ID

VAR-200512-0321


CVE

CVE-2005-4826


TITLE

Multiple Cisco switch VLAN Relay Protocol Message Handling Denial of Service Vulnerability

Trust: 0.8

sources: IVD: 230a7516-2355-11e6-abef-000c29c66e3d // CNVD: CNVD-2007-0644

DESCRIPTION

Unspecified vulnerability in the VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(22)EA3 on Catalyst 2950T switches allows remote attackers to cause a denial of service (device reboot) via a crafted Subset-Advert message packet, a different issue than CVE-2006-4774, CVE-2006-4775, and CVE-2006-4776. The VLAN Trunking Protocol (VTP) is Cisco's proprietary protocol for centralized management of VLANs.  If a malformed VTP packet is received, some switch devices may be overloaded. However, an attacker must know the VTP domain name and send malformed VTP packets to the port configured for relay on the switch to exploit this vulnerability. Multiple Cisco switches are prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause affected devices to restart, effectively denying service to legitimate users. ---------------------------------------------------------------------- Secunia is proud to announce the availability of the Secunia Software Inspector. The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor. Try it out online: http://secunia.com/software_inspector/ ---------------------------------------------------------------------- TITLE: Cisco IOS VTP Denial of Service Vulnerability SECUNIA ADVISORY ID: SA23892 VERIFY ADVISORY: http://secunia.com/advisories/23892/ CRITICAL: Less critical IMPACT: DoS WHERE: >From local network OPERATING SYSTEM: Cisco IOS 12.x http://secunia.com/product/182/ Cisco IOS R12.x http://secunia.com/product/50/ DESCRIPTION: David Barroso Berrueta and Alfredo Andres Omella have reported a vulnerability in Cisco IOS, which can be exploited by malicious people to cause a DoS (Denial of Service). This can be exploited to cause a device to reload by sending a specially crafted VTP packet. Successful exploitation requires knowledge of the VTP domain name and the port that is configured for trunking. PROVIDED AND/OR DISCOVERED BY: Alfredo Andres Omella and David Barroso Berrueta, S21SEC ORIGINAL ADVISORY: Cisco Advisory: http://www.cisco.com/en/US/products/products_security_response09186a00807d1a81.html 21SEC Advisory: http://www.s21sec.com/es/avisos/s21sec-034-en.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2005-4826 // CNVD: CNVD-2007-0644 // BID: 22268 // IVD: 230a7516-2355-11e6-abef-000c29c66e3d // VULHUB: VHN-16034 // PACKETSTORM: 54098

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 230a7516-2355-11e6-abef-000c29c66e3d // CNVD: CNVD-2007-0644

AFFECTED PRODUCTS

vendor:ciscomodel:iosscope:eqversion:12.1\(22\)ea3

Trust: 1.6

vendor:nonemodel: - scope: - version: -

Trust: 0.6

vendor:ciscomodel:ios 12.1 ea3scope: - version: -

Trust: 0.3

vendor:ciscomodel:series switchscope:eqversion:37500

Trust: 0.3

vendor:ciscomodel:series switchesscope:eqversion:35500

Trust: 0.3

vendor:ciscomodel:3500xl series switchesscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:series switchesscope:eqversion:29550

Trust: 0.3

vendor:ciscomodel:series switchesscope:eqversion:29500

Trust: 0.3

vendor:ciscomodel:2900xl series switchesscope:eqversion:0

Trust: 0.3

vendor:iosmodel:12.1 ea3scope: - version: -

Trust: 0.2

sources: IVD: 230a7516-2355-11e6-abef-000c29c66e3d // CNVD: CNVD-2007-0644 // BID: 22268 // CNNVD: CNNVD-200512-700 // NVD: CVE-2005-4826

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2005-4826
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200512-700
value: MEDIUM

Trust: 0.6

IVD: 230a7516-2355-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

VULHUB: VHN-16034
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2005-4826
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

IVD: 230a7516-2355-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-16034
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: 230a7516-2355-11e6-abef-000c29c66e3d // VULHUB: VHN-16034 // CNNVD: CNNVD-200512-700 // NVD: CVE-2005-4826

