Cisco IOS XR Malformed RSVP Packet DoS

2014-11-28T00:00:00
ID CISCO-SN-CVE-2014-3376-IOSXR.NASL
Type nessus
Reporter Tenable
Modified 2018-11-15T00:00:00

Description

The remote Cisco device is running a version of IOS XR software that is affected by a denial of service vulnerability related to the improper parsing of malformed RSVP packets.

                                        
                                            #TRUSTED 4fbc8495730446bdb7f56d2d89d6bd8a5049fac3d5f863dd034b53823c8fffa6577fd7f6c64848da5a4459f9c50a48f97d5a064a348825b04f5e256eaf6fed21b3b469586dd64a33e67c7b8443d321e4fc99a8324d342b140813835d1b57fc50bef4f2bc11dd8b671daeb33ab0d609482d935b3304b1f3666e80b5f1e66788963f71d55a28ee9ac5a274a2f37ee8ab2f94fd28d47686d2d69e7e78feeb318c55c1942f723104a192db6f51035a66c1bff577e42c6ba4bf826dbc946b66510a8760673f6756836a768f8b904d869c347f1c81e706e0b7202b690a1c52f845fd20caf4ee4eff9d4e65eeb721327726a3232600dd6d38c4f04db85c66f5dffe89dffea29457b1292cbf9126048ddea2f7bdc77e898c3bb10fdcc875bcc7ea02d89301c3b443dcd7ea305aa074cce43fe31485d7430af0ba9445cc96afd268f25549af725a2eaf4ce3aae9f137b306b119cba1d13d25887740c9646d3657173df3aeb46f064f685646682b5b3748f42d54f7c057003b1c30fb465ca5308d6a9bddba18232df5000889250b1bb408b73fa1efe9ac72af44c0b6e11b0e614b4c5129906baffaa68eb3b8f418b8d5f0dc62f422ad8903e818e23123a901e68879d3feed3bece20950063003a1f40b6bec0b9fc02d128c65e46a1a3e722fa21bb17547618cab7d05647e58752e2fdee499507360a859c5227c851180b6800e8ee817f330
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(79625);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2018/11/15");

  script_cve_id("CVE-2014-3376");
  script_bugtraq_id(69956);
  script_xref(name:"CISCO-BUG-ID", value:"CSCuq12031");

  script_name(english:"Cisco IOS XR Malformed RSVP Packet DoS");
  script_summary(english:"Checks the IOS XR version.");

  script_set_attribute(attribute:"synopsis", value:"The remote device is missing a vendor-supplied security patch.");
  script_set_attribute(attribute:"description", value:
"The remote Cisco device is running a version of IOS XR software that
is affected by a denial of service vulnerability related to the
improper parsing of malformed RSVP packets.");
  # https://tools.cisco.com/security/center/viewAlert.x?alertId=35773
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2504735b");
  # https://tools.cisco.com/security/center/viewAlert.x?alertId=35773
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2504735b");
  script_set_attribute(attribute:"solution", value:"Apply the relevant patch referenced in Cisco bug ID CSCuq12031.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/09/18");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/09/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/28");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios_xr");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is (C) 2014-2018 Tenable Network Security, Inc.");
  script_family(english:"CISCO");

  script_dependencies("cisco_ios_xr_version.nasl");
  script_require_keys("Host/Cisco/IOS-XR/Version");

  exit(0);
}

include("audit.inc");
include("cisco_func.inc");
include("cisco_kb_cmd_func.inc");

version  = get_kb_item_or_exit("Host/Cisco/IOS-XR/Version");

flag     = FALSE;
override = FALSE;

if (version =~ "^5\.0\.")
  flag = TRUE;
else if (version =~ "^5\.1\.4" && ver_compare(ver:version, fix:"5.1.4.1" , strict:FALSE) < 0)
  flag = TRUE;
else if (version =~ "^5\.1\."  && ver_compare(ver:version, fix:"5.1.3.19", strict:FALSE) < 0)
  flag = TRUE;
else if (version =~ "^5\.2\."  && ver_compare(ver:version, fix:"5.2.1.29", strict:FALSE) < 0)
  flag = TRUE;

if (!flag) audit(AUDIT_INST_VER_NOT_VULN, 'Cisco IOS XR', version);

if (!isnull(get_kb_item("Host/local_checks_enabled")))
{
  buf = cisco_command_kb_item("Host/Cisco/Config/show_rsvp_interface_detail", "show rsvp interface detail");
  # Check for basic RSVP config
  if (check_cisco_result(buf))
  {
      if ("INTERFACE:" >!< buf || "BW (bits/sec):" >!< buf) audit(AUDIT_HOST_NOT, "affected because RSVP is not enabled.");
  }
  else if (cisco_needs_enable(buf)) override = TRUE;
}

if (report_verbosity > 0)
{
  report =
    '\n  Cisco bug IDs     : CSCuq12031' +
    '\n  Installed release : ' + version +
    '\n';
  security_warning(port:0, extra:report+cisco_caveat(override));
}
else security_warning(port:0, extra:cisco_caveat(override));