Vulnerability Name:

CVE-2002-2185 (CCN-9436)

Assigned:2002-06-14
Published:2002-06-14
Updated:2018-10-19
Summary:The Internet Group Management Protocol (IGMP) allows local users to cause a denial of service via an IGMP membership report to a target's Ethernet address instead of the Multicast group address, which causes the target to stop sending reports to the router and effectively disconnect the group from the network.
CVSS v3 Severity:6.2 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:4.9 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
4.9 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: CCN
Type: SGI Security Advisory 20020901-01-A
IGMP multicast report Denial of Service vulnerability

Source: SGI
Type: UNKNOWN
20020901-01-A

Source: CCN
Type: BugTraq Mailing List, Fri Jun 14 2002 - 05:45:22 CDT
IGMP denial of service vulnerability

Source: CCN
Type: BugTraq Mailing List, Fri Jun 14 2002 - 13:45:33 CDT
Re: IGMP denial of service vulnerability

Source: CCN
Type: BugTraq Mailing List, Fri Jun 14 2002 - 17:20:49 CDT
Re: IGMP denial of service vulnerability

Source: MITRE
Type: CNA
CVE-2002-2185

Source: BUGTRAQ
Type: UNKNOWN
20020614 IGMP denial of service vulnerability

Source: CCN
Type: RHSA-2006-0101
kernel security update

Source: CCN
Type: RHSA-2006-0140
kernel security update

Source: CCN
Type: RHSA-2006-0190
kernel security update

Source: CCN
Type: RHSA-2006-0191
kernel security update

Source: SECUNIA
Type: Patch, Vendor Advisory
18510

Source: SECUNIA
Type: Patch, Vendor Advisory
18562

Source: SECUNIA
Type: Patch, Vendor Advisory
18684

Source: CCN
Type: Krishna N. Ramachandran's Web site
Spoofed IGMP Report Denial of Service Vulnerability

Source: MISC
Type: Exploit, Patch
http://www.cs.ucsb.edu/~krishna/igmp_dos/

Source: REDHAT
Type: Patch
RHSA-2006:0101

Source: REDHAT
Type: Patch
RHSA-2006:0140

Source: REDHAT
Type: Patch
RHSA-2006:0190

Source: REDHAT
Type: Patch
RHSA-2006:0191

Source: FEDORA
Type: UNKNOWN
FLSA:157459-3

Source: FEDORA
Type: UNKNOWN
FLSA:157459-4

Source: FEDORA
Type: UNKNOWN
FLSA:157459-1

Source: FEDORA
Type: UNKNOWN
FLSA:157459-2

Source: BID
Type: Exploit, Patch
5020

Source: CCN
Type: BID-5020
Multiple Vendor Spoofed IGMP Report Denial Of Service Vulnerability

Source: CCN
Type: BID-5021
PHPEventCalendar Remote Command Execution Vulnerability

Source: XF
Type: UNKNOWN
igmp-spoofed-report-dos(9436)

Source: XF
Type: UNKNOWN
igmp-spoofed-report-dos(9436)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10736

