SecurityTracker.com Archives - Cisco ACNS Can Be Crashed With Specially Crafted Compressed DNS Data

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

SecurityTracker
Archives

Sign Up

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Affiliates

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Partners

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Generic) > Cisco Cache Software/ACNS

Vendors: Cisco

Cisco ACNS Can Be Crashed With Specially Crafted Compressed DNS Data

SecurityTracker Alert ID: 1014046

SecurityTracker URL: http://securitytracker.com/id?1014046

CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)

Date: May 24 2005

Impact: Denial of service via network

Fix Available: Yes Vendor Confirmed: Yes

Advisory: Cisco Security Advisory

Description: A vulnerability was reported in Cisco ACNS in the processing of DNS messages. A remote user can cause denial of service conditions.

A remote user can send a DNS packet with specially crafted message compression data to cause an error on the target system. The target device may function abnormally or crash.

The Cisco 500 Series Content Engines, Cisco 7300 Series Content Engines, Cisco Content Routers 4400 series, Cisco Content Distribution Manager 4600 series, and Cisco Content Engine Module for Cisco 2600, 2800, 3600, 3700, and 3800 series Integrated Service Routers are affected.

Impact: A remote user can cause the target system to crash or function abnormally.

Solution: The vendor has issued a fix. A fix matrix is available at:

http://www.cisco.com/warp/public/707/cisco-sn-20050524-dns.shtml

Vendor URL: www.cisco.com/warp/public/707/cisco-sn-20050524-dns.shtml (Links to External Site)

Cause: Exception handling error

Message History: None.

Source Message Contents

Date: Tue, 24 May 2005 12:48:49 -0400
Subject: http://www.cisco.com/warp/public/707/cisco-sn-20050524-dns.shtml

 
 
 
> Cisco Security Notice:Crafted DNS Packet Can Cause Denial Of Service  
 
> Document ID: 64994
 
Excerpt:
 
This issue is documented in the following bug IDs (available to registered customers only):
 
CSCsa67687 -- IP Phones 7902/7905/7912
 
CSCsa67666 -- ATA 186/188
 
CSCeh63819 -- Unity Express
 
CSCeh59380 -- ACNS devices
 
 
The following products are affected by this vulnerability:
 
Cisco IP Phones 7902/7905/7912
 
Cisco ATA (Analog Telephone Adaptor) 186/188
 
Cisco Unity Express
 
Cisco ACNS (Application and Content Networking System) devices, including:
 
Cisco 500 Series Content Engines
 
Cisco 7300 Series Content Engines
 
Cisco Content Routers 4400 series
 
Cisco Content Distribution Manager 4600 series
 
Cisco Content Engine Module for Cisco 2600, 2800, 3600, 3700, and 3800 series Integrated Service Rout
ers

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us | Help
Copyright 2005, SecurityGlobal.net LLC