cisco vtp vulnerabilities

cisco vtp vulnerabilities
FX reported three vulnerabilities for cisco vtp. http://www.securityfocus.com/archive/1/445896/30/0/threaded Cisco responded with this public response. http://www.cisco.com/warp/public/707/cisco-sr-20060913-vtp.shtml CSCsd34855/CSCei54611 -- Buffer Overflow in VTP VLAN name possible remote code execution. VTP passwords mitigate this one somewhat as long as the passwords are not easily guessable or well known. CSCsd52629/CSCsd34759 -- VTP version field DoS VTP passwords do not mitigate this vulnerability as this takes place before the vtp password would be used. CSCse40078/CSCse47765 -- Integer Wrap in VTP revision This one appears to be a cosmetic issue not a DOS. Cisco was unable to recreate a DOS condition one in their testing. FX in the original posting provided a text version of the packet needed to perform the buffer overflow in vtp vlan name. That can easily be converted to a pcap. I consider that to be a public release of the exploit. If you have not set a vtp mode then VTP server is the default mode. If not set to transparent mode the vtp could be vulnerable depending on code level. To set a vtp password execute the command vtp password $PAssw0rd_th@t_15_h@rd_2_guess From the cisco response: "Products affected by these vulnerabilities: Switches running affected versions of Cisco IOS� software that have VTP Operating Mode as either "server" or "client" are affected by all three vulnerabilities Switches running affected versions of Cisco CatOS that have VTP Operating Mode as either "server" or "client" are only affected by the "Integer Wrap in VTP revision" vulnerability Products not affected by these vulnerabilities: Switches configured with VTP operating mode as "transparent" Switches running CatOS with VTP Operating Mode as either "server" or "client" are not affected by the "Buffer Overflow in VTP VLAN name" or "VTP Version field DoS" vulnerabilities"	donald 206 Posts Sep 14th 2006
Thread locked Subscribe	Sep 14th 2006 1 decade ago