[c-nsp] 3750 and CVE-2018-0167

Gert Doering gert at greenie.muc.de
Mon Jun 4 13:23:57 EDT 2018


On Mon, Jun 04, 2018 at 07:15:04PM +0200, Sebastian Beutel wrote:
> On Mon, Jun 04, 2018 at 11:41:52AM -0400, Chuck Church wrote:
> > I thought with LLDP you can turn off receive and transmit of LLDP messages
> > separately.  If you disable the receipt of them and only transmit, does
> > that address the issue?
> >
> The security advisory mentioned no workaround. Maybe this could help and we
> will definitively give it a try. Maybe we even find an exploit to test it.
> Thanks for the suggestion.

"no receive" will work around, but it might break your phones if they
use LLDP to negotiate a voice VLAN...

> > These switches are end of all support dates. They most surely won't
> > address this bug.
> >
> I know. End of shipping was 2013 and end of security was 2016. But as this
> plattform is still widely useed, my naive hope was, that Cisco could utilise
> this issue to demonstrate the world that they offer the benefits of a
> premium class vendor that doesn't sell their customers down the river, even
> if their product is long out of sale. 

3750 was never "premium anything", except "premium price"

"If was one thing all people took for granted, was conviction that if you 
 feed honest figures into a computer, honest figures come out. Never doubted 
 it myself till I met a computer with a sense of humor."
                             Robert A. Heinlein, The Moon is a Harsh Mistress

Gert Doering - Munich, Germany                             gert at greenie.muc.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 630 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20180604/a6fdba40/attachment.sig>

More information about the cisco-nsp mailing list