Secunia Security Advisory - FX has reported some vulnerabilities in Cisco IOS, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a vulnerable network device.
8d4448b01c698c871b42a52f16688a76c9ca63c8689e6bcff1f14c347bd8fbca
----------------------------------------------------------------------
Want to work within IT-Security?
Secunia is expanding its team of highly skilled security experts.
We will help with relocation and obtaining a work permit.
Currently the following type of positions are available:
http://secunia.com/quality_assurance_analyst/
http://secunia.com/web_application_security_specialist/
http://secunia.com/hardcore_disassembler_and_reverse_engineer/
----------------------------------------------------------------------
TITLE:
Cisco IOS VTP Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA21896
VERIFY ADVISORY:
http://secunia.com/advisories/21896/
CRITICAL:
Moderately critical
IMPACT:
Manipulation of data, DoS, System access
WHERE:
>From local network
OPERATING SYSTEM:
Cisco IOS 10.x
http://secunia.com/product/184/
Cisco IOS 11.x
http://secunia.com/product/183/
Cisco IOS 12.x
http://secunia.com/product/182/
Cisco IOS R11.x
http://secunia.com/product/53/
Cisco IOS R12.x
http://secunia.com/product/50/
DESCRIPTION:
FX has reported some vulnerabilities in Cisco IOS, which can be
exploited by malicious people to cause a DoS (Denial of Service) and
potentially to compromise a vulnerable network device.
1) An error exists in the handling of summary packets in the VLAN
Truncing Protocol (VTP). This can be exploited to reset the switch
with a Software Forced Crash Exception by sending a specially crafted
packet to a trunk enabled port.
2) An integer overflow error exists in the VTP configuration revision
handling. This can be exploited to prevent that changes to the VLAN
database are properly propagated throughout the VTP domain by sending
a specially crafted packet containing 0x7FFFFFFF as a configuration
revision number.
3) A boundary error exists in the processing of VTP summary
advertisement messages. This can be exploited to cause a heap-based
buffer overflow by sending a specially crafted message containing an
overly long VLAN name (more than 100 characters) to a trunk enabled
port.
Successful exploitation may allow arbitrary code execution.
NOTE: The packets must be received with a matching domain name and a
matching VTP domain password (if configured).
The vulnerabilities affect Cisco IOS with a VTP Operating Mode as
either "server" or "client".
SOLUTION:
A fix is reportedly available for vulnerability #1. The vendor also
recommends applying a VTP domain password to the VTP domain (see the
vendor's advisory for details).
PROVIDED AND/OR DISCOVERED BY:
FX, Phenoelit.
ORIGINAL ADVISORY:
Phenoelit:
http://www.phenoelit.de/stuff/CiscoVTP.txt
Cisco:
http://www.cisco.com/warp/public/707/cisco-sr-20060913-vtp.shtml
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed