Информационная безопасность
[RU] switch to English


DoS против Cisco Unified Presence / Cisco Unified Communications Manager
дополнено с 30 августа 2010 г.
Опубликовано:27 сентября 2010 г.
Источник:
SecurityVulns ID:11105
Тип:удаленная
Уровень опасности:
5/10
Описание:Отказ при разборе сообщений SIP.
Затронутые продукты:CISCO : Unified Communications Manager 6.1
 CISCO : Unified Communications Manager 7.1
 CISCO : Unified Communications Manager 8.0
 CISCO : Unified Presence 6.0
 CISCO : Unified Presence 7.0
CVE:CVE-2010-2840 (The Presence Engine (PE) service in Cisco Unified Presence 6.x before 6.0(7) and 7.x before 7.0(8) does not properly handle an erroneous Contact field in the header of a SIP SUBSCRIBE message, which allows remote attackers to cause a denial of service (process failure) via a malformed message, aka Bug ID CSCtd39629.)
 CVE-2010-2839 (SIPD in Cisco Unified Presence 6.x before 6.0(7) and 7.x before 7.0(8) allows remote attackers to cause a denial of service (stack memory corruption and process failure) via a malformed SIP message, aka Bug ID CSCtd14474.)
 CVE-2010-2838 (The SendCombinedStatusInfo implementation in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.0SU before 7.0(2a)SU3, 7.1 before 7.1(5), and 8.0 before 8.0(3) allows remote attackers to cause a denial of service (process failure) via a malformed SIP REGISTER message, aka Bug ID CSCtf66305.)
 CVE-2010-2837 (The SIPStationInit implementation in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.1SU before 6.1(5)SU1, 7.0SU before 7.0(2a)SU3, 7.1SU before 7.1(3b)SU2, 7.1 before 7.1(5), and 8.0 before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP message, aka Bug ID CSCtd17310.)
 CVE-2010-2835 (Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.0 before 7.0(2a)su3, 7.1su before 7.1(3b)su2, 7.1 before 7.1(5), and 8.0 before 8.0(1) allow remote attackers to cause a denial of service (device reload or voice-services outage) via a SIP REFER request with an invalid Refer-To header, aka Bug IDs CSCta20040 and CSCta31358.)
 CVE-2010-2834 (Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)SU1, 7.x before 7.1(5), and 8.0 before 8.0(2) allow remote attackers to cause a denial of service (device reload or voice-services outage) via crafted SIP registration traffic over UDP, aka Bug IDs CSCtf72678 and CSCtf14987.)
Оригинальный текстdocumentCISCO, Cisco Security Advisory: Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerabilities (27.09.2010)
 documentCISCO, Cisco Security Advisory: Cisco Unified Presence Denial of Service Vulnerabilities (30.08.2010)
 documentCISCO, Cisco Security Advisory: Cisco Unified Communications Manager Denial of Service Vulnerabilities (30.08.2010)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород