VARIoT IoT vulnerabilities database

VAR-201101-0120 | CVE-2010-2632 |
Oracle Solaris of FTB Server vulnerabilities
Related entries in the VARIoT exploits database: VAR-E-201010-1183, VAR-E-201101-0760, VAR-E-201010-0031, VAR-E-201302-0650 |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in the FTP Server in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable researcher that this is an issue in the glob implementation in libc that allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames. GNU libc is prone to a remote denial-of-service vulnerability.
An attacker can exploit this issue to make the affected computer unresponsive, denying service to legitimate users.
Multiple vendors' implementations are reported to be affected, including:
NetBSD
OpenBSD
FreeBSD
Oracle Solaris 10
Additional vendors' implementations may also be affected. ----------------------------------------------------------------------
Get a tax break on purchases of Secunia Solutions!
If you are a U.S. company, you may be qualified for a tax break for your software purchases.
For more information see vulnerability #2:
SA42984
The vulnerability is reported in the following versions R15, R16,
R16.1, and R16.2. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Oracle Solaris Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA42984
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42984/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42984
RELEASE DATE:
2011-01-19
DISCUSS ADVISORY:
http://secunia.com/advisories/42984/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42984/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42984
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Solaris, which can be
exploited by malicious, local users to cause a DoS (Denial of
Service) and gain escalated privileges and by malicious people to
disclose system information, cause a DoS (Denial of Service), and
compromise a vulnerable system.
1) An unspecified error in the CDE Calendar Manager Service daemon
can be exploited to potentially execute arbitrary code via specially
crafted RPC packets.
2) An unspecified error in the FTP server can be exploited to cause a
DoS.
3) An unspecified error in a Ethernet driver can be exploited to
disclose certain system information.
4) An unspecified error in the kernel NFS component can be exploited
to cause a DoS.
5) An unspecified error in the kernel can be exploited by local users
to cause a DoS.
6) A second unspecified error in the kernel can be exploited by local
users to cause a DoS.
7) An unspecified error in the Standard C Library (libc) can be
exploited by local users to gain escalated privileges.
8) An unspecified error in the Fault Manager daemon can be exploited
by local users to gain escalated privileges.
9) An unspecified error in the XScreenSaver component can be
exploited by local users to gain escalated privileges.
SOLUTION:
Apply patches (please see the vendor's advisory for details).
PROVIDED AND/OR DISCOVERED BY:
It is currently unclear who reported these vulnerabilities as the
Oracle Critical Patch Update for January 2011 only provides a bundled
list of credits. This section will be updated when/if the original
reporter provides more information.
ORIGINAL ADVISORY:
http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-13:02.libc Security Advisory
The FreeBSD Project
Topic: glob(3) related resource exhaustion
Category: core
Module: libc
Announced: 2013-02-19
Affects: All supported versions of FreeBSD.
Corrected: 2013-02-05 09:53:32 UTC (stable/7, 7.4-STABLE)
2013-02-19 13:27:20 UTC (releng/7.4, 7.4-RELEASE-p12)
2013-02-05 09:53:32 UTC (stable/8, 8.3-STABLE)
2013-02-19 13:27:20 UTC (releng/8.3, 8.3-RELEASE-p6)
2013-02-05 09:53:32 UTC (stable/9, 9.1-STABLE)
2013-02-19 13:27:20 UTC (releng/9.0, 9.0-RELEASE-p6)
2013-02-19 13:27:20 UTC (releng/9.1, 9.1-RELEASE-p1)
CVE Name: CVE-2010-2632
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://security.FreeBSD.org/>.
I. Background
The glob(3) function is a pathname generator that implements the rules for
file name pattern matching used by the shell.
II. Problem Description
GLOB_LIMIT is supposed to limit the number of paths to prevent against
memory or CPU attacks. The implementation however is insufficient.
III. Impact
An attacker that is able to exploit this vulnerability could cause excessive
memory or CPU usage, resulting in a Denial of Service. A common target for
a remote attacker could be ftpd(8).
IV. Workaround
No workaround is available.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date.
2) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch http://security.FreeBSD.org/patches/SA-13:02/libc.patch
# fetch http://security.FreeBSD.org/patches/SA-13:02/libc.patch.asc
# gpg --verify libc.patch.asc
b) Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
Recompile the operating system using buildworld and installworld as
described in <URL:http://www.FreeBSD.org/handbook/makeworld.html>.
Restart all daemons, or reboot the system.
3) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
Restart all daemons, or reboot the system.
VI. Correction details
The following list contains the revision numbers of each file that was
corrected in FreeBSD.
Branch/path Revision
- -------------------------------------------------------------------------
stable/7/ r246357
releng/7.4/ r246989
stable/8/ r246357
releng/8.3/ r246989
stable/9/ r246357
releng/9.0/ r246989
releng/9.1/ r246989
- -------------------------------------------------------------------------
VII. References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2632
The latest revision of this advisory is available at
http://security.FreeBSD.org/advisories/FreeBSD-SA-13:02.libc.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (FreeBSD)
iEYEARECAAYFAlEjf80ACgkQFdaIBMps37JFUgCfUrw8Ky4U19COja6fna49Calv
z/YAn1JSGxzHCo8vLj4XhtXqrQt68or4
=mCPv
-----END PGP SIGNATURE-----
. MacOSX 10.8.3 ftpd Remote Resource Exhaustion
Maksymilian Arciemowicz
http://cxsecurity.com/
http://cvemap.org/
Public Date: 01.02.2013
http://cxsecurity.com/cveshow/CVE-2010-2632
http://cxsecurity.com/cveshow/CVE-2011-0418
--- 1. Description ---
Old vulnerability in libc allow to denial of service ftpd in MacOSX 10.8.3. Officially Apple has resolved this issue in Jun 2011. Apple use tnftpd as a main ftp server. tnftpd has migrated some functions from libc to own code (including glob(3)). Missing patch for resource exhaustion was added in version 20130322.
To this time, we can use CVE-2010-2632 to denial of service the ftp server. The funniest is report
http://support.apple.com/kb/ht4723
where CVE-2010-2632 was patched. That true 'libc is patched', but nobody from Apple has verified ftp. I really don't believe in penetrating testing form Apple side. Situation don't seems good. I has asked for open source donations, unfortunately Apple do not financial help vendors, what use their software in own products.
Proof of Concept is available since 2010
http://cxsecurity.com/issue/WLB-2011030145
Video demonstrated how to kill Mac Mini in basic version i5 with 10GB RAM in 30 min is available on
http://cxsec.org/video/macosx_ftpd_poc/
--- 2. References ---
Multiple Vendors libc/glob(3) remote ftpd resource exhaustion
http://cxsecurity.com/issue/WLB-2010100135
http://cxsecurity.com/cveshow/CVE-2010-2632
Multiple FTPD Server GLOB_BRACE|GLOB_LIMIT memory exhaustion
http://cxsecurity.com/issue/WLB-2011050004
http://cxsecurity.com/cveshow/CVE-2011-0418
More CWE-399 resource exhaustion examples:
http://cxsecurity.com/cwe/CWE-399
Last related to
http://www.freebsd.org/security/advisories/FreeBSD-SA-13:02.libc.asc
--- 3. Contact ---
Maksymilian Arciemowicz
Best regards,
CXSEC TEAM
http://cxsecurity.com/
VAR-201010-0410 | CVE-2010-3623 | Apple Mac OS X Run on Adobe Reader and Acrobat Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. Adobe Acrobat and Reader are prone to a remote memory-corruption vulnerability.
Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application.
Adobe Reader and Acrobat versions prior to and including 9.3.4 and 8.2.4 are affected.
I.
An attacker could exploit these vulnerabilities by convincing a
user to open a specially crafted PDF file. The Adobe Reader browser
plug-in, which can automatically open PDF documents hosted on a
website, is available for multiple web browsers and operating
systems.
Additional information is available in US-CERT Vulnerability Note
VU#491991.
II. Impact
These vulnerabilities could allow a remote attacker to execute
arbitrary code, write arbitrary files or folders to the file
system, escalate local privileges, or cause a denial of service on
an affected system as the result of a user opening a malicious PDF
file.
III. Solution
Update
Adobe has released updates to address this issue.
Disable JavaScript in Adobe Reader and Acrobat
Disabling JavaScript may prevent some exploits from resulting in
code execution. Acrobat JavaScript can be disabled using the
Preferences menu (Edit -> Preferences -> JavaScript; uncheck Enable
Acrobat JavaScript).
Adobe provides a framework to blacklist specific JavaScipt APIs. If
JavaScript must be enabled, this feature may be useful when
specific APIs are known to be vulnerable or used in attacks.
Prevent Internet Explorer from automatically opening PDF files
The installer for Adobe Reader and Acrobat configures Internet
Explorer to automatically open PDF files without any user
interaction. This behavior can be reverted to a safer option that
prompts the user by importing the following as a .REG file:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\AcroExch.Document.7]
"EditFlags"=hex:00,00,00,00
Disable the display of PDF files in the web browser
Preventing PDF files from opening inside a web browser will
partially mitigate this vulnerability. If this workaround is
applied, it may also mitigate future vulnerabilities.
To prevent PDF files from automatically being opened in a web
browser, do the following:
1.
2. Open the Edit menu.
3. Choose the Preferences option.
4. Choose the Internet section.
5. Uncheck the "Display PDF in browser" checkbox.
Do not access PDF files from untrusted sources
Do not open unfamiliar or unexpected PDF files, particularly those
hosted on websites or delivered as email attachments. Please see
Cyber Security Tip ST04-010.
IV. References
* Security update available for Adobe Reader and Acrobat -
<http://www.adobe.com/support/security/bulletins/apsb10-21.html>
* US-CERT Vulnerability Note VU#491991 -
<http://www.kb.cert.org/vuls/id/491991>
* Adobe Reader and Acrobat JavaScript Blacklist Framework -
<http://kb2.adobe.com/cps/504/cpsid_50431.html>
____________________________________________________________________
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA10-279A.html>
____________________________________________________________________
Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA10-279A Feedback VU#491991" in
the subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Produced 2010 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
October 06, 2010: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBTKxxvD6pPKYJORa3AQIL3wgAp2tynQw73VA+B70fuEl+os17BeVaP8zn
5aoWS6QBRx+Q8Ijw1wnKT1sF4IWaDWTWqPo0yt6MLx8WwO2ei8WaB+aMOwy9ZBo3
BbCOPSM63/3jBrJuCDs4x2PhZDzg2GJf4Zw8NN2oCSOXMxYGhx16QQzo2lY35CBJ
cvCSiLtNQuqpnvNMi2DJhArwxStK9Un2fli7IqwXzC6+RIgrk1l/EAM/6CO2+AwJ
Se0bDWBjwR5YverLEXoLuBbF0lHvQ0+V/vT5Q/zBDYUwcWkBL2n7NwdbKI9pYZxL
8Te7YapqAnMNgI1/PnYI/W369Vq3U6QoQVVR9ZoyLGw8x0A57cpU2g==
=Rc0h
-----END PGP SIGNATURE-----
VAR-201010-0586 | No CVE | Research In Motion BlackBerry Device Software Cross Domain Information Disclosure Vulnerability |
CVSS V2: - CVSS V3: - Severity: - |
Research In Motion BlackBerry Device Software is prone to a cross-domain information-disclosure vulnerability because the application's web browser fails to properly enforce the same-origin policy.
An attacker can exploit this issue to access local files or content from a browser window in another domain or security zone. This may allow the attacker to obtain sensitive information or may aid in further attacks.
VAR-201010-0436 | No CVE | Novell eDirectory Server Malformed Index Denial of Service Vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
This vulnerability allows attackers to deny services on vulnerable installations of Novell eDirectory. Authentication is not required in order to trigger this vulnerability.The flaw exists within Novell's eDirectory Server's NCP implementation which binds, by default, to TCP port 524. While handling a malformed request, the application explicitly trusts a field when translating it to an index into a table of counters. If this index is too large, the application will set a value outside the array and the ndsd process will become unresponsive resulting in an inability to authenticate to that server. Novell eDirectory is a cross-platform directory server. Novell eDirectory is prone to a denial-of-service vulnerability.
Remote attackers can exploit this issue to crash the application, denying service to legitimate users.
Versions prior to eDirectory 8.8.5 ftf3 are vulnerable. ZDI-10-189: Novell eDirectory Server Malformed Index Denial of Service Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-189
October 1, 2010
-- CVSS:
7.8, (AV:N/AC:L/Au:N/C:N/I:N/A:C)
-- Affected Vendors:
Novell
-- Affected Products:
Novell eDirectory
-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 9971.
-- Vendor Response:
Novell has issued an update to correct this vulnerability. More
details can be found at:
http://www.novell.com/support/viewContent.do?externalId=7006389&sliceId=2
-- Disclosure Timeline:
2009-04-28 - Vulnerability reported to vendor
2010-10-01 - Coordinated public release of advisory
-- Credit:
This vulnerability was discovered by:
* 1c239c43f521145fa8385d64a9c32243
-- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research
through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
mitigation product.
Our vulnerability disclosure policy is available online at:
http://www.zerodayinitiative.com/advisories/disclosure_policy/
Follow the ZDI on Twitter:
http://twitter.com/thezdi
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
VAR-201010-0437 | No CVE | Intellicom Netbiter webSCADA product 'read.cgi' multiple security vulnerabilities |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Intellicom NetBiter is a hardware device that is managed using the WebSCADA protocol. The Intellicom Netbiter webSCADA product 'read.cgi' has multiple security vulnerabilities that allow attackers to obtain sensitive information. - Local files are available through directory traversal attacks: /cgi-bin/read.cgi?page=../../../../../../../../../.. /../etc/passwd%00- can submit the following request for sensitive information: /cgi-bin/read.cgi?file=/home/config/users.cfg - by injecting a specially constructed GIF image on the LOGO page modification Upload malicious code: /cgi-bin/read.cgi?page=config.html&file=/home/config/pages/2.conf§ion=PAGE2GIF Hide malicious code in image content for SCADA server management and unauthorized OS command execution.
An attacker can exploit these issues to upload and execute arbitrary script code on an affected computer with the privileges of the webserver process, view arbitrary local files, or obtain sensitive data that can aid in further attacks.
Netbiter webSCADA WS100 and Netbiter webSCADA WS200 are vulnerable; other versions may also be affected
VAR-201010-0168 | CVE-2010-1623 | Apache Portable Utility Library apr_brigade_split_line Service disruption in functions (DoS) Vulnerabilities |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket. Apache 'APR-util' is prone to a vulnerability that may allow attackers to cause a denial-of-service condition.
Versions prior to 'APR-util' 1.3.10 are vulnerable.
Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct this issue. The verification
of md5 checksums and GPG signatures is performed automatically for you. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFMp2gfmqjQ0CJFipgRAt4MAKDyY5474rouxr68uwdAJFM5ccGCWQCgluf4
+3Ue46VyQAyCWIdyaxpp9no=
=hI/k
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c03280632
Version: 1
HPSBMU02764 SSRT100827 rev.1 - HP System Management Homepage (SMH) Running on Linux and Windows, Remote Cross Site Request Forgery (CSRF), Denial of Service (DoS), Execution of Arbitrary Code, Other Vulnerabilities
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2012-04-16
Last Updated: 2012-04-16
Potential Security Impact: Remote cross site request forgery (CSRF), Denial of Service (DoS), execution of arbitrary code, other vulnerabilities
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely and locally resulting in cross site request forgery (CSRF), Denial of Service (DoS), execution of arbitrary code, and other vulnerabilities.
References: CVE-2009-0037, CVE-2010-0734, CVE-2010-1452, CVE-2010-1623, CVE-2010-2068, CVE-2010-2791, CVE-2010-3436, CVE-2010-4409, CVE-2010-4645, CVE-2011-0014, CVE-2011-0195, CVE-2011-0419, CVE-2011-1148, CVE-2011-1153, CVE-2011-1464, CVE-2011-1467, CVE-2011-1468, CVE-2011-1470, CVE-2011-1471, CVE-2011-1928, CVE-2011-1938, CVE-2011-1945, CVE-2011-2192, CVE-2011-2202, CVE-2011-2483, CVE-2011-3182, CVE-2011-3189, CVE-2011-3192, CVE-2011-3267, CVE-2011-3268, CVE-2011-3207, CVE-2011-3210, CVE-2011-3348, CVE-2011-3368, CVE-2011-3639, CVE-2011-3846, SSRT100376, CVE-2011-4317, CVE-2012-0135, SSRT100609, CVE-2012-1993, SSRT10043
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP System Management Homepage (SMH) before v7.0 running on Linux and Windows.
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2009-0037 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8
CVE-2010-0734 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8
CVE-2010-1452 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2010-1623 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2010-2068 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0
CVE-2010-2791 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0
CVE-2010-3436 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0
CVE-2010-4409 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2010-4645 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2011-0014 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2011-0195 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3
CVE-2011-0419 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3
CVE-2011-1148 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
CVE-2011-1153 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
CVE-2011-1464 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3
CVE-2011-1467 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2011-1468 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3
CVE-2011-1470 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3
CVE-2011-1471 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3
CVE-2011-1928 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3
CVE-2011-1938 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
CVE-2011-1945 (AV:N/AC:H/Au:N/C:P/I:N/A:N) 2.6
CVE-2011-2192 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3
CVE-2011-2202 (AV:N/AC:L/Au:N/C:N/I:P/A:P) 6.4
CVE-2011-2483 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0
CVE-2011-3182 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2011-3189 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3
CVE-2011-3192 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8
CVE-2011-3267 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2011-3268 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2011-3207 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0
CVE-2011-3210 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2011-3348 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3
CVE-2011-3368 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0
CVE-2011-3639 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3
CVE-2011-3846 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8
CVE-2011-4317 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3
CVE-2012-0135 (AV:N/AC:M/Au:S/C:N/I:N/A:P) 3.5
CVE-2012-1993 (AV:L/AC:L/Au:S/C:P/I:P/A:N) 3.2
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
The Hewlett-Packard Company thanks Sow Ching Shiong coordinating with Secunia for reporting CVE-2011-3846 to security-alert@hp.com.
RESOLUTION
HP has provided HP System Management Homepage v7.0 or subsequent to resolve the vulnerabilities.
SMH v7.0 is available here: http://h18000.www1.hp.com/products/servers/management/agents/index.html
HISTORY
Version:1 (rev.1) 16 April 2012 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX
Copyright 2012 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
Background
==========
The Apache Portable Runtime (aka APR) provides a set of APIs for
creating platform-independent applications. The Apache Portable Runtime
Utility Library (aka APR-Util) provides an interface to functionality
such as XML parsing, string matching and database connections.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-libs/apr < 1.4.8-r1 >= 1.4.8-r1
2 dev-libs/apr-util < 1.3.10 >= 1.3.10
-------------------------------------------------------------------
2 affected packages
Description
===========
Multiple vulnerabilities have been discovered in Apache Portable
Runtime and APR Utility Library. Please review the CVE identifiers
referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Apache Portable Runtime users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/apr-1.4.8-r1"
All users of the APR Utility Library should upgrade to the latest
version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/apr-util-1.3.10"
Packages which depend on these libraries may need to be recompiled.
Tools such as revdep-rebuild may assist in identifying some of these
packages.
References
==========
[ 1 ] CVE-2010-1623
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1623
[ 2 ] CVE-2011-0419
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0419
[ 3 ] CVE-2011-1928
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1928
[ 4 ] CVE-2012-0840
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0840
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201405-24.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2014 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
.
Jeff Trawick discovered a flaw in the apr_brigade_split_line() function
in apr-util.
This upgrade fixes this issue. After the upgrade, any running apache2
server processes need to be restarted.
For the stable distribution (lenny), this problem has been fixed in
version 1.2.12+dfsg-8+lenny5.
For the testing distribution (squeeze) and the unstable distribution
(sid), this problem has been fixed in version 1.3.9+dfsg-4.
We recommend that you upgrade your apr-util packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 5.0 alias lenny (stable)
- -----------------------------------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/a/apr-util/apr-util_1.2.12+dfsg.orig.tar.gz
Size/MD5 checksum: 658687 4ef3e41037fe0cdd3a0d107335a008eb
http://security.debian.org/pool/updates/main/a/apr-util/apr-util_1.2.12+dfsg-8+lenny5.dsc
Size/MD5 checksum: 1531 3c280d9325eccb5b202f797dfe4b0fec
http://security.debian.org/pool/updates/main/a/apr-util/apr-util_1.2.12+dfsg-8+lenny5.diff.gz
Size/MD5 checksum: 23557 ccbe052945c3c7a7abb083a5780e63fa
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny5_alpha.deb
Size/MD5 checksum: 90912 f01833decf4c09cb19900ad830537656
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny5_alpha.deb
Size/MD5 checksum: 157332 c768e904368992a886bab995d06be691
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny5_alpha.deb
Size/MD5 checksum: 147422 1f0111e3b3d573c860d72fb7d8f0e8b5
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny5_amd64.deb
Size/MD5 checksum: 133214 02ecc9426d426a0b07fad57d8548a552
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny5_amd64.deb
Size/MD5 checksum: 80190 bc013109f72a0550ab75a3cbcea4c8e3
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny5_amd64.deb
Size/MD5 checksum: 148128 a9074ac6c50448c01a8b79a1b43fd71a
arm architecture (ARM)
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny5_arm.deb
Size/MD5 checksum: 71238 0f14138790b33ed5312d1bd9c64b1f00
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny5_arm.deb
Size/MD5 checksum: 124300 360c36286adba8e4590d3d788edc861b
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny5_arm.deb
Size/MD5 checksum: 139246 1221f6cb3918a1b4fea98aac628f1eaa
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny5_armel.deb
Size/MD5 checksum: 125562 e438c52ef68ba41152adf433bc21d616
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny5_armel.deb
Size/MD5 checksum: 70018 364da2335ced6c3219f8e6ce206b66e3
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny5_armel.deb
Size/MD5 checksum: 139230 76e5e253b409ce658a5be6362344fff5
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny5_hppa.deb
Size/MD5 checksum: 83802 c410f61265b32634094ad350d0d4aeb5
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny5_hppa.deb
Size/MD5 checksum: 138764 b467ed9dc49f4379e6db88d45e4ef233
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny5_hppa.deb
Size/MD5 checksum: 143056 952388a55397fad1995bc02367571482
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny5_i386.deb
Size/MD5 checksum: 141614 edd53fa18ff076d2dff72b40a9651d14
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny5_i386.deb
Size/MD5 checksum: 73984 2aa25fcf6479e34bdce90f1b989dfa4f
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny5_i386.deb
Size/MD5 checksum: 121060 788336d970df93d381088228298e4f4d
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny5_ia64.deb
Size/MD5 checksum: 110820 789ad31d3dc20ebc5e7a3d1d791087c5
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny5_ia64.deb
Size/MD5 checksum: 136570 67db51e6841ba527c27cd8608f203760
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny5_ia64.deb
Size/MD5 checksum: 169058 def2319fc7c98c667ff63fab83ba848a
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny5_mips.deb
Size/MD5 checksum: 137656 65b830e995d0e1df9e5dd3ded8d70384
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny5_mips.deb
Size/MD5 checksum: 74498 dbae966eba410854729e65f1b923616f
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny5_mips.deb
Size/MD5 checksum: 147726 0a00e22703d26b6cb7d9c3b378f628ac
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny5_mipsel.deb
Size/MD5 checksum: 144892 99888c01ccac0d9faa3a5550b15fba7a
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny5_mipsel.deb
Size/MD5 checksum: 74218 8231602412144f158ab4d1250df32cfe
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny5_mipsel.deb
Size/MD5 checksum: 136538 e0bb514608d43f8c8b2316f631e7e297
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny5_powerpc.deb
Size/MD5 checksum: 147160 87609acb8e723f45311251cfa03faa8b
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny5_powerpc.deb
Size/MD5 checksum: 132642 954d78228520f1a803835405fee1a9f5
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny5_powerpc.deb
Size/MD5 checksum: 83158 1de0e929812f80a27c5b5ef505a74da3
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny5_s390.deb
Size/MD5 checksum: 85652 125b09d4165e3cc8faa822ceba8746e7
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny5_s390.deb
Size/MD5 checksum: 133244 c8ebef5c30d2b61def461d62b8ea7b23
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny5_s390.deb
Size/MD5 checksum: 148902 0ac9f485e20eaf0eff64845c96c63c02
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny5_sparc.deb
Size/MD5 checksum: 125152 d7b0e9e282c1f6532f2239a9eba4e207
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny5_sparc.deb
Size/MD5 checksum: 72892 a0fd31dbfcd9cf8301b274d733315162
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny5_sparc.deb
Size/MD5 checksum: 131960 95bb41d3245d5d0d6569d6fb045decba
These files will probably be moved into the stable distribution on
its next update. ----------------------------------------------------------------------
Windows Applications Insecure Library Loading
The Official, Verified Secunia List:
http://secunia.com/advisories/windows_insecure_library_loading/
The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected.
----------------------------------------------------------------------
TITLE:
Apache HTTP Server APR-util Multiple Denial of Service
Vulnerabilities
SECUNIA ADVISORY ID:
SA41811
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/41811/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=41811
RELEASE DATE:
2010-10-20
DISCUSS ADVISORY:
http://secunia.com/advisories/41811/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/41811/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=41811
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Some vulnerabilities have been reported in Apache HTTP Server, which
can be exploited by malicious people to cause a DoS (Denial of
Service).
The vulnerabilities are caused due to application using vulnerable
APR-utils code.
For more information:
SA41701
SOLUTION:
Update to version 2.2.17.
ORIGINAL ADVISORY:
http://www.apache.org/dist/httpd/Announcement2.2.html
http://www.apache.org/dist/httpd/CHANGES_2.2.17
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. ===========================================================
Ubuntu Security Notice USN-1021-1 November 25, 2010
apache2 vulnerabilities
CVE-2010-1452, CVE-2010-1623
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 9.10
Ubuntu 10.04 LTS
Ubuntu 10.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
apache2-common 2.0.55-4ubuntu2.12
Ubuntu 8.04 LTS:
apache2.2-common 2.2.8-1ubuntu0.19
Ubuntu 9.10:
apache2.2-common 2.2.12-1ubuntu2.4
Ubuntu 10.04 LTS:
apache2.2-common 2.2.14-5ubuntu8.4
Ubuntu 10.10:
apache2.2-common 2.2.16-1ubuntu3.1
In general, a standard system update will make all the necessary changes.
Details follow:
It was discovered that Apache's mod_cache and mod_dav modules incorrectly
handled requests that lacked a path. This issue affected
Ubuntu 6.06 LTS, 8.04 LTS, 9.10 and 10.04 LTS. (CVE-2010-1452)
It was discovered that Apache did not properly handle memory when
destroying APR buckets. This issue
affected Ubuntu 6.06 LTS and 10.10. (CVE-2010-1623)
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.12.diff.gz
Size/MD5: 134865 3a8ddb93ba4acb10e5a25f8fedff76c8
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.12.dsc
Size/MD5: 1823 ea94bede6f84eff66e7ddbed098314b3
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz
Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.12_all.deb
Size/MD5: 2126274 cabf3e5b4db7aa0fedb11a88f8b75bd6
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.12_amd64.deb
Size/MD5: 835158 fe32a82ad3ebc2bcb3dd761089125095
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.12_amd64.deb
Size/MD5: 229940 b5a9d6e605da9a7eaa482afe5209dc7b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.12_amd64.deb
Size/MD5: 225020 ea417c30c902579143a7514c6ab9f85a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.12_amd64.deb
Size/MD5: 229516 5fa43f8e2ff727ee42a0ba40cdb1fa69
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.12_amd64.deb
Size/MD5: 173264 e23808d6fb41ebb4cd3a7bd2d02362f7
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.12_amd64.deb
Size/MD5: 174046 3e816aa3c599f5ee36de1061bdd49a6a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.12_amd64.deb
Size/MD5: 95854 94297f57007c1b9161d2cb3357584f47
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.12_amd64.deb
Size/MD5: 37898 7747042159ee5f8bb6c49d8a8c4ba4df
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.12_amd64.deb
Size/MD5: 287552 041d5d83609f70f50b6aa142f13ba670
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.12_amd64.deb
Size/MD5: 146132 e5da23a1537a20d723470a0ea65e842e
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.12_i386.deb
Size/MD5: 788394 9dec38ca7cf477fab1d5e235d722eb18
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.12_i386.deb
Size/MD5: 204496 17b851c580fdd514732f26d4bbd259b6
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.12_i386.deb
Size/MD5: 200398 933aebfa68842dfe55408582cb7f9d86
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.12_i386.deb
Size/MD5: 203956 58a25ad65c7231f12fb16eb5866e32cf
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.12_i386.deb
Size/MD5: 173272 ee2c6892d43a29dc81b6d9ba8371b658
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.12_i386.deb
Size/MD5: 174054 f2cbea79976c62934145b24d0a724e9b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.12_i386.deb
Size/MD5: 93772 82e6a9c1c6d6df884c3af138c0775b67
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.12_i386.deb
Size/MD5: 37898 8038ee56310c3e9ba48390fdf2fef08c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.12_i386.deb
Size/MD5: 263514 f0612bf70590d673c89e3cb570e2fc6c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.12_i386.deb
Size/MD5: 133962 50c5afa21c1885b85123ec625ec56ae3
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.12_powerpc.deb
Size/MD5: 861224 cf92679fbac1e52c2d8a598ff44f188b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.12_powerpc.deb
Size/MD5: 221912 7b83f2457d7cf8d19fd0cb7316d56e0e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.12_powerpc.deb
Size/MD5: 217554 5fbbd3b402cdf67e53ba32736ab8053f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.12_powerpc.deb
Size/MD5: 221388 dee996cd2f6ebc9145e6011ef53a2ee0
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.12_powerpc.deb
Size/MD5: 173274 94584b32580ebe3812025aa4afb9c955
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.12_powerpc.deb
Size/MD5: 174052 98cb6b1ccf81313ff962bcb5b39ac7d2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.12_powerpc.deb
Size/MD5: 105582 c4c9f9cc5720100d6bddd79db1307217
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.12_powerpc.deb
Size/MD5: 37896 6b743ca1fca7190d0285566d13bda51d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.12_powerpc.deb
Size/MD5: 283142 6a92a690cf5cc721aa63521aad9392cc
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.12_powerpc.deb
Size/MD5: 143218 61e6e554125129329aa23caea6ab7d6d
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.12_sparc.deb
Size/MD5: 805924 63dbfa9c4db04615df89b1f2c33ef244
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.12_sparc.deb
Size/MD5: 212036 92c7ee68d10a57e7a5286330c4949c40
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.12_sparc.deb
Size/MD5: 207740 508ef2ff0c8a3ff1957bab5239bd82ca
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.12_sparc.deb
Size/MD5: 211424 26d7573f55a65f1c2179a6454a8a2247
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.12_sparc.deb
Size/MD5: 173266 3e233d63f56f4db03c8f51fbe59d8bfd
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.12_sparc.deb
Size/MD5: 174060 86dbedfeba4eae832e919c411303ee29
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.12_sparc.deb
Size/MD5: 94908 b5433d52f99b3e6e537e59f1c8d6d9da
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.12_sparc.deb
Size/MD5: 37894 5e76d199949e5f9a8325ff3f7a645cd5
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.12_sparc.deb
Size/MD5: 269530 c1b082f05af3f78475ebf419439def01
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.12_sparc.deb
Size/MD5: 131930 0a007c073d905b15132bfc31ccda1798
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.19.diff.gz
Size/MD5: 147731 47643f18d53daf8750e4538970c83d07
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.19.dsc
Size/MD5: 2046 1376672acd99ef14f01a6a8cc34c4346
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8.orig.tar.gz
Size/MD5: 6125771 39a755eb0f584c279336387b321e3dfc
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.8-1ubuntu0.19_all.deb
Size/MD5: 1945340 4d59aa0089912c2624eb180d51b03c14
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.8-1ubuntu0.19_all.deb
Size/MD5: 73650 77d5950a1c521b641aa72fb166eaa06f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.8-1ubuntu0.19_all.deb
Size/MD5: 6458166 4e10a40f1f1e579be261f40a7be2e295
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.19_all.deb
Size/MD5: 46410 6198a6eba06d945ad9597e82c280d9cb
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.19_amd64.deb
Size/MD5: 254742 fd54d116879ed6590105b26b01ff0dac
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.19_amd64.deb
Size/MD5: 249806 b3b1fae6e7e4dbf28b4d7711aa56e978
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.19_amd64.deb
Size/MD5: 254062 36933808b11f1f28501c9c864b399388
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.19_amd64.deb
Size/MD5: 209526 bb74dd0a139b249c56d65868a9dc73e8
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.19_amd64.deb
Size/MD5: 210246 bfd89c9521fecf9ed688249ccbfec002
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.19_amd64.deb
Size/MD5: 142524 f1940eea967b918bd45b47caab2f4569
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.19_amd64.deb
Size/MD5: 818246 088f766f2ec56ec65bf755554a86b10d
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.19_i386.deb
Size/MD5: 237310 e10dd07bd6e8c12c6612a49a63b8be7d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.19_i386.deb
Size/MD5: 233246 c8fd94e5d140caec9c66794a71549c03
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.19_i386.deb
Size/MD5: 236460 14c91ad0347f05d6e7340f6a1f928e27
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.19_i386.deb
Size/MD5: 208474 ef4b083322079968262bdcba6b3c6a67
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.19_i386.deb
Size/MD5: 209230 c881dc1f09b1f6b44438447aae8f6a9d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.19_i386.deb
Size/MD5: 141750 73549c8f179ff90ae2f46b8c0c8b15f8
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.19_i386.deb
Size/MD5: 771740 b1d59367bfecfac830bae15c80f35220
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.19_lpia.deb
Size/MD5: 236226 48998dba63cfeaa6643d70566b3a4b01
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.19_lpia.deb
Size/MD5: 231844 92cd164c9cd479000ba26116d3b02528
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.19_lpia.deb
Size/MD5: 235380 6467532b910026e940667bb198713aae
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.19_lpia.deb
Size/MD5: 206216 3138f3c4b223d1fe380f0225400e01bd
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.19_lpia.deb
Size/MD5: 206970 cf900b47ca37e165bf27178bc2ace931
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.19_lpia.deb
Size/MD5: 141842 112093d097022b08aed1b5c88124422c
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.19_lpia.deb
Size/MD5: 750718 8c133b186cdac6c1ecb4545d6a3e694a
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.19_powerpc.deb
Size/MD5: 254768 91f01fceef69cabdec4b757de95158f4
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.19_powerpc.deb
Size/MD5: 250222 63f05e66592f62d2737af8d7cbe477b9
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.19_powerpc.deb
Size/MD5: 254334 668e26ac957e82ecf2d453785694084b
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.19_powerpc.deb
Size/MD5: 206226 18129b8fd8c67956365dcde559bc5d5d
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.19_powerpc.deb
Size/MD5: 207008 f472f886b6ef23dd312b6f260ac0ad4a
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.19_powerpc.deb
Size/MD5: 159022 cdc450f459faf8aa6e0aeea4302fb482
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.19_powerpc.deb
Size/MD5: 907128 ebb5b80e3b8e86d65e737e9233adedf1
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.19_sparc.deb
Size/MD5: 238036 08f53aec4792eb86f8703bc0c2704f6f
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.19_sparc.deb
Size/MD5: 233776 75ee213b18e3a99bac748634268f5d4f
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.19_sparc.deb
Size/MD5: 237202 27b608c9dc3e5e230c43f8f8c3ec700e
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.19_sparc.deb
Size/MD5: 206232 5924f7ed7175f472504ef1cf6ce4d86c
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.19_sparc.deb
Size/MD5: 206998 3c0e7c38872cef1e334feb1129b2692f
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.19_sparc.deb
Size/MD5: 144452 50eaa5db62fba9c3c618b7cabe90a309
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.19_sparc.deb
Size/MD5: 766340 8da38a1e49155f52ea46423fe4c4ee06
Updated packages for Ubuntu 9.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.4.diff.gz
Size/MD5: 188484 c434b577603818436c5ee70fe88edf0f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.4.dsc
Size/MD5: 2553 7abc36d70b6407bf31d0260f8526e905
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12.orig.tar.gz
Size/MD5: 6678149 17f017b571f88aa60abebfe2945d7caf
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.12-1ubuntu2.4_all.deb
Size/MD5: 2246980 8e954b9a42e2fc44d823b610c63103f6
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.12-1ubuntu2.4_all.deb
Size/MD5: 2346 111dc0ced8a829de9835209e392cf3e7
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.12-1ubuntu2.4_all.deb
Size/MD5: 2376 a66e6d805229684af87c68ab069ea266
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.12-1ubuntu2.4_all.deb
Size/MD5: 2314 0a40f20a353e1880aa3bc30aa875def7
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.12-1ubuntu2.4_all.deb
Size/MD5: 285472 2cf254bff1dd932e27a2f5eb0f2124a8
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.4_all.deb
Size/MD5: 1424 8200e0af179d043e28c2f13cd5f1238a
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-mpm-itk_2.2.12-1ubuntu2.4_all.deb
Size/MD5: 2372 4daddf09fd746f243e1c8e232741cd8b
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.4_amd64.deb
Size/MD5: 138384 c23f1742d1a4d1ff327012cc58cd28a6
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.4_amd64.deb
Size/MD5: 139496 80d1bf7089621f9c00605116bd4efb26
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.4_amd64.deb
Size/MD5: 157192 3e2876e823a747c961f8b59df1900dc7
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.4_amd64.deb
Size/MD5: 1406140 f67eb0ab245047eb2719a695b671fa7d
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.4_amd64.deb
Size/MD5: 93116 e92b6c82515c6103af4c84178defec73
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.4_amd64.deb
Size/MD5: 91618 087b0450f9a88bb5317701537e0007b9
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.4_i386.deb
Size/MD5: 137086 9fd8574d5a320f22ce3c83cc9317927e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.4_i386.deb
Size/MD5: 138186 d1b822bee829beffc46f8a9aa94199e3
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.4_i386.deb
Size/MD5: 155560 0025c5f7797bd018be99822a99119f40
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.4_i386.deb
Size/MD5: 1309800 d94bad874d281bab671b0412cf17afb3
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.4_i386.deb
Size/MD5: 92244 594282d8a9901fab271fb283b9bc9fbd
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.4_i386.deb
Size/MD5: 90682 d4609ceb9bb59604ce158ca6e1014cb4
armel architecture (ARM Architecture):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.4_armel.deb
Size/MD5: 138226 c907c76b362a7bcf49dbe953071c2c4c
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.4_armel.deb
Size/MD5: 139390 241cf4036e1794a425a618596eee14da
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.4_armel.deb
Size/MD5: 158704 3258d4b715849de1ce8e43ded000c2e4
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.4_armel.deb
Size/MD5: 1272916 b8242bb6da822d44ccec1a8fad064688
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.4_armel.deb
Size/MD5: 92320 4b0485fe9f0df0bd32c6e3da0e42a87f
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.4_armel.deb
Size/MD5: 90936 e9437ec0e9571f04f72f88dbe8ad369f
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.4_lpia.deb
Size/MD5: 137098 2fba573c3a8a0beee6b720ddf7a147fa
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.4_lpia.deb
Size/MD5: 138198 37dae52a4c96112916917dabab555b30
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.4_lpia.deb
Size/MD5: 155464 dfd5669eafaf325fa75f1e64eb29bfad
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.4_lpia.deb
Size/MD5: 1291192 6d4d11afb217b49470a4710eb4566143
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.4_lpia.deb
Size/MD5: 92194 44e4c307a00e68e702c52ba8d10c7984
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.4_lpia.deb
Size/MD5: 90690 399761c5a6fcd2014b219e7b8cd31d32
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.4_powerpc.deb
Size/MD5: 137092 417a344f112a5b13ea5f36a600018d3c
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.4_powerpc.deb
Size/MD5: 138196 3e2b46cf25a41c0d4ad1af6b24407c25
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.4_powerpc.deb
Size/MD5: 161418 2b41d2b09b03e8e4066194a16774fec1
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.4_powerpc.deb
Size/MD5: 1390750 edcd289885e3c92f7694efa4abc6188f
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.4_powerpc.deb
Size/MD5: 92754 1c97103bbb049dd7ee8b836fe26b2031
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.4_powerpc.deb
Size/MD5: 91142 034979974f2a357218bf614d882cfa23
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.4_sparc.deb
Size/MD5: 137088 058fccf694c50b3852c281f0fa701e66
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.4_sparc.deb
Size/MD5: 138186 625a413761fd36b9bf7755cab9a97118
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.4_sparc.deb
Size/MD5: 159860 a1efd79d8fba8be9477305d221e43334
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.4_sparc.deb
Size/MD5: 1298622 f2256441099614d6e416338cc05c6794
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.4_sparc.deb
Size/MD5: 92524 61dc9b0d61de14659665b5b2908c0df6
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.4_sparc.deb
Size/MD5: 90922 a843867aac530a79cda6005ed54a4ff1
Updated packages for Ubuntu 10.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.14-5ubuntu8.4.diff.gz
Size/MD5: 214170 04cbe3e7dbcc5b4ddd35b21d0a3c3a21
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.14-5ubuntu8.4.dsc
Size/MD5: 2697 97667571f87fad4f3bf780660bc8c9c2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.14.orig.tar.gz
Size/MD5: 6684081 2c1e3c7ba00bcaa0163da7b3e66aaa1e
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.14-5ubuntu8.4_all.deb
Size/MD5: 2257806 5ee35fe75e4686cf2c07ca2182e98763
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.14-5ubuntu8.4_amd64.deb
Size/MD5: 2396 3495d9a0b12b11e9b84367f88154f25c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.14-5ubuntu8.4_amd64.deb
Size/MD5: 2420 83460dfe877ea3410b48369f4a34af98
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.14-5ubuntu8.4_amd64.deb
Size/MD5: 2366 e672be8888f996c88ecc89a7028e1627
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.14-5ubuntu8.4_amd64.deb
