Enterasys XSR-1800 Security Router Can Be Crashed By Remote Users With IP Record Route Option
|
|
SecurityTracker Alert ID: 1010641
|
|
SecurityTracker URL: http://securitytracker.com/id?1010641
|
|
CVE Reference: CAN-2004-0674
(Links to External Site)
|
Updated: Jul 15 2004
|
Original Entry Date: Jul 3 2004
|
Impact: Denial of service via network
|
Exploit Included: Yes
|
Version(s): XSR-1800; firmware 7.0.0.0
|
Description: A vulnerability was reported in the Enterasys XSR Security Router XSR-1800 series. A remote user can cause denial of service conditions.
Frederico Queiroz reported that a remote user can send a packet with the IP record route option set to cause the target device to
crash.
A demonstration exploit using hping (http://www.hping.org) is provided:
hping3 -1 -G www.uol.com.br
The vendor has
reportedly been notified.
|
Impact: A remote user can cause the target device to crash.
|
Solution: No solution was available at the time of this entry.
|
Vendor URL: www.enterasys.com/products/routing/XSR-18xx/ (Links to External Site)
|
Cause: Exception handling error
|
Reported By: "Frederico Queiroz" <fqueiroz@ish.com.br>
|
Message History:
None.
|
Source Message Contents
|
Date: Fri, 2 Jul 2004 15:00:50 -0300
From: "Frederico Queiroz" <fqueiroz@ish.com.br>
Subject: Enterasys XSR Security Routers DoS
|
Description: Enterasys XSR Security Routers crash when passing a packet
with the option record route.
System Vulnerable: This vulnerability was found in XSR-1800 series.
(firmware 7.0.0.0)
Proof-of-concept: I've used Hping (http://www.hping.org/) to perform
this example:
hping3 -1 -G www.uol.com.br
Vendor at Brazil was informed about this.
Frederico Queiroz
Security Consultant/ISH Tecnologia
Phone: +55-27-3334-8900
E-mail: fqueiroz@ish.com.br
|
|
