ID

VAR-200708-0174

CVE

CVE-2007-4294

TITLE

Cisco IOS and CUCM In SIP Arbitrary code execution vulnerability in packet handling

DESCRIPTION

Unspecified vulnerability in Cisco Unified Communications Manager (CUCM) 5.0, 5.1, and 6.0, and IOS 12.0 through 12.4, allows remote attackers to execute arbitrary code via a malformed SIP packet, aka CSCsi80102. (CSCsi80102)Arbitrary code may be executed by a third party. These issues pertain to the following protocols or features: Session Initiation Protocol (SIP) Media Gateway Control Protocol (MGCP) Signaling protocols H.323, H.254 Real-time Transport Protocol (RTP) Facsimile reception A remote attacker can exploit these issues to execute arbitrary code or cause denial-of-service conditions. Cisco IOS is the operating system used in Cisco networking equipment. Cisco IOS has loopholes in processing various protocol packets. Remote attackers may take advantage of these loopholes to make the device unavailable. 323 packets, RTP packets, or receiving a very large packet when receiving a fax, can cause the service to crash or the router to hang. ---------------------------------------------------------------------- BETA test the new Secunia Personal Software Inspector! The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors. The vulnerability is reported in versions 5.0, 5.1, and 6.0. SOLUTION: Update to the fixed versions. CUCM 5.0: Update to CUCM 5.1(2b). CUCM 5.1(2b): http://www.cisco.com/pcgi-bin/tablebuild.pl/callmgr-51?psrtdcat20e2 CUCM 6.0(1a): http://www.cisco.com/pcgi-bin/tablebuild.pl/callmgr-60 PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

other

CONFIGURATIONS

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Cisco Security bulletin

SOURCES

LAST UPDATE DATE

2023-12-18T11:04:36.371000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE