ID CVE-2006-4650
Summary Cisco IOS 12.0, 12.1, and 12.2, when GRE IP tunneling is used and the RFC2784 compliance fixes are missing, does not verify the offset field of a GRE packet during decapsulation, which leads to an integer overflow that references data from incorrect memory locations, which allows remote attackers to inject crafted packets into the routing queue, possibly bypassing intended router ACLs.
References
Vulnerable Configurations
  • Cisco IOS 12.0
    cpe:2.3:o:cisco:ios:12.0
  • Cisco IOS 12.1
    cpe:2.3:o:cisco:ios:12.1
  • Cisco IOS 12.2
    cpe:2.3:o:cisco:ios:12.2
CVSS
Base: 2.6 (as of 11-09-2006 - 17:29)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
nessus via4
NASL family CISCO
NASL id CISCO-SR-20060906-GRE.NASL
description The remote device contains a flaw in the way GRE packets are handled. By sending a specially crafted GRE packet, an attacker can take advantage of this flaw to potentially bypass access-control lists.
last seen 2019-02-21
modified 2018-11-15
plugin id 17789
published 2012-01-10
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=17789
title Cisco IOS GRE Decapsulation Vulnerability
oval via4
accepted 2008-09-08T04:00:38.826-04:00
class vulnerability
contributors
name Yuzheng Zhou
organization Hewlett-Packard
description Cisco IOS 12.0, 12.1, and 12.2, when GRE IP tunneling is used and the RFC2784 compliance fixes are missing, does not verify the offset field of a GRE packet during decapsulation, which leads to an integer overflow that references data from incorrect memory locations, which allows remote attackers to inject crafted packets into the routing queue, possibly bypassing intended router ACLs.
family ios
id oval:org.mitre.oval:def:5713
status accepted
submitted 2008-05-26T11:06:36.000-04:00
title Cisco IOS GRE Source Routing Integer Overflow ACL Bypass Vulnerability
version 3
refmap via4
bid 19878
bugtraq 20060906 Cisco IOS GRE issue
cisco 20060906 Cisco IOS GRE Decapsulation Vulnerability
misc http://www.phenoelit.de/stuff/CiscoGRE.txt
osvdb 28590
sectrack 1016799
secunia 21783
sreason 1526
vupen ADV-2006-3502
xf cisco-ios-gre-acl-bypass(28786)
Last major update 07-03-2011 - 21:41
Published 08-09-2006 - 20:04
Last modified 17-10-2018 - 17:38
Back to Top