-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Cisco Unified Presence Denial of Service Vulnerabilities
http://www.cert-in.org.in/vulnerability/civn-2009-132.htm
Original Issue Date: October 23, 2009
Severity Rating: High
Systems Affected
Cisco Unified Presence versions 1.0 and later
Cisco Unified Presence versions 6.0 and later but prior to 6.0(6)
Cisco Unified Presence versions 7.0 and later but prior to 7.0(4)
Overview
Two vulnerabilities have been reported in Cisco Unified Presence that could
allow a remote user to cause Denial of Service conditions.
Description
1. TimesTenD Remote Denial of Service Vulnerability (CVE-2009-2874)
A remote attacker could exploit the vulnerability which exists because of
an error in TimesTenD component by flooding TCP ports 16200 or 22794 with
completed connections. This could cause the TimesTenD process to stop and
then restart, resulting in a DoS condition
2. Multiple TCP Connections Remote Denial of Service Vulnerability
(CVE-2009-2052)
The vulnerability is because of an error in the handling of TCP packets on
all listening ports. A remote attacker could exploit this vulnerability by
opening many TCP connections to the target system to cause the internal
connection tracking table to prevent new connections, resulting in a DoS
condition.
Solution
Apply appropriate patch as mentioned in Cisco Security Advisory
Vendor Information
CISCO
http://www.cisco.com/warp/public/707/cisco-sa-20091014-cup.shtml
References
CISCO
http://www.cisco.com/warp/public/707/cisco-sa-20091014-cup.shtml
http://tools.cisco.com/security/center/viewAlert.x?alertId=19172
Security Tracker
http://securitytracker.com/alerts/2009/Oct/1023018.html
VUPEN
http://www.vupen.com/english/advisories/2009/2915
CVE Name
CVE-2009-2874
CVE-2009-2052
Disclaimer
The information provided herein is on "as is" basis, without warranty of
any kind.
Contact Information
Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
Note: Please do not reply to this e-mail. For further queries contact
CERT-In Information Desk. Email: info@cert-in.org.in
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.3 (Build 4028)
Charset: utf-8
wsBVAwUBSuGEjHWXeYNsoT30AQouuggAiACAWcyGOAEMKpDGswFAITZv7pDAbzZu
8ra5Chti348HCHvfImzCaeVdu9f9CY5EyuuPKE03acps968Q6hw6bIXr7S6pCr5Y
AP37hABANmfj7YS+d1TibNw+pwsNAL0hYTEiTTjiAe3ijeeMyj2SA0IFUPCfeOCe
i/k0UsHsRLi24K1hbE/JPRd0LcfHSWeshw3ezcmV0GZ8qYPpfEHX6GHmPNtG4kZY
nvaK6pNY433zgbYlBbn3tB3QLG+oDvQvNoT8OJgvqUjyG1NEA1J01dnpr03tYNrS
WDc/WK0A718n2OxQkxwbTBXXTU5VJUI7q72iX9sjXSQKnBIOyP8GvA==
=WfBC
-----END PGP SIGNATURE-----
For More Security Related Stuff visit http://wiki.secureit.in.A Wiki Website dedicated to Information Security.
No comments:
Post a Comment