var-200803-0034
Vulnerability from variot
Unspecified vulnerability in the Supervisor Engine 32 (Sup32), Supervisor Engine 720 (Sup720), and Route Switch Processor 720 (RSP720) for multiple Cisco products, when using Multi Protocol Label Switching (MPLS) VPN and OSPF sham-link, allows remote attackers to cause a denial of service (blocked queue, device restart, or memory leak) via unknown vectors. An attacker can exploit this issue to prevent any traffic from entering affected devices, causing denial-of-service conditions for legitimate users. The following devices are affected: Cisco Catalyst 6500 Series devices with the Sup32, Sup720, Sup720-3B, or Sup720-3BXL Cisco 7600 Series devices with the Sup32, Sup720, Sup720-3B, or Sup720-3BXL Cisco 7600 Series devices with the RSP720, RSP720-3C, or RSP720-3CXL Cisco ME 6524 Ethernet Switch Some Cisco IOS branches based on 12.2 are vulnerable only when combined with hardware based on specific Catalyst Supervisor Engines (Sup32, Sup720, or RSP720) and configured with MPLS VPN and OSPF sham-link. NOTE: OSPF and MPLS VPN are not enabled by default. Cisco IOS is the Internet operating system used in Cisco networking equipment. In addition to possibly blocked interface queues, devices may also experience memory leaks or reboots. In the case of a memory leak, the device cannot forward traffic once it has exhausted the available memory. ----------------------------------------------------------------------
A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched.
The vulnerability is caused due to an unspecified error in the handling of certain packets and can be exploited to cause a blocked interface input queue, a memory leak, or a restart of the device.
PROVIDED AND/OR DISCOVERED BY: Reported to the vendor by a customer.
ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20080326-queue.shtml
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA08-087B
Cisco Updates for Multiple Vulnerabilities
Original release date: March 27, 2007 Last revised: -- Source: US-CERT
Systems Affected
* Cisco IOS
Overview
Cisco has released Cisco Security Advisory cisco-sa-20080326-bundle to correct multiple vulnerabilities affecting Cisco IOS. Attackers could exploit these vulnerabilities to access sensitive information or cause a denial of service.
I. Description
Cisco Security Advisory cisco-sa-20080326-bundle addresses a number of vulnerabilities affecting Cisco IOS 12.0, 12.1, 12.2, 12.3, and 12.4. Further details are available in the US-CERT Vulnerability Notes Database.
II. Impact
The impacts of these vulnerabilities vary. Potential consequences include disclosure of sensitive information and denial of service.
III. Solution
Upgrade
These vulnerabilities are addressed in Cisco Security Advisory cisco-sa-20080326-bundle.
IV. References
* US-CERT Vulnerability Notes -
<http://www.kb.cert.org/vuls/byid?searchview&query=cisco-sa-20080326-bundle>
* Cisco Security Advisory cisco-sa-20080326-bundle -
<http://www.cisco.com/warp/public/707/cisco-sa-20080326-bundle.shtml>
* Cisco Security Advisory: Cisco IOS Virtual Private Dial-up Network
Denial of Service Vulnerability -
<http://www.cisco.com/warp/public/707/cisco-sa-20080326-pptp.shtml>
* Cisco Security Advisory: Multiple DLSw Denial of Service
Vulnerabilities in Cisco IOS -
<http://www.cisco.com/warp/public/707/cisco-sa-20080326-dlsw.shtml>
* Cisco Security Advisory: Cisco IOS User Datagram Protocol Delivery
Issue For IPv4/IPv6 Dual-stack Routers -
<http://www.cisco.com/warp/public/707/cisco-sa-20080326-IPv4IPv6.shtml>
* Cisco Security Advisory: Vulnerability in Cisco IOS with OSPF,
MPLS VPN, and Supervisor 32, Supervisor 720, or Route Switch
Processor 720 -
<http://www.cisco.com/warp/public/707/cisco-sa-20080326-queue.shtml>
* Cisco Security Advisory: Cisco IOS Multicast Virtual Private
Network (MVPN) Data Leak -
<http://www.cisco.com/warp/public/707/cisco-sa-20080326-mvpn.shtml>
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA08-087B.html>
Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA08-087B Feedback VU#936177" in the subject.
For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.
