Vulnerabilities > CVE-2005-4436 - Remote Denial Of Service vulnerability in Cisco EIGRP Protocol Unauthenticated Goodbye Packet
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
COMPLETE Summary
Extended Interior Gateway Routing Protocol (EIGRP) 1.2, as implemented in Cisco IOS after 12.3(2), 12.3(3)B, and 12.3(2)T and other products, allows remote attackers to cause a denial of service by sending a "spoofed neighbor announcement" with (1) mismatched k values or (2) "goodbye message" Type-Length-Value (TLV).
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Oval
| accepted | 2008-09-08T04:00:24.411-04:00 | ||||
| class | vulnerability | ||||
| contributors |
| ||||
| description | Extended Interior Gateway Routing Protocol (EIGRP) 1.2, as implemented in Cisco IOS after 12.3(2), 12.3(3)B, and 12.3(2)T and other products, allows remote attackers to cause a denial of service by sending a "spoofed neighbor announcement" with (1) mismatched k values or (2) "goodbye message" Type-Length-Value (TLV). | ||||
| family | ios | ||||
| id | oval:org.mitre.oval:def:5454 | ||||
| status | accepted | ||||
| submitted | 2008-05-26T11:06:36.000-04:00 | ||||
| title | Cisco "EIGRP" Protocol "Goodbye Message" Packet Replay Vulnerability | ||||
| version | 3 |
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/040330.html
- http://marc.info/?l=full-disclosure&m=113504451523186&w=2
- http://securitytracker.com/id?1015382
- http://www.securityfocus.com/archive/1/419898/100/0/threaded
- http://www.securityfocus.com/bid/15978
- http://www.vupen.com/english/advisories/2005/3008
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5454