VIGILANTE-2000010.txt

2000-09-13T00:00:00
ID PACKETSTORM:23095
Type packetstorm
Reporter Vigilante
Modified 2000-09-13T00:00:00

Description

                                        
                                            `Intel Express Switch series 500 DoS #2  
  
Advisory Code: VIGILANTE-2000010  
  
Release Date:  
September 6, 2000  
  
Systems Affected:  
Intel Express Switch 510T  
- Firmware version 2.63  
- Firmware version 2.64  
Intel Express Switch 520T  
- Firmware version 2.63  
- Firmware version 2.64  
Intel Express Switch 550T  
- Firmware version 2.63  
- Firmware version 2.64  
Intel Express Switch 550F  
- Firmware version 2.63  
- Firmware version 2.64  
It is likely that older firmware versions are also affected.  
  
THE PROBLEM  
By sending a malformed ICMP packet, either to the Intel Express  
Switch or a host behind it, the CPU crashes. The switch looses  
all routing functionality but continues to function as a switch,  
except for the fact that learning also crashes, so new connections  
are not "picked up". The packet can be sent from a machine  
directly connected to the switch or from a machine not directly  
connected to the switch. Since the packet does not require a reply,  
the packet can also be spoofed.  
  
A Side Note:  
During testing we also found the SNMP command that reboots the  
switch, and just as a friendly reminder, please do remember to change  
your switch's SNMP community name from the default to something a bit  
harder to guess, since the reboot command can also be spoofed.  
  
Vendor Status:  
Intel was contacted on the 3rd of September and the vulnerability was  
verified by them the following day. The fix was officially released  
on the 5th of September.  
  
Fix:  
The fix for the Intel Express Switches 510T, 520T, 550T and 550F  
is the same, and it can be found at this location:  
http://support.intel.com/support/express/switches/500/es5_266.htm  
  
  
Vendor URL: http://www.intel.com  
Product URL:  
http://www.intel.com/network/products/express_switches.htm?iid={500_switch}  
Copyright VIGILANTe 2000-09-03  
  
Disclaimer:  
The information within this document may change without notice. Use of  
this information constitutes acceptance for use in an AS IS  
condition. There are NO warranties with regard to this information.  
In no event shall the author be liable for any consequences whatsoever  
arising out of or in connection with the use or spread of this  
information. Any use of this information lays within the user's  
responsibility.  
  
Feedback:  
Please send suggestions, updates, and comments to:  
  
VIGILANTe  
mailto: isis@vigilante.com  
http://www.vigilante.com  
  
`