Cisco IOS VTP Integer Wrap Denial of Service Vulnerability
Cisco-SA-20060913-CVE-2006-4775 · Medium · Published · Updated
Cisco IOS and Cisco Catalyst OS contain an integer overflow vulnerability that could allow an authenticated, remote attacker to cause affected devices to stop processing configuration changes, possibly resulting in a denial of service (DoS) condition. This vulnerability exists due to an integer overflow error within the statistics counters. An authenticated, remote attacker could exploit this vulnerability by sending a spoofed VTP summary packet to the affected device, causing the VTP statistics parameter to wrap to a negative number. This condition could prevent the affected device from processing further configuration changes. Under some circumstances, this could prevent the device from responding to further requests, resulting in a DoS condition. Cisco has confirmed this vulnerability in a security response and released updated software to correct it. To exploit this vulnerability, an attacker must have access to the local network to spoof the malicious request. Additionally, VTP configurations that use an authentication password within the VTP domain will require the attacker to know the domain password to successfully exploit the vulnerability. Only devices with valid VTP configurations are affected by this vulnerability.