Vulnerable Configuration:Configuration 1:
  • cpe:/o:sgi:irix:6.5:*:*:*:*:*:*:*
  • OR cpe:/o:sgi:irix:6.5.1:*:*:*:*:*:*:*
  • OR cpe:/o:sgi:irix:6.5.2:*:*:*:*:*:*:*
  • OR cpe:/o:sgi:irix:6.5.3:*:*:*:*:*:*:*
  • OR cpe:/o:sgi:irix:6.5.4:*:*:*:*:*:*:*
  • OR cpe:/o:sgi:irix:6.5.5:*:*:*:*:*:*:*
  • OR cpe:/o:sgi:irix:6.5.6:*:*:*:*:*:*:*
  • OR cpe:/o:sgi:irix:6.5.7:*:*:*:*:*:*:*
  • OR cpe:/o:sgi:irix:6.5.8:*:*:*:*:*:*:*
  • OR cpe:/o:sgi:irix:6.5.9:*:*:*:*:*:*:*
  • OR cpe:/o:sgi:irix:6.5.10:*:*:*:*:*:*:*
  • OR cpe:/o:sgi:irix:6.5.11:*:*:*:*:*:*:*
  • OR cpe:/o:sgi:irix:6.5.12:*:*:*:*:*:*:*
  • OR cpe:/o:sgi:irix:6.5.13:*:*:*:*:*:*:*
  • OR cpe:/o:sgi:irix:6.5.14f:*:*:*:*:*:*:*
  • OR cpe:/o:sgi:irix:6.5.14m:*:*:*:*:*:*:*
  • OR cpe:/o:sgi:irix:6.5.15f:*:*:*:*:*:*:*
  • OR cpe:/o:sgi:irix:6.5.15m:*:*:*:*:*:*:*
  • OR cpe:/o:sgi:irix:6.5.16f:*:*:*:*:*:*:*
  • OR cpe:/o:sgi:irix:6.5.16m:*:*:*:*:*:*:*
  • OR cpe:/o:sgi:irix:6.5.17f:*:*:*:*:*:*:*
  • OR cpe:/o:sgi:irix:6.5.17m:*:*:*:*:*:*:*
  • OR cpe:/o:sgi:irix:6.5.18f:*:*:*:*:*:*:*
  • OR cpe:/o:sgi:irix:6.5.18m:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:debian:debian_linux:2.2:*:68k:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:2.2:*:alpha:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:2.2:*:arm:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:2.2:*:ia-32:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:2.2:*:powerpc:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:2.2:*:sparc:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.0:*:ppc:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.1:*:ia64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.2:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_98:*:gold:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_98se:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:*:home:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3.0:*:advanced_servers:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3.0:*:workstation:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4.0:*:advanced_server:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4.0:*:enterprise_server:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4.0:*:workstation:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:6.2:*:alpha:*:*:*:*:*
  • OR cpe:/o:redhat:linux:6.2:*:i386:*:*:*:*:*
  • OR cpe:/o:redhat:linux:6.2:*:sparc:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.0:*:alpha:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.0:*:i386:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.0:*:sparc:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.1:*:alpha:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.1:*:i386:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.1:*:ia64:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.2:*:i386:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.2:*:ia64:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.3:*:i386:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1:*:ia64:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1:*:itanium_processor:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:6.4:*:i386:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:6.4:*:ppc:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:6.4:alpha:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.0:*:i386:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.0:*:ppc:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.0:*:sparc:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.0:alpha:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.1:*:spa:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.1:*:sparc:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.1:*:x86:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.1:alpha:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.2:*:i386:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.3:*:i386:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.3:*:ppc:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.3:*:sparc:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8.0:*:i386:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:linux:linux_kernel:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:*:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:10736
    V
    		The Internet Group Management Protocol (IGMP) allows local users to cause a denial of service via an IGMP membership report to a target's Ethernet address instead of the Multicast group address, which causes the target to stop sending reports to the router and effectively disconnect the group from the network.
    2013-04-29
    oval:com.redhat.rhsa:def:20060140
    P
    		RHSA-2006:0140: kernel security update (Important)
    2006-01-19
    oval:com.redhat.rhsa:def:20060101
    P
    		RHSA-2006:0101: kernel security update (Important)
    2006-01-17
    BACK
    sgi irix 6.5
    sgi irix 6.5.1
    sgi irix 6.5.2
    sgi irix 6.5.3
    sgi irix 6.5.4
    sgi irix 6.5.5
    sgi irix 6.5.6
    sgi irix 6.5.7
    sgi irix 6.5.8
    sgi irix 6.5.9
    sgi irix 6.5.10
    sgi irix 6.5.11
    sgi irix 6.5.12
    sgi irix 6.5.13
    sgi irix 6.5.14f
    sgi irix 6.5.14m
    sgi irix 6.5.15f
    sgi irix 6.5.15m
    sgi irix 6.5.16f
    sgi irix 6.5.16m
    sgi irix 6.5.17f
    sgi irix 6.5.17m
    sgi irix 6.5.18f
    sgi irix 6.5.18m
    debian debian linux 2.2
    debian debian linux 2.2
    debian debian linux 2.2
    debian debian linux 2.2
    debian debian linux 2.2
    debian debian linux 2.2
    mandrakesoft mandrake linux 8.0
    mandrakesoft mandrake linux 8.0
    mandrakesoft mandrake linux 8.1
    mandrakesoft mandrake linux 8.1
    mandrakesoft mandrake linux 8.2
    microsoft windows 98 * gold
    microsoft windows 98se *
    microsoft windows xp *
    microsoft windows xp * gold
    redhat enterprise linux 3.0
    redhat enterprise linux 3.0
    redhat enterprise linux 3.0
    redhat enterprise linux 4.0
    redhat enterprise linux 4.0
    redhat enterprise linux 4.0
    redhat enterprise linux desktop 3.0
    redhat enterprise linux desktop 4.0
    redhat linux 6.2
    redhat linux 6.2
    redhat linux 6.2
    redhat linux 7.0
    redhat linux 7.0
    redhat linux 7.0
    redhat linux 7.1
    redhat linux 7.1
    redhat linux 7.1
    redhat linux 7.2
    redhat linux 7.2
    redhat linux 7.3
    redhat linux advanced workstation 2.1
    redhat linux advanced workstation 2.1
    suse suse linux 6.4
    suse suse linux 6.4
    suse suse linux 6.4 alpha
    suse suse linux 7.0
    suse suse linux 7.0
    suse suse linux 7.0
    suse suse linux 7.0 alpha
    suse suse linux 7.1
    suse suse linux 7.1
    suse suse linux 7.1
    suse suse linux 7.1 alpha
    suse suse linux 7.2
    suse suse linux 7.3
    suse suse linux 7.3
    suse suse linux 7.3
    suse suse linux 8.0
    linux linux kernel *
    microsoft windows *
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat linux advanced workstation 2.1