ID
VAR-E-200104-0100
TITLE
Cisco Catalyst 802.1x Frame Forwarding Vulnerability
Trust: 0.3
DESCRIPTION
The Catalyst Switch is a high performance, low cost switch distributed by Cisco Systems. It is designed to offer scalability, ease of use, and modular configuration for maximum flexibility.
A problem with the 5000 and 2900 series switches could make it possible to deny service to legitimate users of network resources. By sending a 802.1x frame to a switch with spanning tree protocol blocked port, the frame is forwarded on through the VLAN managed by the switch. This causes a storm of 802.1x frames.
Therefore, it is possible for a remote user to create a 802.1x frame storm on the segment of VLAN managed by the Catalyst Switch, affecting performance, and potentially creating a Denial of Service.
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | cisco | model: | catalyst | scope: | eq | version: | 50006.1(2) | Trust: 0.3 |
| vendor: | cisco | model: | catalyst | scope: | eq | version: | 50006.1 | Trust: 0.3 |
| vendor: | cisco | model: | catalyst | scope: | eq | version: | 50005.5(6) | Trust: 0.3 |
| vendor: | cisco | model: | catalyst | scope: | eq | version: | 50005.5 | Trust: 0.3 |
| vendor: | cisco | model: | catalyst | scope: | eq | version: | 50004.5(11) | Trust: 0.3 |
| vendor: | cisco | model: | catalyst | scope: | eq | version: | 50004.5(10) | Trust: 0.3 |
| vendor: | cisco | model: | catalyst | scope: | eq | version: | 29006.1(2) | Trust: 0.3 |
| vendor: | cisco | model: | catalyst | scope: | eq | version: | 29005.5(6) | Trust: 0.3 |
| vendor: | cisco | model: | catalyst | scope: | eq | version: | 29004.5(11) | Trust: 0.3 |
| vendor: | cisco | model: | catalyst | scope: | ne | version: | 50006.1(3) | Trust: 0.3 |
| vendor: | cisco | model: | catalyst | scope: | ne | version: | 50005.5(7) | Trust: 0.3 |
| vendor: | cisco | model: | catalyst | scope: | ne | version: | 50004.5(12) | Trust: 0.3 |
| vendor: | cisco | model: | catalyst | scope: | ne | version: | 29006.1(3) | Trust: 0.3 |
| vendor: | cisco | model: | catalyst | scope: | ne | version: | 29005.5(7) | Trust: 0.3 |
| vendor: | cisco | model: | catalyst | scope: | ne | version: | 29004.5(12) | Trust: 0.3 |
EXPLOIT
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.
Trust: 0.3
PRICE
Free
Trust: 0.3
TYPE
Unknown
Trust: 0.3
CREDITS
This vulnerability was announced to Bugtraq in a Cisco Security Advisory posted on April 16, 2001.
Trust: 0.3
EXTERNAL IDS
| db: | BID | id: | 2604 | Trust: 0.3 |
SOURCES
| db: | BID | id: | 2604 |
LAST UPDATE DATE
2022-07-27T10:04:42.822000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 2604 | date: | 2001-04-16T00:00:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 2604 | date: | 2001-04-16T00:00:00 |