Cisco IOS DHCP Remember Functionality DoS (CSCuh46822)

2014-10-06T00:00:00
ID CISCO-SN-CSCUH46822-IOS.NASL
Type nessus
Reporter Tenable
Modified 2018-07-06T00:00:00

Description

According to its self-reported version, the remote IOS device is affected by a denial of service vulnerability when the remember functionality of DHCP is enabled.

A flaw exists where the remember functionality does not correctly handle the releasing of leases. An attacker can exploit this issue by obtaining a lease and then releasing it, which may cause the device to reload.

                                        
                                            #TRUSTED 31b4cbc6ed4673eb829457f9993c24eeacbc65eb72fd76c68a81fcdbc04c92f7136b9f4700004cd85b7f40e58985defe08d469bb6c6ecf28d9f3d5e8bee9219ca2b09e807c75b9e8c2ab8819c72c8895f4f6f2c7674a826a6d5f70e06d530b0014632f6725e26c4728cf625dcef4221faeef0f7f73c53bf0929a79ae9b8a9c83ac66cf5ff07ee4820542e0cdbfcccc2f556d63c9feea16f1effe182d6ba0a064ac6a6ac0f896e5bf793c11a47c023f36b738ffcc89fdd31724d28be4b98b5e3efa0994e327278ca50203535018cee2fb6235c234ca01caecd2335cd852322bebc995b839f3d2de9216d6019ef41ec8ef0e2aae8ef4ee99f48d461b86e1347da5b5f75aa8b80bb9ae79457d70ad68ac59810dedc29aa6114670c92dfe0f4b966852c2ff256840671d7e883aa46567cdf88d89c22234ec60e03bdbe2d304a70bef003d580f2cc8645eddef61a6b306413e14d0dc821253c67a4ee07c42a8d7d4c61e93259099b189765311f1dae681f90f44e1f06fb9000e31aa2aaaa09032007073da7d4be05cbac3bffc1fd84fd35be77ab6f4a6a76ad512839c3c9ca89bad5afab1fe59d1e07b64e6c8cb0caf70dfcbdd213646edd4c318af614b810320b8e6753c0894ba66f269ae9b19738bc1186d65121e8a26ce719bdd395ae1c4fab0d233234e666fcb8bf030b160d9782051f78e68589bd3aeac874779023795514af1
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(78064);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2018/07/06");

  script_cve_id("CVE-2013-5499");
  script_bugtraq_id(62866);
  script_xref(name:"CISCO-BUG-ID", value:"CSCuh46822");

  script_name(english:"Cisco IOS DHCP Remember Functionality DoS (CSCuh46822)");
  script_summary(english:"Checks the IOS version.");

  script_set_attribute(attribute:"synopsis", value:"The remote device is running a vulnerable IOS version.");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version, the remote IOS device is
affected by a denial of service vulnerability when the remember
functionality of DHCP is enabled.

A flaw exists where the remember functionality does not correctly
handle the releasing of leases. An attacker can exploit this issue by
obtaining a lease and then releasing it, which may cause the device to
reload.");
  script_set_attribute(attribute:"see_also", value:"https://tools.cisco.com/security/center/viewAlert.x?alertId=31156");
  # http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5499
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2c52d7a3");
  script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug ID
CSCuh46822.");
  script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/10/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/10/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/06");

  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.");
  script_family(english:"CISCO");

  script_dependencies("cisco_ios_version.nasl");
  script_require_keys("Host/Cisco/IOS/Version");

  exit(0);
}

include("audit.inc");
include("cisco_func.inc");
include("cisco_kb_cmd_func.inc");

version = get_kb_item_or_exit("Host/Cisco/IOS/Version");

flag = 0;
override = 0;

# Check for vuln version
if (version == '15.1GC') flag++;
else if (version == '15.1(4)GC') flag++;
else if (version == '15.1(4)GC1') flag++;
else if (version == '15.1M') flag++;
else if (version == '15.1(4)M') flag++;
else if (version == '15.1(4)M1') flag++;
else if (version == '15.1(4)M2') flag++;
else if (version == '15.1(4)M3') flag++;
else if (version == '15.1(4)M3a') flag++;
else if (version == '15.1(4)M4') flag++;
else if (version == '15.1(4)M5') flag++;
else if (version == '15.1(4)M6') flag++;
else if (version == '15.1(4)M7') flag++;
else if (version == '15.1T') flag++;
else if (version == '15.1(3)T') flag++;
else if (version == '15.1(3)T1') flag++;
else if (version == '15.1(3)T2') flag++;
else if (version == '15.1(3)T3') flag++;
else if (version == '15.1(3)T4') flag++;
else if (version == '15.1XB') flag++;
else if (version == '15.1(4)XB4') flag++;
else if (version == '15.1(4)XB5') flag++;
else if (version == '15.1(4)XB5a') flag++;
else if (version == '15.1(4)XB6') flag++;
else if (version == '15.1(4)XB7') flag++;
else if (version == '15.1(4)XB8') flag++;
else if (version == '15.1(4)XB8a') flag++;
else if (version == '15.2GC') flag++;
else if (version == '15.2(1)GC') flag++;
else if (version == '15.2(1)GC1') flag++;
else if (version == '15.2(1)GC2') flag++;
else if (version == '15.2(2)GC') flag++;
else if (version == '15.2(3)GC') flag++;
else if (version == '15.2(3)GC1') flag++;
else if (version == '15.2(4)GC') flag++;
else if (version == '15.2GCA') flag++;
else if (version == '15.2(3)GCA') flag++;
else if (version == '15.2(3)GCA1') flag++;

# Check for DHCP remember functionality enabled
if (get_kb_item("Host/local_checks_enabled"))
{
  if (flag > 0)
  {
    flag = 0;
    buf = cisco_command_kb_item("Host/Cisco/Config/show_running-config", "show running-config");
    if (check_cisco_result(buf))
    {
      if (preg(multiline:TRUE, pattern:"ip dhcp remember", string:buf)) flag = 1;
    }
    else if (cisco_needs_enable(buf)) { flag = 1; override = 1; }
  }
}

if (flag > 0)
{
  if(report_verbosity > 0)
  {
    report =
      '\n  Cisco bug ID      : CSCuh46822' +
      '\n  Installed release : ' + version +
      '\n';
    security_warning(port:0, extra:report + cisco_caveat(override));
  }
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");