Back to search
CVE-2005-4437
Published: Dec 21, 2005
Modified: Aug 7, 2024
PUBLISHED
Description
MD5 Neighbor Authentication in Extended Interior Gateway Routing Protocol (EIGRP) 1.2, as implemented in Cisco IOS 11.3 and later, does not include the Message Authentication Code (MAC) in the checksum, which allows remote attackers to sniff message hashes and (1) replay EIGRP HELLO messages or (2) cause a denial of service by sending a large number of spoofed EIGRP neighbor announcements, which results in an ARP storm on the local network.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
ADV-2005-3008
vdb-entry
x_refsource_VUPEN
20051219 Authenticated EIGRP DoS / Information leak
mailing-list
x_refsource_BUGTRAQ
15970
vdb-entry
x_refsource_BID
oval:org.mitre.oval:def:5741
vdb-entry
signature
x_refsource_OVAL
20051220 Re: Unauthenticated EIGRP DoS
mailing-list
x_refsource_BUGTRAQ
274
third-party-advisory
x_refsource_SREASON
20051220 RE: Authenticated EIGRP DoS / Information leak
mailing-list
x_refsource_FULLDISC
1015382
vdb-entry
x_refsource_SECTRACK
20051219 Authenticated EIGRP DoS / Information leak
mailing-list
x_refsource_FULLDISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now