-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Cisco Unified Communications Manager SIP Denial of Service Vulnerability
http://www.cert-in.org.in/vulnerability/civn-2009-118.htm
Original Issue Date: October 07, 2009
Severity Rating:Medium
Systems Affected
Cisco Unified Communications Manager versions prior to 5.1(3g)
Cisco Unified Communications Manager versions prior to 6.1(4)
Cisco Unified Communications Manager versions prior to 7.0(2a)su1
Cisco Unified Communications Manager versions prior to 7.1(2)
Overview
Cisco Unified Communications Manager contains a vulnerability that could
allow an unauthenticated, remote attacker to cause a denial of service
condition.
Description
This vulnerability is due to errors in processing malformed SIP messages.
An unauthenticated, remote attacker could exploit this vulnerability by
sending specially crafted SIP messages to the vulnerable system. When
processed, the messages could trigger an error condition that could result
in the failure and restart of the Cisco Unified Communications Manager
service, causing denial of service condition (DoS).
Solution
Upgrade to Cisco Unified Communications Manager version 5.1(3g), 6.1(4),
7.0(2a)su1 or 7.1(2) , as suggested by vendor as follows:
http://www.cisco.com/public/sw-center/sw-usingswc.shtml
Vendor Information
CISCO
http://www.cisco.com/warp/public/707/cisco-sa-20090923-cm.shtml
References
CISCO
http://www.cisco.com/warp/public/707/cisco-sa-20090923-cm.shtml
VUPEN
http://www.vupen.com/english/advisories/2009/2757
Secunia
http://secunia.com/advisories/36836/
SecurityFocus
http://www.securityfocus.com/bid/36496/
SecurityTracker
http://securitytracker.com/alerts/2009/Sep/1022931.html
CVE Name
CVE-2009-2864
Disclaimer
The information provided herein is on "as is" basis, without warranty of
any kind.
Contact Information
Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
Note: Please do not reply to this e-mail. For further queries contact
CERT-In Information Desk. Email: info@cert-in.org.in
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.3 (Build 4028)
Charset: utf-8
wsBVAwUBSsyDGnWXeYNsoT30AQox5Qf/euAcsbRvWbcmE8krcBlh3IwnznzQNoKv
mPjCMhWyDFhWo4nURIIz+1Wnse5xlz3/VJLIe/iR6ZEgqBNYDUswasHKN2JaSqI0
NlL1GYLPSMEpUGie/y/YNwkVPZt1myo0pz/oVz1Ge7GPb+OpYq13I5DD9b0knHdI
og5HkQaJ15j2ZPdcxo8D7o/H9UTEb/8h82yc21g7YePjMwggamksNdNEuqSjya8w
srkDNeLeCnNA5kZyxN83T3RpML/YBBWQsujLiJkpRKagZXA20Lf6MoSVHgcfL354
Gt1DIRpQ0/L5eZgi7qS5+aQEhipWP1gJv3ULOfV6mZNbYQtPuZweGQ==
=PSLN
-----END PGP SIGNATURE-----
No comments:
Post a Comment