Cisco IOS XR Malformed RSVP Packet DoS

2014-11-28T00:00:00
ID CISCO-SN-CVE-2014-3376-IOSXR.NASL
Type nessus
Reporter Tenable
Modified 2018-07-06T00:00:00

Description

The remote Cisco device is running a version of IOS XR software that is affected by a denial of service vulnerability related to the improper parsing of malformed RSVP packets.

                                        
                                            #TRUSTED 49389a516e8fcdab5111287711b905884ac2b48c50ca8a7bb35b6e4cb2bebbcf11ca347149209a5102a92a485d9200b91b650e527cb2a3be89c6a2f3cd37e152c1bb0e7eac27bc636a45831bcf9f5e1633b70ba2b6ddfbb56e3f2a6683a82eef1df7e9cb615dcdd79420ba7783749ae56178a98abd0f294c52b74d00073ba792da6aea24c6e7e3fb9f3d5795c08cfaf98e1294516f7d8ac6be3779db20f1b9f30067142d707e429f92b708df62f71b706e94d23048444649603fd02c95ac3f2486f5a8454e7f866310b42975620a186851239f14bb7f09d38c5d8f8dbe66b0545851f2e42a964abbc044880f39e39944ad1a595729be46405b0e64845498ecfc645d0e0b6b5bb6a589085185de3d30f415aef3738bc5631e9af0e2401597c902f7f6e452b075f3c7a72f21cc34e2c787ad499414fb1f125b142f6a6c6a3cd73fd131d52b6cfe0561b98932d57acfc774ee6021cdca89929b2982d3e1d82bb7effe36b7fa15c4ced57db09acd30363bcb21b95ce4afd8221fba13707b46d87165f0ed7fe03c2bc78273fc9260bc381879b2de715238b252c6c7d4472439145d6d9c6e182b09d62ff93d760c2d92a0a26e9036c260795a45a8b9655c399f55cc98ce9f6474216fde3b113e4781e2ea258447690ea7d172437bb53dbb2278d302329aa7e5d9915c1b8fe8aaa966f6ada98d749968207018906ddff76248d9779692
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(79625);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2018/07/06");

  script_cve_id("CVE-2014-3376");
  script_bugtraq_id(69956);
  script_xref(name:"CISCO-BUG-ID", value:"CSCuq12031");

  script_name(english:"Cisco IOS XR Malformed RSVP Packet DoS");
  script_summary(english:"Checks the IOS XR version.");

  script_set_attribute(attribute:"synopsis", value:"The remote device is missing a vendor-supplied security patch.");
  script_set_attribute(attribute:"description", value:
"The remote Cisco device is running a version of IOS XR software that
is affected by a denial of service vulnerability related to the
improper parsing of malformed RSVP packets.");
  # http://tools.cisco.com/security/center/viewAlert.x?alertId=35773
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?6a0bdbd7");
  # http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3376
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?7451aa56");
  script_set_attribute(attribute:"solution", value:"Apply the relevant patch referenced in Cisco bug ID CSCuq12031.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/09/18");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/09/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/28");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios_xr");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is (C) 2014-2018 Tenable Network Security, Inc.");
  script_family(english:"CISCO");

  script_dependencies("cisco_ios_xr_version.nasl");
  script_require_keys("Host/Cisco/IOS-XR/Version");

  exit(0);
}

include("audit.inc");
include("cisco_func.inc");
include("cisco_kb_cmd_func.inc");

version  = get_kb_item_or_exit("Host/Cisco/IOS-XR/Version");

flag     = FALSE;
override = FALSE;

if (version =~ "^5\.0\.")
  flag = TRUE;
else if (version =~ "^5\.1\.4" && ver_compare(ver:version, fix:"5.1.4.1" , strict:FALSE) < 0)
  flag = TRUE;
else if (version =~ "^5\.1\."  && ver_compare(ver:version, fix:"5.1.3.19", strict:FALSE) < 0)
  flag = TRUE;
else if (version =~ "^5\.2\."  && ver_compare(ver:version, fix:"5.2.1.29", strict:FALSE) < 0)
  flag = TRUE;

if (!flag) audit(AUDIT_INST_VER_NOT_VULN, 'Cisco IOS XR', version);

if (!isnull(get_kb_item("Host/local_checks_enabled")))
{
  buf = cisco_command_kb_item("Host/Cisco/Config/show_rsvp_interface_detail", "show rsvp interface detail");
  # Check for basic RSVP config
  if (check_cisco_result(buf))
  {
      if ("INTERFACE:" >!< buf || "BW (bits/sec):" >!< buf) audit(AUDIT_HOST_NOT, "affected because RSVP is not enabled.");
  }
  else if (cisco_needs_enable(buf)) override = TRUE;
}

if (report_verbosity > 0)
{
  report =
    '\n  Cisco bug IDs     : CSCuq12031' +
    '\n  Installed release : ' + version +
    '\n';
  security_warning(port:0, extra:report+cisco_caveat(override));
}
else security_warning(port:0, extra:cisco_caveat(override));