Produced 2008 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
Revision History
March 27, 2008: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBR+vjW/RFkHkM87XOAQLjnQf+PgUTq9wrF8th28Ur2qUgViOGFbNOzwbp 1Awp1ygPnGsT2BVBdwo7ugfuQXMHiz8rnG/7Ovf5prr3FjI6I/3XRMFTpS/ZmF1W m0e6H+vhJSmvJp02a4X9Rzm8Rq9jYda7SJHAFiiblxMSKOuOn2bKpOPxyrhnZmcA UsuFp5A4mHoMqi4LWO0XqCTBzC1r3myx9j3dVg0yJ0LuIvYWUoqOsHI1ywG+ryLO MfSbpvFgbfU5pn3e61hS++oIpOjmlLuRdu1o/2vHizqcUSfhKx2ccdOUG0c2Opr/ oabL6WpJHRePXbz1jdOPHGVPVH/6OVVSr+L2Ug1Qd8hBLwwbcfGweQ== =pX05 -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200803-0034",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "me 6524 ethernet switch",
"scope": null,
"trust": 1.4,
"vendor": "cisco",
"version": null
},
{
"model": "route switch processor",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "rsp720"
},
{
"model": "supervisor engine",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "sup32"
},
{
"model": "supervisor engine",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "sup720"
},
{
"model": "7500 series",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "catalyst 6500 series",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "catalyst 6500",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "7600 router",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "me6524",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "ios 12.2zu",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2sxe",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2sxd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2sxb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2sxa",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2sra",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2ixe",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2ixd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2ixc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2ixb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2ixa",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "catalyst sup720-3bxl",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6500"
},
{
"model": "catalyst sup720-3b",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6500"
},
{
"model": "catalyst sup720",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6500"
},
{
"model": "catalyst sup32",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6500"
},
{
"model": "sup720-3bxl",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7600"
},
{
"model": "sup720-3b",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7600"
},
{
"model": "sup720",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7600"
},
{
"model": "sup32",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7600"
},
{
"model": "rsp720-3cxl",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7600"
},
{
"model": "rsp720-3c",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7600"
},
{
"model": "rsp720",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7600"
},
{
"model": "ios 12.2sxh",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2sxf",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2ixf",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 sxh2",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 sra7",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 sra4",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 sxf13",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "28463"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001244"
},
{
"db": "NVD",
"id": "CVE-2008-0537"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-436"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:7600_router:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:catalyst_6500:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:me_6524_ethernet_switch:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:route_switch_processor:rsp720:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:supervisor_engine:sup32:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:supervisor_engine:sup720:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2008-0537"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Security bulletin",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200803-436"
}
],
"trust": 0.6
},
"cve": "CVE-2008-0537",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.1,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2008-0537",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-30662",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2008-0537",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200803-436",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-30662",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-30662"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001244"
},
{
"db": "NVD",