Size/MD5: 136256 98cb1e84d40d909d4d0ad4aca6f30de2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.14-5ubuntu8.4_amd64.deb
Size/MD5: 137296 515247ff5030aa36b60adba52442c740
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.14-5ubuntu8.4_amd64.deb
Size/MD5: 161144 2bb237d9a4439f423f4fa114a2525a12
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.14-5ubuntu8.4_amd64.deb
Size/MD5: 2730470 eab39d33b994199d36ebb957a123dbd4
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.14-5ubuntu8.4_amd64.deb
Size/MD5: 290016 fddb6361852490101e224a7c1f82f05c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.14-5ubuntu8.4_amd64.deb
Size/MD5: 1478 b7c29c953866efbc2ec4175fcf487f20
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-mpm-itk_2.2.14-5ubuntu8.4_amd64.deb
Size/MD5: 2416 9a58afd42551ead0286ed61d8d759480
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.14-5ubuntu8.4_amd64.deb
Size/MD5: 96900 bac870aae281673809371b223e98730e
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.14-5ubuntu8.4_amd64.deb
Size/MD5: 95280 a137d32d18872d9536e13f07ec6fd9b4
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.14-5ubuntu8.4_i386.deb
Size/MD5: 2398 4970639c8f7929558a4f178918c71ed0
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.14-5ubuntu8.4_i386.deb
Size/MD5: 2426 46c5fa6d2335809a08df67ff56601eb2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.14-5ubuntu8.4_i386.deb
Size/MD5: 2372 9a2309b55f8ff81d6910ba3e90768823
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.14-5ubuntu8.4_i386.deb
Size/MD5: 136280 a34b804f15dd99cce4fef5d25176fb74
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.14-5ubuntu8.4_i386.deb
Size/MD5: 137320 1c54433a0a33c3e3ed19201dc76e9f58
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.14-5ubuntu8.4_i386.deb
Size/MD5: 159676 e2d37adb96e9617fbb1c8b969b1437da
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.14-5ubuntu8.4_i386.deb
Size/MD5: 2622444 7516dddc543f6cb5f94b68c17912410e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.14-5ubuntu8.4_i386.deb
Size/MD5: 290042 b12f37c292398c2a72251d3435ae4221
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.14-5ubuntu8.4_i386.deb
Size/MD5: 1484 19ff1abb2167ccc156a684b18806c75d
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-mpm-itk_2.2.14-5ubuntu8.4_i386.deb
Size/MD5: 2422 cb08e644167f4d921256f14350be3574
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.14-5ubuntu8.4_i386.deb
Size/MD5: 96256 7037d8cbe08da992b954dd8c0b40d772
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.14-5ubuntu8.4_i386.deb
Size/MD5: 94688 4cd9bef52d2e6dc5b69e2feb22a53bb4
armel architecture (ARM Architecture):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.14-5ubuntu8.4_armel.deb
Size/MD5: 2418 7b269901e2ee8330bb9c663fd87a52f2
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.14-5ubuntu8.4_armel.deb
Size/MD5: 2450 0eb9823e5732b2609b1bab4a9a015396
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.14-5ubuntu8.4_armel.deb
Size/MD5: 2388 d36eeb0ff65a2ad7f77b711bd2b15536
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.14-5ubuntu8.4_armel.deb
Size/MD5: 137490 fbbc19f8ec3b8e265806bbad838015f3
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.14-5ubuntu8.4_armel.deb
Size/MD5: 138604 58930629457b7cbcb7bb376787cd58d1
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.14-5ubuntu8.4_armel.deb
Size/MD5: 166036 11bb48cedf436f4f4165c91dd455cd0a
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.14-5ubuntu8.4_armel.deb
Size/MD5: 2570184 bf5c8de7bd17f69c38f3c010aa6d0687
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.14-5ubuntu8.4_armel.deb
Size/MD5: 296804 b7e72993adef3bb5ebccd01618f6497c
http://ports.ubuntu.com/pool/main/a/apache2/apache2_2.2.14-5ubuntu8.4_armel.deb
Size/MD5: 1484 b666a37339a59449994e13eed862dcf8
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-mpm-itk_2.2.14-5ubuntu8.4_armel.deb
Size/MD5: 2430 b6db059708469f9a5e5ad6442b555632
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.14-5ubuntu8.4_armel.deb
Size/MD5: 96048 9552f51119734d54d191de544648824e
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.14-5ubuntu8.4_armel.deb
Size/MD5: 94420 e2ec6d54b05f732b5f6beda813050216
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.14-5ubuntu8.4_powerpc.deb
Size/MD5: 2400 6d0d60a2ba2b0614f84c29615c2fab68
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.14-5ubuntu8.4_powerpc.deb
Size/MD5: 2426 7b241f8cf87d2d1a2e0609d59233315f
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.14-5ubuntu8.4_powerpc.deb
Size/MD5: 2370 7b7d53516231e64e9e33fcdb21fb79c8
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.14-5ubuntu8.4_powerpc.deb
Size/MD5: 136286 ee325a5dadbfc853bb85833f4a9697a0
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.14-5ubuntu8.4_powerpc.deb
Size/MD5: 137326 bafa0e2940b070741e9925d45b9929eb
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.14-5ubuntu8.4_powerpc.deb
Size/MD5: 165972 7a162a07a604396bb869e48349987f20
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.14-5ubuntu8.4_powerpc.deb
Size/MD5: 2765528 6433cf125eb9e0ef3d0e2f21d47a35e1
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.14-5ubuntu8.4_powerpc.deb
Size/MD5: 290060 73c20ef9768548a99340075e5c62ad47
http://ports.ubuntu.com/pool/main/a/apache2/apache2_2.2.14-5ubuntu8.4_powerpc.deb
Size/MD5: 1482 68dd440815d96cc7c79e9b113c298432
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-mpm-itk_2.2.14-5ubuntu8.4_powerpc.deb
Size/MD5: 2422 d35130d8b0d0e64f240cc3d5838ec4dd
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.14-5ubuntu8.4_powerpc.deb
Size/MD5: 96814 acc862b8a8fd0cce9968fe096c44d5e2
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.14-5ubuntu8.4_powerpc.deb
Size/MD5: 95158 f60b2c25b5a1b01b1bb0a2b493cd6d02
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.14-5ubuntu8.4_sparc.deb
Size/MD5: 2398 6929b88c9e44d507ab0e03865c1edb8e
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.14-5ubuntu8.4_sparc.deb
Size/MD5: 2428 bab8d175709b58469ad9bcbf6a37fa75
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.14-5ubuntu8.4_sparc.deb
Size/MD5: 2374 dd6508665c6085db3d481c301106b1ea
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.14-5ubuntu8.4_sparc.deb
Size/MD5: 136266 17359c6d663f70cc875bc132e605bbcd
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.14-5ubuntu8.4_sparc.deb
Size/MD5: 137304 fdadd775a849f1d509e3c06e897b16a1
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.14-5ubuntu8.4_sparc.deb
Size/MD5: 165934 0038d53032dd272071361e87baa6b3db
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.14-5ubuntu8.4_sparc.deb
Size/MD5: 2593250 834feb1137b15ed401121da6a3dde53e
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.14-5ubuntu8.4_sparc.deb
Size/MD5: 290046 ccb65f6f739901f563c594b6ede83d14
http://ports.ubuntu.com/pool/main/a/apache2/apache2_2.2.14-5ubuntu8.4_sparc.deb
Size/MD5: 1484 7364939ba13e0485a429f4cb0778401f
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-mpm-itk_2.2.14-5ubuntu8.4_sparc.deb
Size/MD5: 2426 39ad9b647530c6a093f3af4e057186db
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.14-5ubuntu8.4_sparc.deb
Size/MD5: 96708 1d9a1e4af412fce2ef9e8d59e76ba701
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.14-5ubuntu8.4_sparc.deb
Size/MD5: 95030 24cae3e808f72d139e8c8f9a0a1a5f38
Updated packages for Ubuntu 10.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.16-1ubuntu3.1.diff.gz
Size/MD5: 210573 e26889953d3627e2422fec608fc80c3d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.16-1ubuntu3.1.dsc
Size/MD5: 2686 ea9a620794423fa14751e5cd43fa4ca5
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.16.orig.tar.gz
Size/MD5: 6369022 7f33f2c8b213ad758c009ae46d2795ed
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.16-1ubuntu3.1_all.deb
Size/MD5: 2281132 494153ffbed2685dde1f6916f2a08cca
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.16-1ubuntu3.1_amd64.deb
Size/MD5: 2346 00e768131218fed520005c54e40e003d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.16-1ubuntu3.1_amd64.deb
Size/MD5: 2374 3d95d9e31bea8d0806c6eec320ac15cb
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.16-1ubuntu3.1_amd64.deb
Size/MD5: 2318 ca7c42028becd3dc67b57e7bef8ef10a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.16-1ubuntu3.1_amd64.deb
Size/MD5: 136352 9c6890b3ea07d4bdb3bf61434331eea1
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.16-1ubuntu3.1_amd64.deb
Size/MD5: 137404 47b6cf10e5d1d2f6694f7e66075bb78d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.16-1ubuntu3.1_amd64.deb
