Details of VAR-200512-0321

ID

VAR-200512-0321

CVE

CVE-2005-4826

TITLE

Multiple Cisco switch VLAN Relay Protocol Message Handling Denial of Service Vulnerability

Trust: 0.8

sources: IVD: 230a7516-2355-11e6-abef-000c29c66e3d // CNVD: CNVD-2007-0644

DESCRIPTION

Unspecified vulnerability in the VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(22)EA3 on Catalyst 2950T switches allows remote attackers to cause a denial of service (device reboot) via a crafted Subset-Advert message packet, a different issue than CVE-2006-4774, CVE-2006-4775, and CVE-2006-4776. The VLAN Trunking Protocol (VTP) is Cisco's proprietary protocol for centralized management of VLANs. If a malformed VTP packet is received, some switch devices may be overloaded. However, an attacker must know the VTP domain name and send malformed VTP packets to the port configured for relay on the switch to exploit this vulnerability. Multiple Cisco switches are prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause affected devices to restart, effectively denying service to legitimate users. ---------------------------------------------------------------------- Secunia is proud to announce the availability of the Secunia Software Inspector. The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor. Try it out online: http://secunia.com/software_inspector/ ---------------------------------------------------------------------- TITLE: Cisco IOS VTP Denial of Service Vulnerability SECUNIA ADVISORY ID: SA23892 VERIFY ADVISORY: http://secunia.com/advisories/23892/ CRITICAL: Less critical IMPACT: DoS WHERE: >From local network OPERATING SYSTEM: Cisco IOS 12.x http://secunia.com/product/182/ Cisco IOS R12.x http://secunia.com/product/50/ DESCRIPTION: David Barroso Berrueta and Alfredo Andres Omella have reported a vulnerability in Cisco IOS, which can be exploited by malicious people to cause a DoS (Denial of Service). This can be exploited to cause a device to reload by sending a specially crafted VTP packet. Successful exploitation requires knowledge of the VTP domain name and the port that is configured for trunking. PROVIDED AND/OR DISCOVERED BY: Alfredo Andres Omella and David Barroso Berrueta, S21SEC ORIGINAL ADVISORY: Cisco Advisory: http://www.cisco.com/en/US/products/products_security_response09186a00807d1a81.html 21SEC Advisory: http://www.s21sec.com/es/avisos/s21sec-034-en.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2005-4826 // CNVD: CNVD-2007-0644 // BID: 22268 // IVD: 230a7516-2355-11e6-abef-000c29c66e3d // VULHUB: VHN-16034 // PACKETSTORM: 54098

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 230a7516-2355-11e6-abef-000c29c66e3d // CNVD: CNVD-2007-0644

AFFECTED PRODUCTS

vendor:	cisco	model:	ios	scope:	eq	version:	12.1\(22\)ea3	Trust: 1.6
vendor:	none	model:	-	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 12.1 ea3	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	series switch	scope:	eq	version:	37500	Trust: 0.3
vendor:	cisco	model:	series switches	scope:	eq	version:	35500	Trust: 0.3
vendor:	cisco	model:	3500xl series switches	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	series switches	scope:	eq	version:	29550	Trust: 0.3
vendor:	cisco	model:	series switches	scope:	eq	version:	29500	Trust: 0.3
vendor:	cisco	model:	2900xl series switches	scope:	eq	version:	0	Trust: 0.3
vendor:	ios	model:	12.1 ea3	scope:	-	version:	-	Trust: 0.2

sources: IVD: 230a7516-2355-11e6-abef-000c29c66e3d // CNVD: CNVD-2007-0644 // BID: 22268 // CNNVD: CNNVD-200512-700 // NVD: CVE-2005-4826

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2005-4826
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200512-700
value:	MEDIUM
Trust: 0.6
IVD:	230a7516-2355-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-16034
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2005-4826
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
IVD:	230a7516-2355-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-16034
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: 230a7516-2355-11e6-abef-000c29c66e3d // VULHUB: VHN-16034 // CNNVD: CNNVD-200512-700 // NVD: CVE-2005-4826

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-4826

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-200512-700

TYPE

other

Trust: 0.8

sources: IVD: 230a7516-2355-11e6-abef-000c29c66e3d // CNNVD: CNNVD-200512-700

EXTERNAL IDS

db:	NVD	id:	CVE-2005-4826	Trust: 2.8
db:	BID	id:	22268	Trust: 2.0
db:	SECUNIA	id:	23892	Trust: 1.8
db:	OSVDB	id:	33013	Trust: 1.7
db:	SECTRACK	id:	1017568	Trust: 1.7
db:	VUPEN	id:	ADV-2007-0414	Trust: 1.7
db:	CNNVD	id:	CNNVD-200512-700	Trust: 0.9
db:	CNVD	id:	CNVD-2007-0644	Trust: 0.8
db:	BUGTRAQ	id:	20070126 S21SEC-034-EN: CISCO VTP DOS VULNERABILITY	Trust: 0.6
db:	BUGTRAQ	id:	20070130 RE: [FULL-DISCLOSURE] S21SEC-034-EN: CISCO VTP DOS VULNERABILITY	Trust: 0.6
db:	CISCO	id:	20070129 CISCO VTP VULNERABILITY	Trust: 0.6
db:	NSFOCUS	id:	9899	Trust: 0.6
db:	OVAL	id:	OVAL:ORG.MITRE.OVAL:DEF:5544	Trust: 0.6
db:	IVD	id:	230A7516-2355-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	VULHUB	id:	VHN-16034	Trust: 0.1
db:	PACKETSTORM	id:	54098	Trust: 0.1

sources: IVD: 230a7516-2355-11e6-abef-000c29c66e3d // CNVD: CNVD-2007-0644 // VULHUB: VHN-16034 // BID: 22268 // PACKETSTORM: 54098 // CNNVD: CNNVD-200512-700 // NVD: CVE-2005-4826

REFERENCES

url:	http://www.cisco.com/en/us/products/products_security_response09186a00807d1a81.html	Trust: 2.1
url:	http://www.securityfocus.com/bid/22268	Trust: 1.7
url:	http://www.blackhat.com/html/bh-europe-05/bh-eu-05-speakers.html#berrueta	Trust: 1.7
url:	http://www.s21sec.com/en/avisos/s21sec-034-en.txt	Trust: 1.7
url:	http://osvdb.org/33013	Trust: 1.7
url:	http://securitytracker.com/id?1017568	Trust: 1.7
url:	http://secunia.com/advisories/23892	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/458240/100/0/threaded	Trust: 1.1
url:	http://www.securityfocus.com/archive/1/458554/100/0/threaded	Trust: 1.1
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a5544	Trust: 1.1
url:	http://www.vupen.com/english/advisories/2007/0414	Trust: 1.1
url:	http://www.securityfocus.com/archive/1/archive/1/458240/100/0/threaded	Trust: 0.6
url:	http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:5544	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/458554/100/0/threaded	Trust: 0.6
url:	http://www.frsirt.com/english/advisories/2007/0414	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/9899	Trust: 0.6
url:	http://www.s21sec.com/es/avisos/s21sec-034-en.txt	Trust: 0.4
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/product/50/	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1
url:	http://secunia.com/software_inspector/	Trust: 0.1
url:	http://secunia.com/advisories/23892/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/product/182/	Trust: 0.1

sources: VULHUB: VHN-16034 // BID: 22268 // PACKETSTORM: 54098 // CNNVD: CNNVD-200512-700 // NVD: CVE-2005-4826

CREDITS

David Barroso Berrueta dbarroso@s21sec.com Alfredo Andres Omella aandres@s21sec.com

Trust: 0.6

sources: CNNVD: CNNVD-200512-700

SOURCES

db:	IVD	id:	230a7516-2355-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2007-0644
db:	VULHUB	id:	VHN-16034
db:	BID	id:	22268
db:	PACKETSTORM	id:	54098
db:	CNNVD	id:	CNNVD-200512-700
db:	NVD	id:	CVE-2005-4826

LAST UPDATE DATE

2024-08-14T15:45:37.161000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2007-0644	date:	2007-01-26T00:00:00
db:	VULHUB	id:	VHN-16034	date:	2018-10-19T00:00:00
db:	BID	id:	22268	date:	2015-05-12T19:35:00
db:	CNNVD	id:	CNNVD-200512-700	date:	2009-03-04T00:00:00
db:	NVD	id:	CVE-2005-4826	date:	2018-10-19T15:41:39.117

SOURCES RELEASE DATE

db:	IVD	id:	230a7516-2355-11e6-abef-000c29c66e3d	date:	2007-01-26T00:00:00
db:	CNVD	id:	CNVD-2007-0644	date:	2007-01-26T00:00:00
db:	VULHUB	id:	VHN-16034	date:	2005-12-31T00:00:00
db:	BID	id:	22268	date:	2007-01-26T00:00:00
db:	PACKETSTORM	id:	54098	date:	2007-01-31T03:46:19
db:	CNNVD	id:	CNNVD-200512-700	date:	2005-12-31T00:00:00
db:	NVD	id:	CVE-2005-4826	date:	2005-12-31T05:00:00