|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[SA15472] Cisco Various Products Compressed DNS Messages Denial of Service
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Tue May 24 2005 - 10:06:13 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
----------------------------------------------------------------------
Bist Du interessiert an einem neuen Job in IT-Sicherheit?
Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-
Sicherheit:
http://secunia.com/secunia_vacancies/
----------------------------------------------------------------------
TITLE:
Cisco Various Products Compressed DNS Messages Denial of Service
SECUNIA ADVISORY ID:
SA15472
VERIFY ADVISORY:
http://secunia.com/advisories/15472/
CRITICAL:
Less critical
IMPACT:
DoS
WHERE:
From remote
OPERATING SYSTEM:
Cisco ATA 180 Series Analog Telephone Adaptors
http://secunia.com/product/2810/
SOFTWARE:
Cisco IP Phone 7900 Series
http://secunia.com/product/2809/
Cisco ACNS Software Version 5.x
http://secunia.com/product/2268/
Cisco ACNS Software Version 4.x
http://secunia.com/product/2269/
Cisco Unity Express 2.x
http://secunia.com/product/5151/
DESCRIPTION:
A vulnerability has been reported in various Cisco products, which
can be exploited by malicious people to cause a DoS (Denial of
Service).
The vulnerability is caused due to an error in the DNS implementation
during the decompression of compressed DNS messages and can be
exploited via a specially crafted DNS packet containing invalid
information in the compressed section.
Successful exploitation crashes a vulnerable device or causes it to
function abnormally.
The vulnerability affects the following products:
* Cisco IP Phones 7902/7905/7912
* Cisco ATA (Analog Telephone Adaptor) 186/188
* Cisco Unity Express
The following Cisco ACNS (Application and Content Networking System)
devices are also affected:
* Cisco 500 Series Content Engines
* Cisco 7300 Series Content Engines
* Cisco Content Routers 4400 series
* Cisco Content Distribution Manager 4600 series
* Cisco Content Engine Module for Cisco 2600, 2800, 3600, 3700, and
3800 series Integrated Service Routers.
SOLUTION:
See patch matrix in vendor advisory for information about fixes.
http://www.cisco.com/warp/public/707/cisco-sn-20050524-dns.shtml#software
PROVIDED AND/OR DISCOVERED BY:
NISCC credits Dr. Steve Beaty.
ORIGINAL ADVISORY:
Cisco:
http://www.cisco.com/warp/public/707/cisco-sn-20050524-dns.shtml
NISCC:
http://www.niscc.gov.uk/niscc/docs/al-20050524-00433.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]