IOS Vulnerability reported by nessus

mlatham67 · ‎12-11-2007

Hi,

I have a customer that has run a nessus vulnerability scan, and it reports that there is a dos risk on his 3750, even though the nessus report relates to winterm thin clients.

Quote:

It was possible to crash the remote host by sending a specially crafted IP packet with a null length for IP option #0xE4

Risk Factor : High

CVE : CVE-2005-2577

BID : 7175, 14536

I am relativley new to security and have been unable to find any reference to this threat. Any help would be greatly appreciated.

Thanks

aghaznavi · ‎12-18-2007

May be remote host by sending a IP packet with a null length for IP option #0xE4

mhellman · ‎12-18-2007

did the router crash or not? most vulnerability scanners have false positives and Nessus is certainly no exception. this clearly looks like one since a router is not a thin client device;-)

You can use hping to test to verify.

mlatham67 · ‎12-18-2007

Hi,

Thanks for the reply, the switch didn't crash he is just worried that it could, though all the info I can find relates to thin clients also. He is just very worried as this unit is actings right at his core for layer 3 on a major part of his network.

the IOS concerened is c3750-ipservices-mz.122-25.SEB4, but I cant see any bug on this that relates to altered packets.