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-4826

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-200512-700

TYPE

other

Trust: 0.8

sources: IVD: 230a7516-2355-11e6-abef-000c29c66e3d // CNNVD: CNNVD-200512-700

EXTERNAL IDS

db:NVDid:CVE-2005-4826

Trust: 2.8

db:BIDid:22268

Trust: 2.0

db:SECUNIAid:23892

Trust: 1.8

db:OSVDBid:33013

Trust: 1.7

db:SECTRACKid:1017568

Trust: 1.7

db:VUPENid:ADV-2007-0414

Trust: 1.7

db:CNNVDid:CNNVD-200512-700

Trust: 0.9

db:CNVDid:CNVD-2007-0644

Trust: 0.8

db:BUGTRAQid:20070126 S21SEC-034-EN: CISCO VTP DOS VULNERABILITY

Trust: 0.6

db:BUGTRAQid:20070130 RE: [FULL-DISCLOSURE] S21SEC-034-EN: CISCO VTP DOS VULNERABILITY

Trust: 0.6

db:CISCOid:20070129 CISCO VTP VULNERABILITY

Trust: 0.6

db:NSFOCUSid:9899

Trust: 0.6

db:OVALid:OVAL:ORG.MITRE.OVAL:DEF:5544

Trust: 0.6

db:IVDid:230A7516-2355-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:VULHUBid:VHN-16034

Trust: 0.1

db:PACKETSTORMid:54098

Trust: 0.1

sources: IVD: 230a7516-2355-11e6-abef-000c29c66e3d // CNVD: CNVD-2007-0644 // VULHUB: VHN-16034 // BID: 22268 // PACKETSTORM: 54098 // CNNVD: CNNVD-200512-700 // NVD: CVE-2005-4826

REFERENCES

url:http://www.cisco.com/en/us/products/products_security_response09186a00807d1a81.html

Trust: 2.1

url:http://www.securityfocus.com/bid/22268

Trust: 1.7

url:http://www.blackhat.com/html/bh-europe-05/bh-eu-05-speakers.html#berrueta

Trust: 1.7

url:http://www.s21sec.com/en/avisos/s21sec-034-en.txt

Trust: 1.7

url:http://osvdb.org/33013

Trust: 1.7

url:http://securitytracker.com/id?1017568

Trust: 1.7

url:http://secunia.com/advisories/23892

Trust: 1.7

url:http://www.securityfocus.com/archive/1/458240/100/0/threaded

Trust: 1.1

url:http://www.securityfocus.com/archive/1/458554/100/0/threaded

Trust: 1.1

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a5544

Trust: 1.1

url:http://www.vupen.com/english/advisories/2007/0414

Trust: 1.1

url:http://www.securityfocus.com/archive/1/archive/1/458240/100/0/threaded

Trust: 0.6

url:http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:5544

Trust: 0.6

url:http://www.securityfocus.com/archive/1/archive/1/458554/100/0/threaded

Trust: 0.6

url:http://www.frsirt.com/english/advisories/2007/0414

Trust: 0.6

url:http://www.nsfocus.net/vulndb/9899

Trust: 0.6

url:http://www.s21sec.com/es/avisos/s21sec-034-en.txt

Trust: 0.4

url:http://secunia.com/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/product/50/

Trust: 0.1

url:http://secunia.com/about_secunia_advisories/

Trust: 0.1

url:http://secunia.com/software_inspector/

Trust: 0.1

url:http://secunia.com/advisories/23892/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/product/182/

Trust: 0.1

sources: VULHUB: VHN-16034 // BID: 22268 // PACKETSTORM: 54098 // CNNVD: CNNVD-200512-700 // NVD: CVE-2005-4826

CREDITS

David Barroso Berrueta dbarroso@s21sec.com Alfredo Andres Omella aandres@s21sec.com

Trust: 0.6

sources: CNNVD: CNNVD-200512-700

SOURCES

db:IVDid:230a7516-2355-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2007-0644
db:VULHUBid:VHN-16034
db:BIDid:22268
db:PACKETSTORMid:54098
db:CNNVDid:CNNVD-200512-700
db:NVDid:CVE-2005-4826

LAST UPDATE DATE

2024-11-23T22:15:23.085000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2007-0644date:2007-01-26T00:00:00
db:VULHUBid:VHN-16034date:2018-10-19T00:00:00
db:BIDid:22268date:2015-05-12T19:35:00
db:CNNVDid:CNNVD-200512-700date:2009-03-04T00:00:00
db:NVDid:CVE-2005-4826date:2024-11-21T00:05:16.470

SOURCES RELEASE DATE

db:IVDid:230a7516-2355-11e6-abef-000c29c66e3ddate:2007-01-26T00:00:00
db:CNVDid:CNVD-2007-0644date:2007-01-26T00:00:00
db:VULHUBid:VHN-16034date:2005-12-31T00:00:00
db:BIDid:22268date:2007-01-26T00:00:00
db:PACKETSTORMid:54098date:2007-01-31T03:46:19
db:CNNVDid:CNNVD-200512-700date:2005-12-31T00:00:00
db:NVDid:CVE-2005-4826date:2005-12-31T05:00:00