Cisco CBOS large DHCP packet denial of service
| cisco-cbos-dhcp-dos (9151) |  Medium Risk |
Description:
Cisco 600 series routers running CBOS (Cisco Broadband Operating System) is vulnerable to a denial of service attack, caused by improper handling of packets sent to the Dynamic Host Configuration Protocol (DHCP) port. A remote attacker could send a large packet to the DHCP port, which is enabled by default, to cause the customer premises equipment (CPE) to stop functioning.
Consequences:
Denial of Service
Remedy:
Upgrade to the latest version of CBOS (2.4.5 or later), as listed in Cisco Security Advisory: CBOS - Improving Resilience to Denial-of-Service Attacks. See References.
References:
- Cisco Security Notice 2004 March 27 19:30 UTC: Exploit for Multiple Cisco Vulnerabilities.
- Cisco Systems Inc. Security Advisory, 2004 March 29 01:00 GMT: CBOS - Improving Resilience to Denial-of-Service Attacks.
- SecuriTeam Mailing List, Security Holes & Exploits 25 Mar 2004: Multiple Cisco Exploit Codes.
- BID-4813: Cisco CBOS Oversized Packet DHCP Denial Of Service Vulnerability
- BID-4814: Cisco CBOS Telnet Denial of Service Vulnerability
- BID-4815: Cisco Broadband Operating System TCP/IP Stack Denial of Service Vulnerability
- CVE-2002-0886: Cisco DSL CPE devices running CBOS 2.4.4 and earlier allows remote attackers to cause a denial of service (hang or memory consumption) via (1) a large packet to the DHCP port, (2) a large packet to the Telnet port, or (3) a flood of large packets to the CPE, which causes the TCP/IP stack to consume large amounts of memory.
- OSVDB ID: 8861: Cisco DSL CPE Multiple Service Large Packet DoS
Platforms Affected:
- Cisco Broadband Operating System 2.0.1
- Cisco Broadband Operating System 2.1.0
- Cisco Broadband Operating System 2.1.0A
- Cisco Broadband Operating System 2.2.0
- Cisco Broadband Operating System 2.2.1
- Cisco Broadband Operating System 2.2.1A
- Cisco Broadband Operating System 2.3
- Cisco Broadband Operating System 2.3.053
- Cisco Broadband Operating System 2.3.2
- Cisco Broadband Operating System 2.3.5
- Cisco Broadband Operating System 2.3.5.015
- Cisco Broadband Operating System 2.3.7
- Cisco Broadband Operating System 2.3.7.002
- Cisco Broadband Operating System 2.3.8
- Cisco Broadband Operating System 2.3.9
- Cisco Broadband Operating System 2.4.1
- Cisco Broadband Operating System 2.4.2
- Cisco Broadband Operating System 2.4.2AP
- Cisco Broadband Operating System 2.4.2B
- Cisco Broadband Operating System 2.4.3
- Cisco Broadband Operating System 2.4.4
Reported:
May 23, 2002
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this