|
|
| CVE-ID | ||
|---|---|---|
CVE-1999-0667 |
• CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
|
|
| Description | ||
| The ARP protocol allows any host to spoof ARP replies and poison the ARP cache to conduct IP address spoofing or a denial of service. | ||
| References | ||
| Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete. | ||
| Assigning CNA | ||
| MITRE Corporation | ||
| Date Record Created | ||
| 19991008 | Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE. | |
| Phase (Legacy) | ||
| Proposed (19991222) | ||
| Votes (Legacy) | ||
| ACCEPT(2) Blake, Cole MODIFY(1) Stracener NOOP(2) Baker, Christey REJECT(1) Frech |
||
| Comments (Legacy) | ||
Stracener> Add Ref: BUGTRAQ:19970919 Playing redir games with ARP and ICMP Frech> Cannot proceed without a reference. Too vague, and resembles XF:netbsd-arp: CVE-1999-0763: NetBSD on a multi-homed host allows ARP packets on one network to modify ARP entries on another connected network. CVE-1999-0764: NetBSD allows ARP packets to overwrite static ARP entries. Will reconsider if reference provides enough information to render a distinction. Christey> This particular vulnerability was exploited by an attacker during the ID'Net IDS test network exercise at the SANS Network Security '99 conference. The attacker adapted a publicly available program that was able to spoof another machine on the same physical network. See http://marc.theaimsgroup.com/?l=bugtraq&m=87602880019797&w=2 for the Bugtraq reference that Tom Stracener suggested. This generated a long thread on Bugtraq in 1997. Blake> I'll second Tom's request to add the reference, it's a very posting good and the vulnerability is clearly derivative of the work. (I do recall talking to the guy and drafting a description.) |
||
| Proposed (Legacy) | ||
| 19991222 | ||
| This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities. | ||
|
You can also search by reference using the CVE Reference Maps.
|
||
| For More Information: CVE Request Web Form (select "Other" from dropdown) | ||