Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4437

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-4437
Last Modified 07 Mar 2011 09:28:15
Published 20 Dec 2005 08:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-4437

Summary

MD5 Neighbor Authentication in Extended Interior Gateway Routing Protocol (EIGRP) 1.2, as implemented in Cisco IOS 11.3 and later, does not include the Message Authentication Code (MAC) in the checksum, which allows remote attackers to sniff message hashes and (1) replay EIGRP HELLO messages or (2) cause a denial of service by sending a large number of spoofed EIGRP neighbor announcements, which results in an ARP storm on the local network.

Vulnerable Systems

Application

  • Extended Interior Gateway Routing Protocol 1.2


References

VUPEN - ADV-2005-3008

BUGTRAQ - 20051220 Re: Unauthenticated EIGRP DoS

BUGTRAQ - 20051219 Authenticated EIGRP DoS / Information leak

FULLDISC - 20051220 RE: Authenticated EIGRP DoS / Information leak

BID - 15970

SECTRACK - 1015382

SREASON - 274


Last Updated: 27 May 2016 10:41:18