CVE-2002-2185

MEDIUM

Description

The Internet Group Management Protocol (IGMP) allows local users to cause a denial of service via an IGMP membership report to a target's Ethernet address instead of the Multicast group address, which causes the target to stop sending reports to the router and effectively disconnect the group from the network.

References

ftp://patches.sgi.com/support/free/security/advisories/20020901-01-A

http://online.securityfocus.com/archive/1/276968

http://secunia.com/advisories/18510

http://secunia.com/advisories/18562

http://secunia.com/advisories/18684

http://www.cs.ucsb.edu/~krishna/igmp_dos/

http://www.redhat.com/support/errata/RHSA-2006-0101.html

http://www.redhat.com/support/errata/RHSA-2006-0140.html

http://www.redhat.com/support/errata/RHSA-2006-0190.html

http://www.redhat.com/support/errata/RHSA-2006-0191.html

http://www.securityfocus.com/archive/1/427980/100/0/threaded

http://www.securityfocus.com/archive/1/427981/100/0/threaded

http://www.securityfocus.com/archive/1/428028/100/0/threaded

http://www.securityfocus.com/archive/1/428058/100/0/threaded

http://www.securityfocus.com/bid/5020

https://exchange.xforce.ibmcloud.com/vulnerabilities/9436

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10736

Details

Source: MITRE

Published: 2002-12-31

Updated: 2018-10-19

Type: NVD-CWE-Other

Risk Information

CVSS v2.0

Base Score: 4.9

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 3.9

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:sgi:irix:6.5:*:*:*:*:*:*:*

cpe:2.3:o:sgi:irix:6.5.1:*:*:*:*:*:*:*

cpe:2.3:o:sgi:irix:6.5.2:*:*:*:*:*:*:*

cpe:2.3:o:sgi:irix:6.5.3:*:*:*:*:*:*:*

cpe:2.3:o:sgi:irix:6.5.4:*:*:*:*:*:*:*

cpe:2.3:o:sgi:irix:6.5.5:*:*:*:*:*:*:*

cpe:2.3:o:sgi:irix:6.5.6:*:*:*:*:*:*:*

cpe:2.3:o:sgi:irix:6.5.7:*:*:*:*:*:*:*

cpe:2.3:o:sgi:irix:6.5.8:*:*:*:*:*:*:*

cpe:2.3:o:sgi:irix:6.5.9:*:*:*:*:*:*:*

cpe:2.3:o:sgi:irix:6.5.10:*:*:*:*:*:*:*

cpe:2.3:o:sgi:irix:6.5.11:*:*:*:*:*:*:*

cpe:2.3:o:sgi:irix:6.5.12:*:*:*:*:*:*:*

cpe:2.3:o:sgi:irix:6.5.13:*:*:*:*:*:*:*

cpe:2.3:o:sgi:irix:6.5.14f:*:*:*:*:*:*:*

cpe:2.3:o:sgi:irix:6.5.14m:*:*:*:*:*:*:*

cpe:2.3:o:sgi:irix:6.5.15f:*:*:*:*:*:*:*

cpe:2.3:o:sgi:irix:6.5.15m:*:*:*:*:*:*:*

cpe:2.3:o:sgi:irix:6.5.16f:*:*:*:*:*:*:*

cpe:2.3:o:sgi:irix:6.5.16m:*:*:*:*:*:*:*

cpe:2.3:o:sgi:irix:6.5.17f:*:*:*:*:*:*:*

cpe:2.3:o:sgi:irix:6.5.17m:*:*:*:*:*:*:*

cpe:2.3:o:sgi:irix:6.5.18f:*:*:*:*:*:*:*

cpe:2.3:o:sgi:irix:6.5.18m:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:debian:debian_linux:2.2:*:68k:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:2.2:*:alpha:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:2.2:*:arm:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:2.2:*:ia-32:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:2.2:*:powerpc:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:2.2:*:sparc:*:*:*:*:*

cpe:2.3:o:mandrakesoft:mandrake_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:mandrakesoft:mandrake_linux:8.0:*:ppc:*:*:*:*:*

cpe:2.3:o:mandrakesoft:mandrake_linux:8.1:*:*:*:*:*:*:*

cpe:2.3:o:mandrakesoft:mandrake_linux:8.1:*:ia64:*:*:*:*:*

cpe:2.3:o:mandrakesoft:mandrake_linux:8.2:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_98se:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*

cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_servers:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:4.0:*:advanced_server:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:4.0:*:enterprise_server:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:4.0:*:workstation:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:linux:6.2:*:alpha:*:*:*:*:*

cpe:2.3:o:redhat:linux:6.2:*:i386:*:*:*:*:*

cpe:2.3:o:redhat:linux:6.2:*:sparc:*:*:*:*:*

cpe:2.3:o:redhat:linux:7.0:*:alpha:*:*:*:*:*

cpe:2.3:o:redhat:linux:7.0:*:i386:*:*:*:*:*

cpe:2.3:o:redhat:linux:7.0:*:sparc:*:*:*:*:*

cpe:2.3:o:redhat:linux:7.1:*:alpha:*:*:*:*:*

cpe:2.3:o:redhat:linux:7.1:*:i386:*:*:*:*:*

cpe:2.3:o:redhat:linux:7.1:*:ia64:*:*:*:*:*

cpe:2.3:o:redhat:linux:7.2:*:i386:*:*:*:*:*

cpe:2.3:o:redhat:linux:7.2:*:ia64:*:*:*:*:*

cpe:2.3:o:redhat:linux:7.3:*:i386:*:*:*:*:*

cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:ia64:*:*:*:*:*

cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium_processor:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:6.4:*:i386:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:6.4:*:ppc:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:6.4:alpha:*:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:7.0:*:i386:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:7.0:*:ppc:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:7.0:*:sparc:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:7.0:alpha:*:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:7.1:*:spa:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:7.1:*:sparc:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:7.1:*:x86:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:7.1:alpha:*:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:7.2:*:i386:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:7.3:*:i386:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:7.3:*:ppc:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:7.3:*:sparc:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:8.0:*:i386:*:*:*:*:*

Tenable Plugins

View all (7 total)

ID	Name	Product	Family	Severity
21977	CentOS 4 : kernel (CESA-2006:0101)	Nessus	CentOS Local Security Checks	high
21881	CentOS 3 : kernel (CESA-2006:0140)	Nessus	CentOS Local Security Checks	high
20855	RHEL 2.1 : kernel (RHSA-2006:0191)	Nessus	Red Hat Local Security Checks	medium
20751	RHEL 3 : kernel (RHSA-2006:0140)	Nessus	Red Hat Local Security Checks	high
20732	RHEL 4 : kernel (RHSA-2006:0101)	Nessus	Red Hat Local Security Checks	high
801415	CentOS RHSA-2006-0140 Security Check	Log Correlation Engine	Generic	high
801413	CentOS RHSA-2006-0101 Security Check	Log Correlation Engine	Generic	high