ID

VAR-200708-0171

CVE

CVE-2007-4291

TITLE

Cisco IOS Multiple service disruptions in (DoS) Vulnerabilities

DESCRIPTION

Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service via (1) a malformed MGCP packet, which causes a device hang, aka CSCsf08998; a malformed H.323 packet, which causes a device crash, as identified by (2) CSCsi60004 with Proxy Unregistration and (3) CSCsg70474; and a malformed Real-time Transport Protocol (RTP) packet, which causes a device crash, as identified by (4) CSCse68138, related to VOIP RTP Lib, and (5) CSCse05642, related to I/O memory corruption. Cisco IOS There are multiple service disruptions (DoS) Vulnerabilities exist. These issues pertain to the following protocols or features: Session Initiation Protocol (SIP) Media Gateway Control Protocol (MGCP) Signaling protocols H.323, H.254 Real-time Transport Protocol (RTP) Facsimile reception A remote attacker can exploit these issues to execute arbitrary code or cause denial-of-service conditions. Cisco IOS is the operating system used in Cisco networking equipment. Cisco IOS has loopholes in processing various protocol packets. Remote attackers may take advantage of these loopholes to make the device unavailable. 323 packets, RTP packets, or receiving a very large packet when receiving a fax, can cause the service to crash or the router to hang. ---------------------------------------------------------------------- BETA test the new Secunia Personal Software Inspector! The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors. 1) Errors when processing SIP packets can be exploited to crash the device or allow execution of arbitrary code via specially-crafted SIP packets. 2) Errors when processing MGCP packets can be exploited to cause the device to crash or become unresponsive via specially-crafted MGCP packets. 3) Errors when processing H.323 packets can be exploited to crash the device via specially crafted H.323 packets. 4) Errors when processing RTP packets can be exploited to crash the device via specially crafted RTP packets. 5) An error within Facsimile reception can be exploited to crash the device via an overly large packet. Please see the vendor's advisory for a list of affected versions. SOLUTION: Apply updated versions. See vendor advisory for more details. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

other

CONFIGURATIONS

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Cisco Security bulletin

SOURCES

LAST UPDATE DATE

2023-12-18T11:06:50.492000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE