504751 : vulnerability in Cisco SGBP service

Risk 4 : Miscellaneous

A remote attacker could create a denial of service on the router.

The Cisco Internetwork Operating System (IOS) is the operating system used by Cisco routers.

Cisco devices support Multichassis Multilink PPP (MMP), which provides the ability to split and recombine packets across a logical pipe formed by multiple links. The Stack Group Bidding Protocol (SGBP) is a subcomponent of MMP. It listens on UDP port 9900.

01/25/06 CVE 2006-0340 A specially crafted UDP packet sent to the SGBP service could cause the device to freeze and eventually reset, leading to a denial of service. Cisco IOS 12.0 through 12.4 are affected by this vulnerability if SGBP is enabled.

For more information, see http://www.cisco.com/warp/public/707/cisco-sa-20060118-sgbp.shtml Cisco Security Advisory 20060118-sgbp.

Solution:

Upgrade to one of the versions which is reported to be fixed according to Cisco Security Advisory http://www.cisco.com/warp/public/707/cisco-sa-20060118-sgbp.shtml 20060118-sgbp.

References:
CVSS Information:
Complete Availability Impact
Credit:
Saint Coorporation : 2010-04-02
New Search
Keywords
Risk Factor
Start Date
End Date
Browse