o:cisco:ios:12.2%2818%29swCisco IOS 12.2 (18)SW
cpe:/o:cisco:ios:12.0%2822%29s5Cisco IOS 12.0 (22)S5
cpe:/o:cisco:ios:12.3%285b%29Cisco IOS 12.3 (5b)
cpe:/o:cisco:ios:12.3%284%29eo1Cisco IOS 12.3 (4)EO1
cpe:/o:cisco:ios:12.2%2813%29zhCisco IOS 12.2 (13)ZH
cpe:/o:cisco:ios:12.3bCisco IOS 12.3B
cpe:/o:cisco:ios:12.2%2815%29bxCisco IOS 12.2 (15)BX
cpe:/o:cisco:ios:12.2%2815%29zj3Cisco IOS 12.2 (15)ZJ3
cpe:/o:cisco:ios:12.3%283e%29Cisco IOS 12.3 (3e)
cpe:/o:cisco:ios:12.3%285%29Cisco IOS 12.3(5)
cpe:/o:cisco:ios:12.2%2815%29mc1Cisco IOS 12.2 (15)MC1
cpe:/o:cisco:ios:12.3%282%29xc1Cisco IOS 12.3 (2)XC1
cpe:/o:cisco:ios:12.3%284%29xkCisco IOS 12.3 (4)XK
cpe:/o:cisco:ios:12.0%2822%29syCisco IOS 12.0 (22)SY
cpe:/o:cisco:ios:12.3%287.7%29Cisco IOS 12.3 (7.7)
cpe:/o:cisco:ios:12.3%284%29tCisco IOS 12.3 (4)T
cpe:/o:cisco:ios:12.3%282%29xc2Cisco IOS 12.3 (2)XC2
cpe:/o:cisco:ios:12.3%287%29tCisco IOS 12.3 (7)T
cpe:/o:cisco:ios:12.2%2815%29zj1Cisco IOS 12.2 (15)ZJ1
cpe:/o:cisco:ios:12.3xbCisco IOS 12.3XB
cpe:/o:cisco:ios:12.2%2814%29sz1Cisco IOS 12.2 (14)SZ1
cpe:/o:cisco:ios:12.2%2813%29zeCisco IOS 12.2 (13)ZE
cpe:/o:cisco:ios:12.2%2813%29zfCisco IOS 12.2 (13)ZF
cpe:/o:cisco:ios:12.2%2813%29zgCisco IOS 12.2 (13)ZG
cpe:/o:cisco:ios:12.3bwCisco IOS 12.3BW
cpe:/o:cisco:ios:12.0%2822%29s4Cisco IOS 12.0 (22)S4
cpe:/o:cisco:ios:12.2%2815%29bc1Cisco IOS 12.2 (15)BC1
cpe:/o:cisco:ios:12.2%2813%29zdCisco IOS 12.2 (13)ZD
cpe:/o:cisco:ios:12.3%286%29Cisco IOS 12.3 (6)
cpe:/o:cisco:ios:12.3xcCisco IOS 12.3XC
cpe:/o:cisco:ios:12.3%284%29t4Cisco IOS 12.3 (4)T4
cpe:/o:cisco:ios:12.3Cisco IOS 12.3
cpe:/o:cisco:ios:12.2%2815%29zjCisco IOS 12.2(15)ZJ
cpe:/o:cisco:ios:12.2%2815%29zj2Cisco IOS 12.2 (15)ZJ2
cpe:/o:cisco:ios:12.2%2818%29ewCisco IOS 12.2 (18)EW
cpe:/o:cisco:ios:12.2%2815%29zkCisco IOS 12.2 (15)ZK
cpe:/o:cisco:ios:12.3%284%29xg1Cisco IOS 12.3 (4)XG1
cpe:/o:cisco:ios:12.3%286a%29Cisco IOS 12.3 (6a)
cpe:/o:cisco:ios:12.3tCisco IOS 12.3T
cpe:/o:cisco:ios:12.3%285c%29Cisco IOS 12.3 (5c)
cpe:/o:cisco:ios:12.2%2815%29zl1Cisco IOS 12.2 (15)ZL1
cpe:/o:cisco:ios:12.3%285a%29Cisco IOS 12.3 (5a)
cpe:/o:cisco:ios:12.3%284%29xd1Cisco IOS 12.3 (4)XD1
cpe:/o:cisco:ios:12.3xaCisco IOS 12.3XA
cpe:/o:cisco:ios:12.3%285a%29bCisco IOS 12.3 (5a)b
cpe:/o:cisco:ios:12.3%284%29t2Cisco IOS 12.3 (4)T2
cpe:/o:cisco:ios:12.3%284%29t3Cisco IOS 12.3 (4)T3
cpe:/o:cisco:ios:12.2%2815%29bzCisco IOS 12.2 (15)BZ
cpe:/o:cisco:ios:12.2%2815%29t5Cisco IOS 12.2 (15)T5
cpe:/o:cisco:ios:12.3%289%29Cisco IOS 12.3 (9)
cpe:/o:cisco:ios:12.2%2818%29seCisco IOS 12.2 (18)SE
cpe:/o:cisco:ios:12.3%284%29xhCisco IOS 12.3 (4)XH
cpe:/o:cisco:ios:12.2%2814%29sz2Cisco IOS 12.2 (14)SZ2
cpe:/o:cisco:ios:12.3%281a%29Cisco IOS 12.3 (1a)
cpe:/o:cisco:ios:12.3%284%29xqCisco IOS 12.3 (4)XQ
cpe:/o:cisco:ios:12.0%2823%29sxCisco IOS 12.0 (23)SX
cpe:/o:cisco:ios:12.2%2815%29znCisco IOS 12.2 (15)ZN
cpe:/o:cisco:ios:12.2%2815%29zoCisco IOS 12.2 (15)ZO
cpe:/o:cisco:ios:12.2%2815%29tCisco IOS 12.2 (15)T
cpe:/o:cisco:ios:12.3xeCisco IOS 12.3XE
cpe:/o:cisco:ios:12.2%2815%29bcCisco IOS 12.2 (15)BC
cpe:/o:cisco:ios:12.3%284%29xd2Cisco IOS 12.3 (4)XD2
cpe:/o:cisco:ios:12.2%2818%29sCisco IOS 12.2 (18)S
cpe:/o:cisco:ios:12.2%2815%29cxCisco IOS 12.2 (15)CX
cpe:/o:cisco:ios:12.0%2823%29szCisco IOS 12.0 (23)SZ
cpe:/o:cisco:ios:12.2%2814%29szCisco IOS 12.2 (14)SZ

