IOS Vulnerability reported by nessus

Unanswered Question
Dec 11th, 2007
User Badges:


I have a customer that has run a nessus vulnerability scan, and it reports that there is a dos risk on his 3750, even though the nessus report relates to winterm thin clients.


It was possible to crash the remote host by sending a specially crafted IP packet with a null length for IP option #0xE4

Risk Factor : High

CVE : CVE-2005-2577

BID : 7175, 14536

I am relativley new to security and have been unable to find any reference to this threat. Any help would be greatly appreciated.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
aghaznavi Tue, 12/18/2007 - 07:01
User Badges:
  • Silver, 250 points or more

May be remote host by sending a IP packet with a null length for IP option #0xE4

mhellman Tue, 12/18/2007 - 07:43
User Badges:
  • Blue, 1500 points or more

did the router crash or not? most vulnerability scanners have false positives and Nessus is certainly no exception. this clearly looks like one since a router is not a thin client device;-)

You can use hping to test to verify.

mlatham67 Tue, 12/18/2007 - 13:27
User Badges:


Thanks for the reply, the switch didn't crash he is just worried that it could, though all the info I can find relates to thin clients also. He is just very worried as this unit is actings right at his core for layer 3 on a major part of his network.

the IOS concerened is c3750-ipservices-mz.122-25.SEB4, but I cant see any bug on this that relates to altered packets.


This Discussion