TCP/IP IGMP Overlap Remote DoS (pimp)

high Nessus Plugin ID 10179

Synopsis

The remote host is vulnerable to a denial of service attack.

Description

It was possible to crash the remote host using the 'pimp' attack. This flaw allows an attacker to make this host crash at will, thus preventing the legitimate users from using it.

Solution

Filter incoming IGMP traffic.

See Also

https://seclists.org/bugtraq/1999/Jul/22

Plugin Details

Severity: High

ID: 10179

File Name: pimp.nasl

Version: 1.37

Type: remote

Published: 7/28/1999

Updated: 3/6/2019

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: High

Base Score: 8.5

Temporal Score: 6.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:C

Vulnerability Information

Required KB Items: Settings/ParanoidReport

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 7/4/1999

Reference Information

CVE: CVE-1999-0918

BID: 514

CWE: 20