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1454
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-1454
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200412-393
(官方数据源) CNNVD

- 其它链接及资源

http://www.kb.cert.org/vuls/id/989406
(VENDOR_ADVISORY)  CERT-VN  VU#989406
http://xforce.iss.net/xforce/xfdb/17033
(UNKNOWN)  XF  cisco-ios-ospf-dos(17033)
http://www.securityfocus.com/bid/10971
(UNKNOWN)  BID  10971
http://www.cisco.com/warp/public/707/cisco-sa-20040818-ospf.shtml
(VENDOR_ADVISORY)  CISCO  20040818 Cisco IOS Malformed OSPF Packet Causes Reload
http://www.ciac.org/ciac/bulletins/o-199.shtml
(VENDOR_ADVISORY)  CIAC  O-199
http://secunia.com/advisories/12322
(UNKNOWN)  SECUNIA  12322

- 漏洞信息

Cisco IOS畸形OSPF包远程拒绝服务漏洞
中危 其他
2004-12-31 00:00:00 2005-10-20 00:00:00
远程  
        
        Cisco IOS是运行于很多Cisco设备操作系统。
        Cisco IOS处理畸形OSPF包时存在问题,远程攻击者可以利用这个漏洞使设备重载,产生拒绝服务。
        OSPF是RFC 2328定义的路由协议,设计用于管理AS内的IP路由。部分CISCO IOS在处理OSPF包时存在一个漏洞,可导致系统重载。要成功利用此漏洞攻击者必须知道配置在接口上的几个参数,如OSPF Area号码、Netmask、hello和dead timers。
        

- 公告与补丁

        厂商补丁:
        Cisco
        -----
        Cisco已经为此发布了一个安全公告(cisco-sa-20040818-ospf)以及相应补丁:
        cisco-sa-20040818-ospf:Cisco IOS Malformed OSPF Packet Causes Reload
        链接:
        http://www.cisco.com/warp/public/707/cisco-sa-20040818-ospf.shtml

        用户可以联系供应商获得补丁信息。
        拥有服务合同的客户必须连接他们常规升级渠道获得由此公告指定的免费升级软件。对于大多数拥有服务合同的客户,这意味着升级必须通过CISCO全球WEB站软件中心获得:
        
        http://www.cisco.com/tacpage/sw-center

        要访问此下载URL,你必须是注册用户和必须登录后才能使用。
        事先或目前与第三方支持组织,如Cisco合作伙伴、授权零售商或服务商之间已有协议,由第三方组织提供Cisco产品或技术支持的用户可免费获得升级支持。
        直接从Cisco购买产品但没有Cisco服务合同的用户和由第三方厂商购买产品但无法从销售方获得已修复软件的用户可从Cisco技术支持中心(TAC)获取升级软件。TAC联系方法:
         * +1 800 553 2447 (北美地区免话费)
         * +1 408 526 7209 (全球收费)
         * e-mail: tac@cisco.com
        
        查看
        http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml
获取额外的TAC联系信息,包括特别局部的电话号码,各种语言的指南和EMAIL地址。

- 漏洞信息

9009
Cisco IOS OSPF Packet Handling DoS
Remote / Network Access Denial of Service, Input Manipulation
Loss of Availability

- 漏洞描述

Cisco IOS contains a flaw that may allow a remote denial of service. The issue is triggered when a specially crafted OSPF packet is sent to a device running IOS. The attack requires OSPF to be enabled and knowledge of the device's OSPF area number, netmask, hello, and dead timers, and will result in loss of availability for the platform.

- 时间线

2004-08-18 Unknow
Unknow Unknow

- 解决方案

Upgrade to version indicated in Cisco IOS version matrix or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站