Technical Description

Multiple vulnerabilities have been identified in Cisco IOS, which could be exploited by attackers to execute arbitrary commands or cause a denial of service.

The first issue is due to an error in the VLAN Trunking Protocol (VTP) feature that does not properly handle specially crafted summary packets received on a trunk enabled port, which could be exploited by attackers on the local network segment to cause a software reset.

The second flaw is due to a buffer overflow error in the VTP feature when processing a summary advertisement received on a trunk enabled port with a Type-Length-Value (TLV) element containing an overly long VLAN name (more than 100 characters), which could be exploited by attackers to cause a denial of service or execute arbitrary commands.

The third flaw is due to an integer wrap in the VTP feature when handling a specially crafted configuration revision, which could be exploited by attackers to cause certain changes to the VLAN database to not be properly propagated throughout the VTP domain.

Affected Products

Cisco IOS versions 12.x and prior (with VTP Operating Mode as "server" or "client")

Solution

Apply fixes and set a VTP domain password to the VTP domain :
http://www.cisco.com/warp/public/707/cisco-sr-20060913-vtp.shtml

References

http://www.vupen.com/english/advisories/2006/3600
http://www.cisco.com/warp/public/707/cisco-sr-20060913-vtp.shtml
http://www.phenoelit.de/stuff/CiscoVTP.txt

Credits

Vulnerabilities reported by FX (Phenoelit)

ChangeLog

2006-09-13 : Initial release

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.