"id": "CVE-2008-0537"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-436"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the Supervisor Engine 32 (Sup32), Supervisor Engine 720 (Sup720), and Route Switch Processor 720 (RSP720) for multiple Cisco products, when using Multi Protocol Label Switching (MPLS) VPN and OSPF sham-link, allows remote attackers to cause a denial of service (blocked queue, device restart, or memory leak) via unknown vectors. \nAn attacker can exploit this issue to prevent any traffic from entering affected devices, causing denial-of-service conditions for legitimate users. \nThe following devices are affected:\nCisco Catalyst 6500 Series devices with the Sup32, Sup720, Sup720-3B, or Sup720-3BXL\nCisco 7600 Series devices with the Sup32, Sup720, Sup720-3B, or Sup720-3BXL\nCisco 7600 Series devices with the RSP720, RSP720-3C, or RSP720-3CXL\nCisco ME 6524 Ethernet Switch\nSome Cisco IOS branches based on 12.2 are vulnerable only when combined with hardware based on specific Catalyst Supervisor Engines (Sup32, Sup720, or RSP720) and configured with MPLS VPN and OSPF sham-link. \nNOTE: OSPF and MPLS VPN are not enabled by default. Cisco IOS is the Internet operating system used in Cisco networking equipment. In addition to possibly blocked interface queues, devices may also experience memory leaks or reboots. In the case of a memory leak, the device cannot forward traffic once it has exhausted the available memory. ----------------------------------------------------------------------\n\nA new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI\nhas been released. The new version includes many new and advanced\nfeatures, which makes it even easier to stay patched. \n\nThe vulnerability is caused due to an unspecified error in the\nhandling of certain packets and can be exploited to cause a blocked\ninterface input queue, a memory leak, or a restart of the device. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported to the vendor by a customer. \n\nORIGINAL ADVISORY:\nhttp://www.cisco.com/warp/public/707/cisco-sa-20080326-queue.shtml\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n National Cyber Alert System\n\n Technical Cyber Security Alert TA08-087B\n\n\nCisco Updates for Multiple Vulnerabilities\n\n Original release date: March 27, 2007\n Last revised: --\n Source: US-CERT\n\n\nSystems Affected\n\n * Cisco IOS\n\n\nOverview\n\n Cisco has released Cisco Security Advisory cisco-sa-20080326-bundle to\n correct multiple vulnerabilities affecting Cisco IOS. Attackers could\n exploit these vulnerabilities to access sensitive information\n or cause a denial of service. \n\n\nI. Description\n\n Cisco Security Advisory cisco-sa-20080326-bundle addresses\n a number of vulnerabilities affecting Cisco IOS 12.0, 12.1,\n 12.2, 12.3, and 12.4. Further details are available in the US-CERT\n Vulnerability Notes Database. \n\n\nII. Impact\n\n The impacts of these vulnerabilities vary. Potential consequences\n include disclosure of sensitive information and denial of service. \n\n\nIII. Solution\n\nUpgrade\n\n These vulnerabilities are addressed in Cisco Security Advisory\n cisco-sa-20080326-bundle. \n\n\nIV. References\n\n * US-CERT Vulnerability Notes -\n \u003chttp://www.kb.cert.org/vuls/byid?searchview\u0026query=cisco-sa-20080326-bundle\u003e\n\n * Cisco Security Advisory cisco-sa-20080326-bundle -\n \u003chttp://www.cisco.com/warp/public/707/cisco-sa-20080326-bundle.shtml\u003e\n\n * Cisco Security Advisory: Cisco IOS Virtual Private Dial-up Network\n Denial of Service Vulnerability -\n \u003chttp://www.cisco.com/warp/public/707/cisco-sa-20080326-pptp.shtml\u003e\n\n * Cisco Security Advisory: Multiple DLSw Denial of Service\n Vulnerabilities in Cisco IOS -\n \u003chttp://www.cisco.com/warp/public/707/cisco-sa-20080326-dlsw.shtml\u003e\n\n * Cisco Security Advisory: Cisco IOS User Datagram Protocol Delivery\n Issue For IPv4/IPv6 Dual-stack Routers -\n \u003chttp://www.cisco.com/warp/public/707/cisco-sa-20080326-IPv4IPv6.shtml\u003e\n\n * Cisco Security Advisory: Vulnerability in Cisco IOS with OSPF,\n MPLS VPN, and Supervisor 32, Supervisor 720, or Route Switch\n Processor 720 - \n \u003chttp://www.cisco.com/warp/public/707/cisco-sa-20080326-queue.shtml\u003e\n\n * Cisco Security Advisory: Cisco IOS Multicast Virtual Private\n Network (MVPN) Data Leak -\n \u003chttp://www.cisco.com/warp/public/707/cisco-sa-20080326-mvpn.shtml\u003e\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA08-087B.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA08-087B Feedback VU#936177\" in the\n subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2008 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\n\n Revision History\n\n March 27, 2008: Initial release\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niQEVAwUBR+vjW/RFkHkM87XOAQLjnQf+PgUTq9wrF8th28Ur2qUgViOGFbNOzwbp\n1Awp1ygPnGsT2BVBdwo7ugfuQXMHiz8rnG/7Ovf5prr3FjI6I/3XRMFTpS/ZmF1W\nm0e6H+vhJSmvJp02a4X9Rzm8Rq9jYda7SJHAFiiblxMSKOuOn2bKpOPxyrhnZmcA\nUsuFp5A4mHoMqi4LWO0XqCTBzC1r3myx9j3dVg0yJ0LuIvYWUoqOsHI1ywG+ryLO\nMfSbpvFgbfU5pn3e61hS++oIpOjmlLuRdu1o/2vHizqcUSfhKx2ccdOUG0c2Opr/\noabL6WpJHRePXbz1jdOPHGVPVH/6OVVSr+L2Ug1Qd8hBLwwbcfGweQ==\n=pX05\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-0537"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001244"
},
{
"db": "BID",
"id": "28463"
},
{
"db": "VULHUB",
"id": "VHN-30662"
},
{
"db": "PACKETSTORM",
"id": "64963"
},
{
"db": "PACKETSTORM",
"id": "64957"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "28463",
"trust": 2.8
},
{
"db": "NVD",
"id": "CVE-2008-0537",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "29559",
"trust": 2.6
},
{
"db": "USCERT",
"id": "TA08-087B",
"trust": 2.6
},
{
"db": "VUPEN",
"id": "ADV-2008-1005",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1019716",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001244",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200803-436",
"trust": 0.7
},
{
"db": "CERT/CC",
"id": "TA08-087B",
"trust": 0.6
},
{
"db": "CISCO",
"id": "20080326 VULNERABILITY IN CISCO IOS WITH OSPF, MPLS VPN, AND SUPERVISOR 32, SUPERVISOR 720, OR ROUTE SWITCH PROCESSOR 720",
"trust": 0.6
},
{
"db": "XF",
"id": "41466",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-30662",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "64963",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "64957",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-30662"
},
{
"db": "BID",
"id": "28463"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001244"
},
{
"db": "PACKETSTORM",
"id": "64963"
},
{
"db": "PACKETSTORM",
"id": "64957"
},
{
"db": "NVD",
"id": "CVE-2008-0537"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-436"
}
]
},
"id": "VAR-200803-0034",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-30662"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:43:30.033000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20080326-queue",
"trust": 0.8,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20080326-queue.shtml"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-001244"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-DesignError",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-001244"
},
{
"db": "NVD",
"id": "CVE-2008-0537"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/28463"
},
{
"trust": 2.5,
"url": "http://www.us-cert.gov/cas/techalerts/ta08-087b.html"
},
{
"trust": 1.8,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20080326-queue.shtml"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1019716"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/29559"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2008/1005/references"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41466"
},
{
"trust": 0.9,
"url": "http://secunia.com/advisories/29559/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0537"
},
{
"trust": 0.8,
"url": "http://www.frsirt.com/english/advisories/2008/1005"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta08-087b/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/trta08-087b"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-0537"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/41466"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2008/1005/references"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.3,
"url": "/archive/1/490111"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/15865/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/50/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "https://psi.secunia.com/?page=changelog"
},
{
"trust": 0.1,
"url": "https://psi.secunia.com/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/15864/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/182/"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20080326-queue.shtml\u003e"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/byid?searchview\u0026query=cisco-sa-20080326-bundle\u003e"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20080326-dlsw.shtml\u003e"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20080326-bundle.shtml\u003e"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20080326-ipv4ipv6.shtml\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta08-087b.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20080326-pptp.shtml\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20080326-mvpn.shtml\u003e"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-30662"
},
{
"db": "BID",
"id": "28463"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001244"
},
{
"db": "PACKETSTORM",
"id": "64963"
},
{
"db": "PACKETSTORM",
"id": "64957"
},
{
"db": "NVD",
"id": "CVE-2008-0537"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-436"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-30662"
},
{
"db": "BID",
"id": "28463"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001244"
},
{
"db": "PACKETSTORM",
"id": "64963"
},
{
"db": "PACKETSTORM",
"id": "64957"
},
{
"db": "NVD",
"id": "CVE-2008-0537"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-436"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-03-27T00:00:00",
"db": "VULHUB",
"id": "VHN-30662"
},
{
"date": "2008-03-26T00:00:00",
"db": "BID",
"id": "28463"
},
{
"date": "2008-04-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-001244"
},
{
"date": "2008-03-28T20:26:02",
"db": "PACKETSTORM",
"id": "64963"
},
{
"date": "2008-03-27T21:29:26",
"db": "PACKETSTORM",
"id": "64957"
},
{
"date": "2008-03-27T10:44:00",
"db": "NVD",
"id": "CVE-2008-0537"
},
{
"date": "2008-03-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200803-436"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-08T00:00:00",
"db": "VULHUB",
"id": "VHN-30662"
},
{
"date": "2008-03-26T21:09:00",
"db": "BID",
"id": "28463"
},
{
"date": "2008-04-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-001244"
},
{
"date": "2017-08-08T01:29:38.167000",
"db": "NVD",
"id": "CVE-2008-0537"
},
{
"date": "2008-09-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200803-436"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200803-436"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Cisco Service disruption in certain product functions (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-001244"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "design error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200803-436"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.