CVE-1999-1129
CVSS7.5
发布时间 :1999-09-01 00:00:00
修订时间 :2008-09-05 16:18:47
NMCOS    

[原文]Cisco Catalyst 2900 Virtual LAN (VLAN) switches allow remote attackers to inject 802.1q frames into another VLAN by forging the VLAN identifier in the trunking tag.


[CNNVD]IEEE 802.1q未授权VLAN遍历弱点(CNNVD-199909-002)

        Cisco Catalyst 2900 Virtual LAN (VLAN)交换机存在漏洞。远程攻击者可以借助于伪造trunking标记中的VLAN标识符向另一个VLAN注入802.1q帧。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/h:cisco:catalyst_2900_vlanCisco Catalyst 2900 VLAN
cpe:/o:cisco:ios:11.2%288%29sa5Cisco IOS 11.2.8 SA5

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1129
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-1129
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-199909-002
(官方数据源) CNNVD

- 其它链接及资源

http://xforce.iss.net/static/3294.php
(VENDOR_ADVISORY)  XF  cisco-catalyst-vlan-frames(3294)
http://www.securityfocus.com/bid/615
(VENDOR_ADVISORY)  BID  615
http://www.securityfocus.com/archive/1/26008
(VENDOR_ADVISORY)  BUGTRAQ  19990901 VLAN Security
http://www.cisco.com/univercd/cc/td/doc/product/lan/28201900/1928v8x/eescg8x/aleakyv.htm
(VENDOR_ADVISORY)  MISC  http://www.cisco.com/univercd/cc/td/doc/product/lan/28201900/1928v8x/eescg8x/aleakyv.htm

- 漏洞信息

IEEE 802.1q未授权VLAN遍历弱点
高危 设计错误
1999-09-01 00:00:00 2005-10-20 00:00:00
远程  
        Cisco Catalyst 2900 Virtual LAN (VLAN)交换机存在漏洞。远程攻击者可以借助于伪造trunking标记中的VLAN标识符向另一个VLAN注入802.1q帧。

- 公告与补丁

        Clayton Kossmeyer of Cisco has responded to this issue as described by "Andrew A. Vladimirov" . Various workarounds for Cisco products are detailed. Please see the referenced message for further information.
        --
        Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com .

- 漏洞信息

8792
Cisco Catalyst VLAN 802.1q Frame Injection

- 漏洞描述

Unknown or Incomplete

- 时间线

1999-08-02 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

IEEE 802.1q Unauthorized VLAN Traversal Weakness
Design Error 615
Yes No
1999-09-02 12:00:00 2009-07-11 12:56:00
This research and the resulting post was sent to the Bugtraq mailing list by Dave Taylor <david.taylor@alphawest.com.au> & Steve Schuppp <Steve.schupp@alphawest.com.au>. Further research was provided by "Andrew A. Vladimirov" <mlists@arhont.com>, Arhont Lt

- 受影响的程序版本

IEEE 802.1q
Cisco IOS 11.2.8 SA5
Cisco Catalyst WS-C2924M-XL

- 漏洞讨论

The 802.1q standard is susceptible to issues that allow attackers to send and receive packets from one VLAN to another without authorization.

By spoofing various Ethernet frame fields such as the source or destination MAC addresses, IP addresses, and VLAN tags, attackers may cause packets to traverse from one VLAN to another, and possibly back again. Attackers may also add multiple VLAN tags to packets to cause multiple routers to decapsulate the packets in unexpected ways, aiding the attacker in traversing VLANs.

This issue allows attackers to traverse from one VLAN to another in an unauthorized fashion. As some users may utilize VLANs to segregate network segments containing differing security properties, this may have various consequences.

This issue may be exacerbated by utilizing attacker-controlled external network hosts to bounce packets between VLANs.

- 漏洞利用

An exploit is not required.

- 解决方案

Clayton Kossmeyer <ckossmey@cisco.com> of Cisco has responded to this issue as described by "Andrew A. Vladimirov" <mlists@arhont.com>. Various workarounds for Cisco products are detailed. Please see the referenced message for further information.

--
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站