Cisco IOS SGBP UDP packet denial of service
| cisco-ios-sgbp-dos (24182) |  Medium Risk |
Description:
Multiple Cisco devices running Cisco Internetwork Operating System Software (IOS) with the Stack Group Bidding Protocol (SGBP) enabled, are vulnerable to a denial of service attack. If a remote attacker sends a specially-crafted UDP packet to port 9900 on an affected device, the attacker could cause the device to stop responding until the system watchdog timer initiates a reset of the device.
Consequences:
Denial of Service
Remedy:
Refer to Cisco Security Advisory cisco-sa-20060118-sgbp for upgrade or workaround information. See References.
References:
- cisco-sa-20060118-sgbp: Cisco Security Advisory: IOS Stack Group Bidding Protocol Crafted Packet DoS.
- BID-16303: Cisco IOS SGBP Remote Denial of Service Vulnerability
- CVE-2006-0340: Unspecified vulnerability in Stack Group Bidding Protocol (SGBP) support in Cisco IOS 12.0 through 12.4 running on various Cisco products, when SGBP is enabled, allows remote attackers on the local network to cause a denial of service (device hang and network traffic loss) via a crafted UDP packet to port 9900.
- OSVDB ID: 22624: Cisco IOS MMP Stack Group Bidding Protocol (SGBP) Crafted UDP Packet Remote DoS
- SA18490: Cisco IOS Stack Group Bidding Protocol Denial of Service
- SECTRACK ID: 1015501: Cisco IOS Stack Group Bidding Protocol Lets Remote Users Deny Service
- VUPEN/ADV-2006-0248: Cisco IOS Stack Group Bidding Protocol Denial of Service Vulnerability
Platforms Affected:
- Cisco IOS 12.0
- Cisco IOS 12.0S
- Cisco IOS 12.0SC
- Cisco IOS 12.0T
- Cisco IOS 12.0XA
- Cisco IOS 12.0XC
- Cisco IOS 12.0XD
- Cisco IOS 12.0XE
- Cisco IOS 12.0XG
- Cisco IOS 12.0XH
- Cisco IOS 12.0XI
- Cisco IOS 12.0XJ
- Cisco IOS 12.0XK
- Cisco IOS 12.0XL
- Cisco IOS 12.0XN
- Cisco IOS 12.0XR
- Cisco IOS 12.1
- Cisco IOS 12.1AA
- Cisco IOS 12.1E
- Cisco IOS 12.1EC
- Cisco IOS 12.1EX
- Cisco IOS 12.1EZ
- Cisco IOS 12.1GA
- Cisco IOS 12.1GB
- Cisco IOS 12.1T
- Cisco IOS 12.1XA
- Cisco IOS 12.1XD
- Cisco IOS 12.1XI
- Cisco IOS 12.1XL
- Cisco IOS 12.1XM
- Cisco IOS 12.1XQ
- Cisco IOS 12.1XS
- Cisco IOS 12.1XU
- Cisco IOS 12.1XW
- Cisco IOS 12.1XX
- Cisco IOS 12.1XY
- Cisco IOS 12.1XZ
- Cisco IOS 12.1YA
- Cisco IOS 12.1YB
- Cisco IOS 12.1YD
- Cisco IOS 12.2
- Cisco IOS 12.2B
- Cisco IOS 12.2BC
- Cisco IOS 12.2BW
- Cisco IOS 12.2BY
- Cisco IOS 12.2CX
- Cisco IOS 12.2DD
- Cisco IOS 12.2DX
- Cisco IOS 12.2MC
- Cisco IOS 12.2S
- Cisco IOS 12.2SU
- Cisco IOS 12.2SY
- Cisco IOS 12.2SZ
- Cisco IOS 12.2T
- Cisco IOS 12.2XA
- Cisco IOS 12.2XB
- Cisco IOS 12.2XC
- Cisco IOS 12.2XF
- Cisco IOS 12.2XG
- Cisco IOS 12.2XK
- Cisco IOS 12.2XL
- Cisco IOS 12.2XS
- Cisco IOS 12.2XV
- Cisco IOS 12.2YD
- Cisco IOS 12.2YE
- Cisco IOS 12.2YN
- Cisco IOS 12.2YT
- Cisco IOS 12.2YW
- Cisco IOS 12.2YX
- Cisco IOS 12.2YY
- Cisco IOS 12.2YZ
- Cisco IOS 12.2ZA
- Cisco IOS 12.2ZB
- Cisco IOS 12.2ZD
- Cisco IOS 12.2ZE
- Cisco IOS 12.2ZJ
- Cisco IOS 12.2ZN
- Cisco IOS 12.3
- Cisco IOS 12.3B
- Cisco IOS 12.3BC
- Cisco IOS 12.3BW
- Cisco IOS 12.3T
- Cisco IOS 12.3XB
- Cisco IOS 12.3XD
- Cisco IOS 12.3XF
- Cisco IOS 12.3XH
- Cisco IOS 12.3XI
- Cisco IOS 12.3XJ
- Cisco IOS 12.3XM
- Cisco IOS 12.3XQ
- Cisco IOS 12.3XU
- Cisco IOS 12.3XW
- Cisco IOS 12.3YF
- Cisco IOS 12.3YG
- Cisco IOS 12.3YJ
- Cisco IOS 12.3YK
- Cisco IOS 12.3YM
- Cisco IOS 12.3YQ
- Cisco IOS 12.3YS
- Cisco IOS 12.3YT
- Cisco IOS 12.3YU
- Cisco IOS 12.3YX
- Cisco IOS 12.4MR
- Cisco IOS 12.4T
- Cisco IOS 12.4XA
- Cisco IOS 12.4XB
Reported:
Jan 18, 2006
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net