SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Router/Bridge/Hub)  >   Cisco IOS Vendors:   Cisco
Cisco IOS Multiple Flaws Let Remote Users Deny Service
SecurityTracker Alert ID:  1024964
SecurityTracker URL:  http://securitytracker.com/id/1024964
CVE Reference:   CVE-2009-5038, CVE-2009-5039, CVE-2009-5040, CVE-2010-4671, CVE-2010-4683, CVE-2010-4684, CVE-2010-4685, CVE-2010-4686, CVE-2010-4687   (Links to External Site)
Date:  Jan 17 2011
Impact:   Denial of service via network, Host/resource access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Cisco 800 Series Routers with IOS 15.0(1)XA
Description:   Multiple vulnerabilities were reported in Cisco IOS. A remote or remote authenticated user can cause denial of service conditions. A remote authenticated user can bypass certain certificate controls.

A remote user can simultaneously end two calls that were controlled by CallManager Express (CME) to cause STCAPP-controlled ports to hang [CVE-2010-4687]. Cisco has assigned Bug ID CSCtd42552 to this vulnerability.

A remote user can send specially crafted SIP TRUNK traffic that contains rate bursts and a certain request size to cause excessive memory consumption on CallManager Express [CVE-2010-4686]. Cisco has assigned Bug ID CSCtb47950 to this vulnerability.

The device does not clear the public key cache upon a change to a certificate map [CVE-2010-4685]. A remote authenticated user can bypass a certificate ban by connecting with a banned certificate that had previously been valid. Cisco has assigned Bug ID CSCta79031 to this vulnerability.

When TFTP debugging is enabled, a remote user can perform a TFTP copy via IPv6 to cause the target device to crash [CVE-2010-4684]. Cisco has assigned Bug ID CSCtb28877 to this vulnerability.

A remote user can send a specially crafted SIP REGISTER message via UDP to cause excessive memory consumption on the target device [CVE-2010-4683]. Cisco has assigned Bug ID CSCtg41733 to this vulnerability.

A remote authenticated users can trigger a flaw in CallManager Express (CME) and cause the target device to crash by using an extension mobility (EM) phone to interact with the menu for SNR number changes [CVE-2009-5040]. Cisco has assigned Bug ID CSCta63555 to this vulnerability.

A remote user can make a large number of calls to trigger a memory leak in the gk_circuit_info_do_in_acf function in the H.323 implementation and consume excessive memory on the target devices [CVE-2009-5039]. Cisco has assigned Bug ID CSCsz72535 to this vulnerability.

A remote user can attempt to connect to a certain IRC server after the target device has performed an initial reload to cause the target device to reload [CVE-2009-5038]. Cisco has assigned Bug ID CSCso05336 to this vulnerability.

A remote user can send multiple Router Advertisement (RA) messages with different source addresses to cause excessive CPU consumption on the target device and possibly cause the target device to hang [CVE-2010-4671]. Cisco has assigned Bug ID CSCti33534 to this vulnerability.

Impact:   A remote or remote authenticated user can cause denial of service conditions.

A remote authenticated user can bypass certain certificate controls.

Solution:   The vendor has issued a fix (15.0(1)XA5).

Some vulnerabilities were fixed in prior versions.

The vendor's advisory is available at:

http://www.ciscosystems.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf

Vendor URL:  www.cisco.com/ (Links to External Site)
Cause:   Access control error, State error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC