IEEE 802.1q未授权VLAN遍历弱点

漏洞信息详情

IEEE 802.1q未授权VLAN遍历弱点

• CNNVD编号：CNNVD-199909-002
• 危害等级： 高危
  
  
• CVE编号：
  CVE-1999-1129
  
• 漏洞类型：
  
  
  设计错误
  
• 发布时间：
  
  1999-09-01
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  cisco
• 漏洞来源：
  , Arhont L’);”>This research and …

Cisco Catalyst 2900 Virtual LAN (VLAN）交换机存在漏洞。远程攻击者可以借助于伪造trunking标记中的VLAN标识符向另一个VLAN注入802.1q帧。

Clayton Kossmeyer of Cisco has responded to this issue as described by “Andrew A. Vladimirov” . Various workarounds for Cisco products are detailed. Please see the referenced message for further information.
—
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com .
@securityfocus.com>@arhont.com>@cisco.com>

来源: XF
名称: cisco-catalyst-vlan-frames(3294)
链接:http://xforce.iss.net/static/3294.php

来源: BID
名称: 615
链接:http://www.securityfocus.com/bid/615

来源: BUGTRAQ
名称: 19990901 VLAN Security
链接:http://www.securityfocus.com/archive/1/26008

来源: www.cisco.com
链接:http://www.cisco.com/univercd/cc/td/doc/product/lan/28201900/1928v8x/eescg8x/aleakyv.htm