Details of VAR-200512-0082

ID

VAR-200512-0082

CVE

CVE-2005-4440

TITLE

Cisco IOS of 802.1q VLAN In the protocol Traffic spoofing and segment avoidance vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2005-000742

DESCRIPTION

The 802.1q VLAN protocol allows remote attackers to bypass network segmentation and spoof VLAN traffic via a message with two 802.1q tags, which causes the second tag to be redirected from a downstream switch after the first tag has been stripped, as demonstrated by Yersinia, aka "double-tagging VLAN jumping attack.". ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ VLAN (Virtual LAN) Is LAN By setting a virtual group different from the physical connection form, LAN The terminal has a switch function MAC Address or IP Groups according to address, protocol used, etc. Also, PVLAN (Private VLAN) Is more than one VLAN Is a function that configures one subnet by combining IEEE Standardized by VLAN Standard of 802.1q Is Cisco IOS Works Cisco Catalyst And many other switching devices. 802.1q On the frame flowing through the network VLAN Identification ID ( tag ) Which switch is VLAN Between multiple switches VLAN Can be configured. Cisco IOS Implemented in VLAN/PVLAN Has the following security issues that allow it to communicate to hosts on different isolated segments: 1) Intentionally created 2 Horn IEEE 802.1q When a packet containing a tag is sent, VLAN There is an issue where it is possible to send packets to hosts on segments separated by. 2) Destination MAC When a packet with an address changed to that of a gateway router is sent, PVLAN There is an issue where it is possible to send packets to hosts on segments separated by. In addition, hosts that can communicate with the target host in packets that exploit these issues ( Host managed by attacker ) From IP By spoofing the address, it is possible to control the destination of response packets from the target host. When used by a remote attacker, as a result, the attacker may gain access to a target host that is otherwise inaccessible and attempt further attacks.Please refer to the “Overview” for the impact of this vulnerability. Vlan Protocol is prone to a security bypass vulnerability

Trust: 1.89

sources: NVD: CVE-2005-4440 // JVNDB: JVNDB-2005-000742 // BID: 88917

AFFECTED PRODUCTS

vendor:	vlan protocol	model:	vlan protocol	scope:	eq	version:	802.1q	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	12.0	Trust: 0.8
vendor:	cisco	model:	ios	scope:	eq	version:	12.1	Trust: 0.8
vendor:	cisco	model:	ios	scope:	eq	version:	12.2	Trust: 0.8
vendor:	cisco	model:	ios	scope:	eq	version:	12.3	Trust: 0.8
vendor:	cisco	model:	ios	scope:	eq	version:	12.4	Trust: 0.8
vendor:	vlan	model:	protocol vlan protocol 802.1q	scope:	-	version:	-	Trust: 0.3

sources: BID: 88917 // JVNDB: JVNDB-2005-000742 // CNNVD: CNNVD-200512-480 // NVD: CVE-2005-4440

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2005-4440
value:	MEDIUM
Trust: 1.8
CNNVD:	CNNVD-200512-480
value:	MEDIUM
Trust: 0.6

NVD:	CVE-2005-4440
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

sources: JVNDB: JVNDB-2005-000742 // CNNVD: CNNVD-200512-480 // NVD: CVE-2005-4440

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-4440

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200512-480

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200512-480

CONFIGURATIONS

sources: NVD: CVE-2005-4440

PATCH

title:

cisco-response-20051220-pvlan

url:

http://www.cisco.com/warp/public/707/cisco-response-20051220-pvlan.shtml

Trust: 0.8

sources: JVNDB: JVNDB-2005-000742

EXTERNAL IDS

db:	NVD	id:	CVE-2005-4440	Trust: 2.7
db:	JVNDB	id:	JVNDB-2005-000742	Trust: 0.8
db:	BUGTRAQ	id:	20051219 RE: MAKING UNIDIRECTIONAL VLAN AND PVLAN JUMPING BIDIRECTIONAL	Trust: 0.6
db:	BUGTRAQ	id:	20051219 MAKING UNIDIRECTIONAL VLAN AND PVLAN JUMPING BIDIRECTIONAL	Trust: 0.6
db:	FULLDISC	id:	20051219 MAKING UNIDIRECTIONAL VLAN AND PVLAN JUMPING BIDIRECTIONAL	Trust: 0.6
db:	CNNVD	id:	CNNVD-200512-480	Trust: 0.6
db:	BID	id:	88917	Trust: 0.3

sources: BID: 88917 // JVNDB: JVNDB-2005-000742 // CNNVD: CNNVD-200512-480 // NVD: CVE-2005-4440

REFERENCES

url:	http://lists.grok.org.uk/pipermail/full-disclosure/2005-december/040333.html	Trust: 1.9
url:	http://www.securityfocus.com/archive/1/419834/100/0/threaded	Trust: 1.0
url:	http://www.securityfocus.com/archive/1/419831/100/0/threaded	Trust: 1.0
url:	http://www.securityfocus.com/archive/1/archive/1/419834/100/0/threaded	Trust: 0.9
url:	http://www.securityfocus.com/archive/1/archive/1/419831/100/0/threaded	Trust: 0.9
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-4440	Trust: 0.8
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2005-4440	Trust: 0.8
url:	http://www.securiteam.com/securitynews/6l00o00euc.html	Trust: 0.8

sources: BID: 88917 // JVNDB: JVNDB-2005-000742 // CNNVD: CNNVD-200512-480 // NVD: CVE-2005-4440

CREDITS

Unknown

Trust: 0.3

sources: BID: 88917

SOURCES

db:	BID	id:	88917
db:	JVNDB	id:	JVNDB-2005-000742
db:	CNNVD	id:	CNNVD-200512-480
db:	NVD	id:	CVE-2005-4440

LAST UPDATE DATE

2022-05-04T09:54:10.876000+00:00

SOURCES UPDATE DATE

db:	BID	id:	88917	date:	2005-12-20T00:00:00
db:	JVNDB	id:	JVNDB-2005-000742	date:	2007-04-01T00:00:00
db:	CNNVD	id:	CNNVD-200512-480	date:	2006-01-10T00:00:00
db:	NVD	id:	CVE-2005-4440	date:	2018-10-19T15:40:00

SOURCES RELEASE DATE

db:	BID	id:	88917	date:	2005-12-20T00:00:00
db:	JVNDB	id:	JVNDB-2005-000742	date:	2007-04-01T00:00:00
db:	CNNVD	id:	CNNVD-200512-480	date:	2005-12-20T00:00:00
db:	NVD	id:	CVE-2005-4440	date:	2005-12-21T02:03:00