Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
|
|
|
|
|
|
|
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
|
|
|
|
Become a Partner and License Our Database or Notification Service
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Cisco Unified Communications Manager Bugs in CTL CAPF, SIP, and SNMP Services Let Remote Users Deny Service
|
|
SecurityTracker Alert ID: 1020022
|
|
SecurityTracker URL: http://securitytracker.com/id?1020022
|
|
CVE Reference: CVE-2008-1742
, CVE-2008-1743
, CVE-2008-1744
, CVE-2008-1745
, CVE-2008-1746
, CVE-2008-1747
, CVE-2008-1748
(Links to External Site)
|
Date: May 14 2008
|
Impact: Denial of service via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Advisory: Cisco Security Advisory
|
Version(s): prior to 4.1.3SR7, 4.2(3)SR4, 4.3(2), 5.1(3), 6.1(1)
|
Description: Several vulnerabilities were reported in Cisco Unified Communications Manager. A remote user can cause denial of service conditions.
A remote user can send specially crafted data to cause the target service to crash. The Certificate Trust List (CTL) Provider, Certificate
Authority Proxy Function (CAPF), Session Initiation Protocol (SIP), and Simple Network Management Protocol (SNMP) Trap services
are affected.
A remote user can send a series of specially crafted TCP packets to the CTL service on TCP port 2444 to cause excessive
memory consumption [CVE-2008-1742]. Version 5.x is affected. Cisco has assigned Cisco Bug ID CSCsj80609 to this vulnerability.
A
remote user can send a series of specially crafted TCP packets to the CTL service on TCP port 2444 to trigger a separate flaw and
cause excessive memory consumption [CVE-2008-1743]. Versions 5.x and 6.x are affected. Cisco has assigned Cisco Bug ID CSCsi98433
to this vulnerability.
A remote user can send specially crafted data to TCP port 3804 to cause denial of service conditions [CVE-2008-1744].
Versions 4.1, 4.2, and 4.3 are affected. Cisco has assigned Cisco Bug ID CSCsk46770 to this vulnerability.
A remote user can
send a specially crafted SIP JOIN message to cause denial of service conditions [CVE-2008-1745]. Versions 5.x and 6.x are affected.
Cisco has assigned Cisco Bug ID CSCsi48115 to this vulnerability.
A remote user can send a series of specially crafted UDP packets
to the SNMP trap agent on UDP port 61441 to cause denial of service conditions [CVE-2008-1746]. Versions 4.1, 4.2, 4.3, 5.x, and
6.x are affected. Cisco has assigned Cisco Bug ID CSCsj24113 to this vulnerability.
A remote user can send specially crafted
SIP INVITE messages to cause denial of service conditions [CVE-2008-1747]. Versions 4.1, 4.2, 4.3, 5.x, and 6.x are affected.
Cisco has assigned Cisco Bug ID CSCsk46944 to this vulnerability.
A remote user can send specially crafted SIP INVITE messages
to cause denial of service conditions [CVE-2008-1748]. Versions 4.1, 4.2, 4.3, 5.x, and 6.x are affected. Cisco has assigned Cisco
Bug ID CSCsl22355 to this vulnerability.
Cisco discovered these vulnerabilities.
|
Impact: A remote user can interrupt voice services.
|
Solution: The vendor has issued fixed versions (4.1.3SR7, 4.2(3)SR4, 4.3(2), 5.1(3), 6.1(1)).
The vendor's advisory is available at:
http://www.cisco.com/warp/public/707/cisco-sa-20080514-cucmdos.shtml
|
Vendor URL: www.cisco.com/warp/public/707/cisco-sa-20080514-cucmdos.shtml (Links to External Site)
|
Cause: Exception handling error, Resource error
|
|
Message History:
None.
|
Source Message Contents
|
Date: Wed, 14 May 2008 11:52:12 -0400
Subject: Cisco Security Advisory: Cisco Unified Communications Manager Denial of Service Vulnerabilities
|
http://www.cisco.com/warp/public/707/cisco-sa-20080514-cucmdos.shtml
CVE-2008-1742
CVE-2008-1743
CVE-2008-1744
CVE-2008-1745
CVE-2008-1746
CVE-2008-1747
CVE-2008-1748
|
|
Go to the Top of This SecurityTracker Archive Page
|
