Cisco Unity Express Can Be Crashed With Specially Crafted Compressed DNS Data - SecurityTracker

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Device (VoIP/Phone/FAX) > Cisco Unity

Cisco Unity Express Can Be Crashed With Specially Crafted Compressed DNS Data

SecurityTracker Alert ID: 1014045

SecurityTracker URL: http://securitytracker.com/id/1014045

CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)

Date: May 24 2005

Impact: Denial of service via network

Fix Available: Yes Vendor Confirmed: Yes

Description: A vulnerability was reported in Cisco Unity Express in the processing of DNS messages. A remote user can cause denial of service conditions.

A remote user can send a DNS packet with specially crafted message compression data to cause an error on the target system. The target device may function abnormally or crash.

Impact: A remote user can cause the target system to crash or function abnormally.

Solution: The vendor has issued a fix. A fix matrix is available at:

http://www.cisco.com/warp/public/707/cisco-sn-20050524-dns.shtml

Vendor URL: www.cisco.com/warp/public/707/cisco-sn-20050524-dns.shtml (Links to External Site)

Cause: Exception handling error

Underlying OS:

Message History: None.

Source Message Contents

Date: Tue, 24 May 2005 12:48:49 -0400
Subject: http://www.cisco.com/warp/public/707/cisco-sn-20050524-dns.shtml



> Cisco Security Notice:Crafted DNS Packet Can Cause Denial Of Service  
 
> Document ID: 64994

Excerpt:

This issue is documented in the following bug IDs (available to registered customers only):

CSCsa67687 -- IP Phones 7902/7905/7912

CSCsa67666 -- ATA 186/188

CSCeh63819 -- Unity Express

CSCeh59380 -- ACNS devices


The following products are affected by this vulnerability:

Cisco IP Phones 7902/7905/7912

Cisco ATA (Analog Telephone Adaptor) 186/188

Cisco Unity Express

Cisco ACNS (Application and Content Networking System) devices, including:

Cisco 500 Series Content Engines

Cisco 7300 Series Content Engines

Cisco Content Routers 4400 series

Cisco Content Distribution Manager 4600 series

Cisco Content Engine Module for Cisco 2600, 2800, 3600, 3700, and 3800 series Integrated Service Routers

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2013, SecurityGlobal.net LLC