Multiple Cisco Switches VLAN Trunking Protocol Packet Handling Denial Of Service Vulnerability

Bugtraq ID:	22268
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2005-4826
Remote:	Yes
Local:	No
Published:	Jan 26 2007 12:00AM
Updated:	May 12 2015 07:35PM
Credit:	Alfredo Andres Omella, David Barroso Berrueta reported this issue.
Vulnerable:	Cisco IOS 12.1(22)EA3 Cisco 3750 Series Switch 0 Cisco 3550 Series Switches 0 Cisco 3500XL Series Switches 0 Cisco 2955 Series Switches 0 Cisco 2950 Series Switches 0 Cisco 2900XL Series Switches 0
Not Vulnerable:

Multiple Cisco Switches VLAN Trunking Protocol Packet Handling Denial Of Service Vulnerability

Multiple Cisco switches are prone to a denial-of-service vulnerability.

An attacker can exploit this issue to cause affected devices to restart, effectively denying service to legitimate users.

This issue may be related to the issues described in BID 19998 (Cisco IOS Multiple VLAN Trunking Protocol Vulnerabilities).

Multiple Cisco Switches VLAN Trunking Protocol Packet Handling Denial Of Service Vulnerability

An attacker employs standard networking tools to exploit this issue.

Multiple Cisco Switches VLAN Trunking Protocol Packet Handling Denial Of Service Vulnerability

Solution:
The vendor has released updates to address this issue. Please contact the vendor for information on how to obtain and apply these updates.

Multiple Cisco Switches VLAN Trunking Protocol Packet Handling Denial Of Service Vulnerability

References:

• Cisco Security Response: Cisco VTP Vulnerability (Cisco )
  
• Cisco VTP Denial Of Service (S21SEC)