Saturday, 27 January 2007

Yersinia VTP exploit

We finally did it. We (Alfredo and I) released the exploit for the VTP vulnerability we found in 2005. We are not sure if it is a remote code execution, so by now we have released the DoS just in case any person smarter than us can release an exploit for remote code execution. The vulnerability was found when we were developing Yersinia, coding the VTP support. We made a very hard work for discovering some Cisco propiertary protocols like DTP and VTP since there is no public information about them.

It cannot be considered as a critical vuln since you need to be connected to the switch (so only an internal employee could cause the DoS, beware!), but I guess nobody likes their internal network not to work properly, so we consider it as a medium one.

What it is something weird is that when Cisco answered FX advisory, they didn't tell anything about us, and for sure those vulns and our vulnerability are closely related. Anyway, we have waited for more than 2 years to release it, so in our opinion, it's enough time for all Cisco customers to upgrade their IOS.

1 comment:

Anonymous said...

I have a question for you. How did you guys code the tlv stuff for CDP? I read up on libnet but It doesn't really describe how to code it. I can kind of stumble through it but do not understand it.