In association with heise online

15 September 2006, 11:04

Vulnerabilities in Cisco switches

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

In Cisco switches with Cisco's IOS and CatOS operating systems, VLAN management packets can trigger a denial of service or even be used to infiltrate malware. The VLAN trunking protocol (VTP) is a proprietary network level 2 Cisco protocol, through which special management stations can pass information on newly arrived or changed VLANs to other Cisco switches. The vulnerabilities are present only when devices are configured as client or server, not in transparent mode.

A member of the "white hat" hacker group Phenoelit, identified only as FX, has detected three flaws in the VTP functions. A long VTP-VLAN name can trigger a buffer overflow onto the stack, which might be used to execute code. Unusual values in the version field may, under certain circumstances, trigger a reset with a "Software Forced Crash Exception". Finally an integer variable can overflow, which, however, would merely result in a negative version value being displayed and isn't a critical problem. Cisco has made updates available for all three problems.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit