OSVDB ID: 19003

Title: Multiple Vendor Unspecified Compressed DNS Message DoS (1)

Info

Disclosure
May 24, 2005

Discovery
Unknown

Dates

Exploit
May 24, 2005

Solution
Unknown

Description

 Cisco's DNS implementation in certain products contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker sends a specially crafted DNS packet(s), and will result in loss of availability for the devices. No further details have been provided.

Classification

 Location: Remote/Network Access Required
Attack Type: Denial of Service
Impact: Loss of Availability
Exploit: Exploit Available
Disclosure: OSVDB Verified

Solution

 Upgrade to the respective version(s) documented in the Cisco software matrix or higher, as they have been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Cisco Systems, Inc.

ACNS devices

 5.3.0
5.3.2
5.3.1
5.2
5.2.1
5.2.2
5.2.3
5.2.4
5.2.5
5.2.6
5.1
5.1.1
5.1.2
5.1.3
5.1.4
5.1.5
5.1.6
5.1.7
5.1.8
5.1.9
5.1.10
5.1.11
5.1.12
5.1.13
5.1.14
5.0.x
4.x

SESM

 3.2(1)
3.2(2)
3.3(1)

7902 IP Phone

 SCCP 5.x
SCCP 4.x
SCCP 3.x
SCCP 2.x
SCCP 1.x
SCCP 6.0
SCCP 6.1.0
SIP 1.3.0
SIP 1.2.x
SIP 1.1.x
SIP 1.0.x
H323 1.0.1
H323 1.0.0

7905 IP Phone

 SIP 1.0.x
SIP 1.1.x
SIP 1.2.x
SIP 1.3.0
H323 1.0.1
H323 1.0.0
SCCP 6.1.0
SCCP 6.0.x
SCCP 5.x
SCCP 4.x
SCCP 3.x
SCCP 2.x
SCCP 1.x

7912 IP Phone

 SCCP 6.1.0
SCCP 6.0.x
SCCP 5.x
SCCP 4.x
SCCP 3.x
SCCP 2.x
SCCP 1.x
H323 1.0.1
H323 1.0.0
SIP 1.3.0
SIP 1.2.x
SIP 1.1.x
SIP 1.0.x

Unity Express

 2.1.2
2.1.1
2.1.0
1.x

ATA 186/188

 SCCP 3.2.0
SCCP 3.1.x
SCCP 3.0.x
SCCP 2.x
SCCP 1.x
SIP 3.2.0
SIP 3.1.x
SIP 3.0.x
SIP 2.x
SIP 1.x
H323 3.1.2
H323 3.1.1
H323 3.1.0
H323 3.0.x
H323 2.x
H323 1.x
MGCP 3.1.1
MGCP 3.1.0
MGCP 3.0.x
MGCP 2.x
MGCP 1.x

References

Credit
  • Steve Beaty - beatysBrand New Doo Doomscd.edu - Metropolitan State College of Denver


Direct URL: http://osvdb.org/36218