Last Updated: 2006-09-14 19:01:25 UTC
by donald smith (Version: 2)
I should have pointed out these are only exploitable from a local segement.
FX reported three vulnerabilities for cisco vtp.
Cisco responded with this public response.
VTP passwords mitigate this one somewhat as long as the passwords are not easily guessable or well known.
VTP passwords do not mitigate this vulnerability as this takes place before the vtp password would be used.
This one appears to be a cosmetic issue not a DOS.
Cisco was unable to recreate a DOS condition one in their testing.
If not set to transparent mode the vtp could be vulnerable depending on code level.
"Products affected by these vulnerabilities:
Switches running affected versions of Cisco IOS® software that have VTP Operating Mode as either "server" or "client" are affected by all three vulnerabilities
Switches running affected versions of Cisco CatOS that have VTP Operating Mode as either "server" or "client" are only affected by the "Integer Wrap in VTP revision" vulnerability
Products not affected by these vulnerabilities:
Switches configured with VTP operating mode as "transparent"
Switches running CatOS with VTP Operating Mode as either "server" or "client" are not affected by the "Buffer Overflow in VTP VLAN name" or "VTP Version field DoS" vulnerabilities"