IOS Vulnerability reported by nessus

Unanswered Question
Dec 11th, 2007

Hi,

I have a customer that has run a nessus vulnerability scan, and it reports that there is a dos risk on his 3750, even though the nessus report relates to winterm thin clients.

Quote:

It was possible to crash the remote host by sending a specially crafted IP packet with a null length for IP option #0xE4

Risk Factor : High

CVE : CVE-2005-2577

BID : 7175, 14536



I am relativley new to security and have been unable to find any reference to this threat. Any help would be greatly appreciated.


Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
aghaznavi Tue, 12/18/2007 - 07:01

May be remote host by sending a IP packet with a null length for IP option #0xE4

mhellman Tue, 12/18/2007 - 07:43

did the router crash or not? most vulnerability scanners have false positives and Nessus is certainly no exception. this clearly looks like one since a router is not a thin client device;-)


You can use hping to test to verify.

mlatham67 Tue, 12/18/2007 - 13:27

Hi,


Thanks for the reply, the switch didn't crash he is just worried that it could, though all the info I can find relates to thin clients also. He is just very worried as this unit is actings right at his core for layer 3 on a major part of his network.

the IOS concerened is c3750-ipservices-mz.122-25.SEB4, but I cant see any bug on this that relates to altered packets.

Actions

This Discussion