Size/MD5: 164446 051b56eca89069afe34fa087d61c733c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.16-1ubuntu3.1_amd64.deb
Size/MD5: 2708768 c39117c9b15969612466f50b447c83fb
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.16-1ubuntu3.1_amd64.deb
Size/MD5: 301360 1dd5f68877240b580f4170eb8899ee78
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.16-1ubuntu3.1_amd64.deb
Size/MD5: 1480 bf4687f34a36e2dd5fd6abeb8b4d4f95
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-mpm-itk_2.2.16-1ubuntu3.1_amd64.deb
Size/MD5: 2372 1f19a348c1d7b3ed9d6f0878b5b272e9
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.16-1ubuntu3.1_amd64.deb
Size/MD5: 63248 fe1af941aa4eb9131ccccdba0e1f1d39
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.16-1ubuntu3.1_amd64.deb
Size/MD5: 61608 470342447d4ac4918f1b1d085dff3145
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.16-1ubuntu3.1_i386.deb
Size/MD5: 2348 08f85de3ba757debc03542b7fc8bb7f2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.16-1ubuntu3.1_i386.deb
Size/MD5: 2370 ddc38a5cdc523d48f3b2245d15fab0e1
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.16-1ubuntu3.1_i386.deb
Size/MD5: 2318 10262b0fe6e8f4711dcf4f78e554ce48
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.16-1ubuntu3.1_i386.deb
Size/MD5: 136346 8df092b1962d1f1b1a0fc2515ecba1ff
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.16-1ubuntu3.1_i386.deb
Size/MD5: 137398 7f456e656957af71a105b354c82da467
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.16-1ubuntu3.1_i386.deb
Size/MD5: 162926 543ef93eca3885696733bdb701a90f11
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.16-1ubuntu3.1_i386.deb
Size/MD5: 2599636 de6c8c71455af7457b3d5aed41f6a6a1
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.16-1ubuntu3.1_i386.deb
Size/MD5: 301338 0e03201bef1db838eae11578c300639c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.16-1ubuntu3.1_i386.deb
Size/MD5: 1484 b9ab3e6acb3d599d3fe5151c99d4ed9b
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-mpm-itk_2.2.16-1ubuntu3.1_i386.deb
Size/MD5: 2372 99101004b20ee162d8756260db08f3c6
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.16-1ubuntu3.1_i386.deb
Size/MD5: 62616 223469805f5385cc39303d40e15fde9f
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.16-1ubuntu3.1_i386.deb
Size/MD5: 61084 9bc45e0880ce5040fefe8bd69a43a336
armel architecture (ARM Architecture):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.16-1ubuntu3.1_armel.deb
Size/MD5: 2358 76401e331821ff276e7644756b27d226
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.16-1ubuntu3.1_armel.deb
Size/MD5: 2386 e27b65bb92caa4de4454244ace916b5a
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.16-1ubuntu3.1_armel.deb
Size/MD5: 2330 b930ca53ad10db075535a85b3c65998e
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.16-1ubuntu3.1_armel.deb
Size/MD5: 137000 58a0c4cd01b9a74d6c70331910d3f675
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.16-1ubuntu3.1_armel.deb
Size/MD5: 137980 f9abd743069a6a5b0d3d12b7b3f394bf
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.16-1ubuntu3.1_armel.deb
Size/MD5: 171270 41c4177586990d5b0ffb6d400143dd05
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.16-1ubuntu3.1_armel.deb
Size/MD5: 2597444 f39c0e92a9d29b576481f5aefa092942
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.16-1ubuntu3.1_armel.deb
Size/MD5: 308998 e065288aef4c6eff945d875dc3ac0cfd
http://ports.ubuntu.com/pool/main/a/apache2/apache2_2.2.16-1ubuntu3.1_armel.deb
Size/MD5: 1484 a139b1e561a9e9aa5363b9c06a0b6850
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-mpm-itk_2.2.16-1ubuntu3.1_armel.deb
Size/MD5: 2388 9ec0b59a116e500e700c196ef84afadf
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.16-1ubuntu3.1_armel.deb
Size/MD5: 62568 d1354d5a2b5bc2007b7b0dfe0f7dd029
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.16-1ubuntu3.1_armel.deb
Size/MD5: 61040 5c9f05ef22ab25d170adde8fc3ac1baa
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.16-1ubuntu3.1_powerpc.deb
Size/MD5: 2356 e8d3ec459e0e6f561b512c43b5883261
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.16-1ubuntu3.1_powerpc.deb
Size/MD5: 2376 090d1fa0b687fd98ef9c8a57d6436a46
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.16-1ubuntu3.1_powerpc.deb
Size/MD5: 2328 eb2755e9de3df3adfdd0df8e139f8fd7
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.16-1ubuntu3.1_powerpc.deb
Size/MD5: 136376 04fea44be8c57e9aac5c65692a98a33c
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.16-1ubuntu3.1_powerpc.deb
Size/MD5: 137430 f773f801e1b1fb3cbfbcfe4199f1c708
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.16-1ubuntu3.1_powerpc.deb
Size/MD5: 169084 8554332e458f686edd300669e824430a
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.16-1ubuntu3.1_powerpc.deb
Size/MD5: 2746688 692017e3371da59f57290dd720ec513e
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.16-1ubuntu3.1_powerpc.deb
Size/MD5: 301376 aadf2f481ad35398288c1bf4f89f6d6e
http://ports.ubuntu.com/pool/main/a/apache2/apache2_2.2.16-1ubuntu3.1_powerpc.deb
Size/MD5: 1490 3364ae2f5f0388fb16de7d0927b0a17c
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-mpm-itk_2.2.16-1ubuntu3.1_powerpc.deb
Size/MD5: 2376 09345c3706b6106802bbfa01ee2e8f52
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.16-1ubuntu3.1_powerpc.deb
Size/MD5: 63140 8163a71079cbc6f0aa8e004ddf082b2d
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.16-1ubuntu3.1_powerpc.deb
Size/MD5: 61554 3d5ddc7250edc6c9d36b8323b8bb53c9
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: JBoss Enterprise Web Server 1.0.2 update
Advisory ID: RHSA-2011:0897-01
Product: JBoss Enterprise Web Server
Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0897.html
Issue date: 2011-06-22
CVE Names: CVE-2010-1157 CVE-2010-1452 CVE-2010-1623
CVE-2010-3718 CVE-2010-4172 CVE-2011-0013
CVE-2011-0419
=====================================================================
1. Summary:
JBoss Enterprise Web Server 1.0.2 is now available for Red Hat Enterprise
Linux 4, 5, and 6.
The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
2. Relevant releases/architectures:
JBoss Enterprise Web Server 1.0 for RHEL 4 AS - i386, noarch, x86_64
JBoss Enterprise Web Server 1.0 for RHEL 4 ES - i386, noarch, x86_64
JBoss Enterprise Web Server 1.0 for RHEL 5 Server - i386, noarch, x86_64
JBoss Enterprise Web Server 1.0 for RHEL 6 Server - i386, noarch, x86_64
3. Description:
JBoss Enterprise Web Server is a fully-integrated and certified set of
components for hosting Java web applications.
This is the first release of JBoss Enterprise Web Server for Red Hat
Enterprise Linux 6. For Red Hat Enterprise Linux 4 and 5, this release
serves as a replacement for JBoss Enterprise Web Server 1.0.1, and includes
a number of bug fixes. Refer to the Release Notes, linked in the
References, for more information.
This update corrects security flaws in the following components:
tomcat6:
A cross-site scripting (XSS) flaw was found in the Manager application,
used for managing web applications on Apache Tomcat. If a remote attacker
could trick a user who is logged into the Manager application into visiting
a specially-crafted URL, the attacker could perform Manager application
tasks with the privileges of the logged in user. (CVE-2010-4172)
tomcat5 and tomcat6:
It was found that web applications could modify the location of the Apache
Tomcat host's work directory. As web applications deployed on Tomcat have
read and write access to this directory, a malicious web application could
use this flaw to trick Tomcat into giving it read and write access to an
arbitrary directory on the file system. (CVE-2010-3718)
A second cross-site scripting (XSS) flaw was found in the Manager
application. A malicious web application could use this flaw to conduct an
XSS attack, leading to arbitrary web script execution with the privileges
of victims who are logged into and viewing Manager application web pages.
(CVE-2011-0013)
A possible minor information leak was found in the way Apache Tomcat
generated HTTP BASIC and DIGEST authentication requests. For configurations
where a realm name was not specified and Tomcat was accessed via a proxy,
the default generated realm contained the hostname and port used by the
proxy to send requests to the Tomcat server. (CVE-2010-1157)
httpd:
A flaw was found in the way the mod_dav module of the Apache HTTP Server
