Cisco Unified CallManager / Presence Server ICMP Echo og IPSec Denial of Service - Advisories

Software Inspectors

	Scan Online

	Personal (PSI)

	Network (NSI 2.0)

Solutions For

	Security Professionals

	Security Vendors

Free Solutions For

	Open Communities

	Journalists & Media

Secunia Advisories

	Search

	Historic Advisories

	Listed By Product

	Listed By Vendor

	Statistics / Graphs

	Secunia Research

	Report Vulnerability

	About Advisories

Virus Information

	Chronological List

	Last 10 Virus Alerts

	About Virus Information

Secunia Customers

	Customer Area

Cisco Unified CallManager / Presence Server ICMP Echo og IPSec Denial of Service

Secunia Advisory:	SA24690
Udsendt:	2007-03-29
Sidste Opdt.:	2007-04-03

Kritisk:	Moderat kritisk
Betydning:	DoS
Hvor:	Fra Internet
Løsning Status:	Producent Patch

Software:	Cisco Unified CallManager 5.x Cisco Unified Communications Manager 5.x Cisco Unified Presence Server 1.x

CVE reference:	CVE-2007-1826 (Secunia mirror) CVE-2007-1834 (Secunia mirror)

	Want to know the next time vulnerabilities are fixed in this product? - Companies can be alerted via email and SMS!

Beskrivelse: Der er rapporteret nogle sårbarheder i Cisco Unified CallManager (CUCM) og Cisco Unified Presence Server (CUPS), som kan udnyttes af ondsindede personer til at udføre et DoS (Denial of Service). 1) En uspecificeret fejl under håndteringen af ICMP echo-pakker kan udnyttes til at crashe diverse services ved at sende en stor mængde ICMP Echo-pakker til en sårbar enhed. 2) En uspecificeret fejl i IPSec Manager servicen kan f.eks. udnyttes til at stoppe visse servicen som call-forwarding ved at sende et specielt udformet UDP-datagram til port 8500. Sårbarhederne er rapporteret i CUCM 5.0 versioner tidligere end 5.0(4a)SU1 samt CUPS 1.0 versioner tidligere end 1.0(3). Løsning: Installér opdateret software. CUCM 5.0: Opdatér til CUCM 5.0(4a)SU1. http://www.cisco.com/pcgi-bin/tablebuild.pl/callmgr-50?psrtdcat20e2 CUPS 1.0: Opdatér til CUPS 1.0(3). http://www.cisco.com/pcgi-bin/tablebuild.pl/cups-10?psrtdcat20e2 Rapporteret af / Kredit: Rapporteret af producenten. Forløb: 03-04-2007: Tilføjede CVE-reference. Original Advisory: http://www.cisco.com/warp/public/707/cisco-sa-20070328-voip.shtml Andre Kilder: http://www.cisco.com/en/US/products/p...ligence_response09186a008080f193.html



Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise. Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.

13 Relaterede Secunia Advisories, displaying 10

1. Cisco Security Agent uspecificeret system-driver buffer overflow

2. Cisco Unified Communications Manager to sårbarheder

3. Cisco CallManager godkendelses-header hijacking

4. Cisco Unified Communications Manager SIP pakke-håndtering sårbarhed

5. Cisco Products Java Secure Socket Extension SSL/TLS-forespørgsel Denial of Service

6. Cisco Unified Communications Manager to sårbarheder

7. Cisco Unified Communications Manager og Presence Server sikkerhedsomgåelse

8. Cisco produkter Crypto-bibliotek Denial of Service

9. Cisco Unified CallManager SCCP / SCCPS Denial of Service

10. Cisco flere produkter Online Help System cross-site scripting

Vis alle relaterede advisories

Send Feedback to Secunia

Hvis du har ny information angående dette Secunia advisory eller et produkt i vores database, så send det venligst til os. Du kan sende det til os enten ved at bruge vores web formular eller ved at sende det til vuln@secunia.com. Ideer, foreslag og andet feedback er også meget velkommen.

Secunia PSI
Scan | Patch | Track
Free Download

Secunia Poll

Most Popular Advisories

1.	Novell eDirectory Multiple Vulnerabilities

2.	phpJobScheduler "installed_conf ig_file" File Inclusion Vulnerabilities

3.	HP TCP/IP Services for OpenVMS Finger Format String Vulnerability

4.	phpMyRealty "price_max" SQL Injection Vulnerability

5.	Adium MSN SLP Message Integer Overflow Vulnerabilities

6.	dotProject SQL Injection and Cross-Site Scripting

7.	IBM WebSphere Application Server for z/OS HTTP Server mod_proxy_ftp Vulnerability

8.	Blogn Cross-Site Scripting and Cross-Site Request Forgery

9.	Caudium "configvar" Insecure Temporary Files

10.	Red Hat update for libtiff