handled certain requests. If a remote attacker were to send a carefully
crafted request to the server, it could cause the httpd child process to
crash. (CVE-2010-1452)
apr:
It was found that the apr_fnmatch() function used an unconstrained
recursion when processing patterns with the '*' wildcard. An attacker could
use this flaw to cause an application using this function, which also
accepted untrusted input as a pattern for matching (such as an httpd server
using the mod_autoindex module), to exhaust all stack memory or use an
excessive amount of CPU time when performing matching. (CVE-2011-0419)
apr-util:
It was found that certain input could cause the apr-util library to
allocate more memory than intended in the apr_brigade_split_line()
function. An attacker able to provide input in small chunks to an
application using the apr-util library (such as httpd) could possibly use
this flaw to trigger high memory consumption. Note: This issue only
affected the JBoss Enterprise Web Server packages on Red Hat Enterprise
Linux 4. (CVE-2010-1623)
All users of JBoss Enterprise Web Server 1.0.1 are advised to upgrade to
JBoss Enterprise Web Server 1.0.2, which corrects these issues. After
installing this update, the relevant Apache Tomcat service ("tomcat5" or
"tomcat6") and the Apache HTTP Server ("httpd") must be restarted for the
update to take effect.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259
5. Bugs fixed (http://bugzilla.redhat.com/):
585331 - CVE-2010-1157 tomcat: information disclosure in authentication headers
618189 - CVE-2010-1452 httpd mod_cache, mod_dav: DoS (httpd child process crash) by parsing URI structure with missing path segments
640281 - CVE-2010-1623 apr-util: high memory consumption in apr_brigade_split_line()
656246 - CVE-2010-4172 tomcat: cross-site-scripting vulnerability in the manager application
675786 - CVE-2011-0013 tomcat: XSS vulnerability in HTML Manager interface
675792 - CVE-2010-3718 tomcat: file permission bypass flaw
677655 - JBEWS 1.0.2 release tracker bug for RHEL 4
677657 - JBEWS 1.0.2 release tracker bug for RHEL-5
677659 - JBEWS 1.0.2 release tracker bug for RHEL-6
703390 - CVE-2011-0419 apr: unconstrained recursion in apr_fnmatch
6. Package List:
JBoss Enterprise Web Server 1.0 for RHEL 4 AS:
Source:
ant-1.7.1-13.jdk6.ep5.el4.src.rpm
antlr-2.7.7-7.ep5.el4.src.rpm
bcel-5.2-8.1.ep5.el4.src.rpm
cglib-2.2-5.1.1.jdk6.ep5.el4.src.rpm
dom4j-1.6.1-11.ep5.el4.src.rpm
ecj-3.3.1.1-3.2.2.jdk6.ep5.el4.src.rpm
glassfish-jaf-1.1.0-6.1.1.jdk6.ep5.el4.src.rpm
glassfish-javamail-1.4.2-0.4.ep5.el4.src.rpm
glassfish-jsf-1.2_13-2.2.1.jdk6.ep5.el4.src.rpm
hibernate3-3.3.2-1.5.GA_CP04.ep5.el4.src.rpm
hibernate3-annotations-3.4.0-3.3.GA_CP04.ep5.el4.src.rpm
hibernate3-commons-annotations-3.1.0-1.8.ep5.el4.src.rpm
hibernate3-ejb-persistence-3.0-api-1.0.2-3.jdk6.ep5.el4.src.rpm
hibernate3-entitymanager-3.4.0-4.3.GA_CP04.ep5.el4.src.rpm
httpd22-2.2.17-14.ep5.el4.src.rpm
jakarta-commons-beanutils-1.8.0-4.1.1.jdk6.ep5.el4.src.rpm
jakarta-commons-chain-1.2-2.2.ep5.el4.src.rpm
jakarta-commons-codec-1.3-9.1.1.jdk6.ep5.el4.src.rpm
jakarta-commons-collections-3.2.1-4.ep5.el4.src.rpm
jakarta-commons-daemon-1.0.5-1.ep5.el4.src.rpm
jakarta-commons-daemon-jsvc-1.0.5-1.4.ep5.el4.src.rpm
jakarta-commons-dbcp-1.2.1-16.4.ep5.el4.src.rpm
jakarta-commons-digester-1.8.1-8.1.jdk6.ep5.el4.src.rpm
jakarta-commons-el-1.0-19.2.jdk6.ep5.el4.src.rpm
jakarta-commons-fileupload-1.1.1-7.4.ep5.el4.src.rpm
jakarta-commons-httpclient-3.1-1.1.1.jdk6.ep5.el4.src.rpm
jakarta-commons-io-1.4-1.3.1.jdk6.ep5.el4.src.rpm
jakarta-commons-launcher-1.1-4.6.1.ep5.el4.src.rpm
jakarta-commons-logging-1.1.1-0.4.1.jdk6.ep5.el4.src.rpm
jakarta-commons-logging-jboss-1.1-10.2.1.jdk6.ep5.el4.src.rpm
jakarta-commons-modeler-2.0-4.ep5.el4.src.rpm
jakarta-commons-pool-1.3-11.2.1.jdk6.ep5.el4.src.rpm
jakarta-commons-validator-1.3.1-7.5.1.ep5.el4.src.rpm
jakarta-oro-2.0.8-3.3.2.1.jdk6.ep5.el4.src.rpm
jakarta-taglibs-standard-1.1.1-9.ep5.el4.src.rpm
javassist-3.12.0-1.jdk6.ep5.el4.src.rpm
jboss-common-core-2.2.17-1.ep5.el4.src.rpm
jboss-common-logging-jdk-2.1.2-1.ep5.el4.src.rpm
jboss-common-logging-spi-2.1.2-1.ep5.el4.src.rpm
jboss-javaee-5.0.1-2.9.ep5.el4.src.rpm
jcommon-1.0.16-1.2.1.jdk6.ep5.el4.src.rpm
jfreechart-1.0.13-2.3.2.1.jdk6.ep5.el4.src.rpm
log4j-1.2.14-18.1.jdk6.ep5.el4.src.rpm
mod_cluster-1.0.10-2.GA_CP01.ep5.el4.src.rpm
mod_cluster-native-1.0.10-2.GA_CP01.ep5.el4.src.rpm
mod_jk-1.2.31-1.ep5.el4.src.rpm
mx4j-3.0.1-9.3.4.ep5.el4.src.rpm
objectweb-asm-3.1-5.3.1.jdk6.ep5.el4.src.rpm
regexp-1.5-1.2.1.jdk6.ep5.el4.src.rpm
struts12-1.2.9-3.ep5.el4.src.rpm
tomcat-jkstatus-ant-1.2.31-2.ep5.el4.src.rpm
tomcat-native-1.1.20-2.0.ep5.el4.src.rpm
tomcat5-5.5.33-14_patch_04.ep5.el4.src.rpm
tomcat6-6.0.32-15_patch_03.ep5.el4.src.rpm
xalan-j2-2.7.1-5.3_patch_04.ep5.el4.src.rpm
xerces-j2-2.9.1-3.patch01.1.ep5.el4.src.rpm
xml-commons-1.3.04-7.12.ep5.el4.src.rpm
i386:
httpd22-2.2.17-14.ep5.el4.i386.rpm
httpd22-apr-2.2.17-14.ep5.el4.i386.rpm
httpd22-apr-devel-2.2.17-14.ep5.el4.i386.rpm
httpd22-apr-util-2.2.17-14.ep5.el4.i386.rpm
httpd22-apr-util-devel-2.2.17-14.ep5.el4.i386.rpm
httpd22-debuginfo-2.2.17-14.ep5.el4.i386.rpm
httpd22-devel-2.2.17-14.ep5.el4.i386.rpm
httpd22-manual-2.2.17-14.ep5.el4.i386.rpm
jakarta-commons-daemon-jsvc-1.0.5-1.4.ep5.el4.i386.rpm
jakarta-commons-daemon-jsvc-debuginfo-1.0.5-1.4.ep5.el4.i386.rpm
mod_cluster-native-1.0.10-2.GA_CP01.ep5.el4.i386.rpm
mod_cluster-native-debuginfo-1.0.10-2.GA_CP01.ep5.el4.i386.rpm
mod_jk-ap20-1.2.31-1.ep5.el4.i386.rpm
mod_jk-debuginfo-1.2.31-1.ep5.el4.i386.rpm
mod_jk-manual-1.2.31-1.ep5.el4.i386.rpm
mod_ssl22-2.2.17-14.ep5.el4.i386.rpm
tomcat-native-1.1.20-2.0.ep5.el4.i386.rpm
tomcat-native-debuginfo-1.1.20-2.0.ep5.el4.i386.rpm
noarch:
ant-1.7.1-13.jdk6.ep5.el4.noarch.rpm
antlr-2.7.7-7.ep5.el4.noarch.rpm
bcel-5.2-8.1.ep5.el4.noarch.rpm
cglib-2.2-5.1.1.jdk6.ep5.el4.noarch.rpm
dom4j-1.6.1-11.ep5.el4.noarch.rpm
ecj-3.3.1.1-3.2.2.jdk6.ep5.el4.noarch.rpm
glassfish-jaf-1.1.0-6.1.1.jdk6.ep5.el4.noarch.rpm
glassfish-javamail-1.4.2-0.4.ep5.el4.noarch.rpm
glassfish-jsf-1.2_13-2.2.1.jdk6.ep5.el4.noarch.rpm
hibernate3-3.3.2-1.5.GA_CP04.ep5.el4.noarch.rpm
hibernate3-annotations-3.4.0-3.3.GA_CP04.ep5.el4.noarch.rpm
hibernate3-annotations-javadoc-3.4.0-3.3.GA_CP04.ep5.el4.noarch.rpm
hibernate3-commons-annotations-3.1.0-1.8.ep5.el4.noarch.rpm
hibernate3-commons-annotations-javadoc-3.1.0-1.8.ep5.el4.noarch.rpm
hibernate3-ejb-persistence-3.0-api-1.0.2-3.jdk6.ep5.el4.noarch.rpm
hibernate3-ejb-persistence-3.0-api-javadoc-1.0.2-3.jdk6.ep5.el4.noarch.rpm
hibernate3-entitymanager-3.4.0-4.3.GA_CP04.ep5.el4.noarch.rpm
hibernate3-entitymanager-javadoc-3.4.0-4.3.GA_CP04.ep5.el4.noarch.rpm
hibernate3-javadoc-3.3.2-1.5.GA_CP04.ep5.el4.noarch.rpm
jakarta-commons-beanutils-1.8.0-4.1.1.jdk6.ep5.el4.noarch.rpm
jakarta-commons-chain-1.2-2.2.ep5.el4.noarch.rpm
jakarta-commons-codec-1.3-9.1.1.jdk6.ep5.el4.noarch.rpm
jakarta-commons-collections-3.2.1-4.ep5.el4.noarch.rpm
jakarta-commons-collections-tomcat5-3.2.1-4.ep5.el4.noarch.rpm
jakarta-commons-daemon-1.0.5-1.ep5.el4.noarch.rpm
jakarta-commons-dbcp-1.2.1-16.4.ep5.el4.noarch.rpm
jakarta-commons-dbcp-tomcat5-1.2.1-16.4.ep5.el4.noarch.rpm
jakarta-commons-digester-1.8.1-8.1.jdk6.ep5.el4.noarch.rpm
jakarta-commons-el-1.0-19.2.jdk6.ep5.el4.noarch.rpm
jakarta-commons-fileupload-1.1.1-7.4.ep5.el4.noarch.rpm
jakarta-commons-httpclient-3.1-1.1.1.jdk6.ep5.el4.noarch.rpm
jakarta-commons-io-1.4-1.3.1.jdk6.ep5.el4.noarch.rpm
jakarta-commons-launcher-1.1-4.6.1.ep5.el4.noarch.rpm
jakarta-commons-logging-1.1.1-0.4.1.jdk6.ep5.el4.noarch.rpm
jakarta-commons-logging-jboss-1.1-10.2.1.jdk6.ep5.el4.noarch.rpm
jakarta-commons-logging-tomcat6-1.1.1-0.4.1.jdk6.ep5.el4.noarch.rpm
jakarta-commons-modeler-2.0-4.ep5.el4.noarch.rpm
jakarta-commons-pool-1.3-11.2.1.jdk6.ep5.el4.noarch.rpm
jakarta-commons-pool-tomcat5-1.3-11.2.1.jdk6.ep5.el4.noarch.rpm
jakarta-commons-validator-1.3.1-7.5.1.ep5.el4.noarch.rpm
jakarta-oro-2.0.8-3.3.2.1.jdk6.ep5.el4.noarch.rpm
jakarta-taglibs-standard-1.1.1-9.ep5.el4.noarch.rpm
javassist-3.12.0-1.jdk6.ep5.el4.noarch.rpm
jboss-common-core-2.2.17-1.ep5.el4.noarch.rpm
jboss-common-logging-jdk-2.1.2-1.ep5.el4.noarch.rpm
jboss-common-logging-spi-2.1.2-1.ep5.el4.noarch.rpm
jboss-javaee-poms-5.0.1-2.9.ep5.el4.noarch.rpm
jboss-jms-1.1-api-5.0.1-2.9.ep5.el4.noarch.rpm
jboss-transaction-1.0.1-api-5.0.1-2.9.ep5.el4.noarch.rpm
jcommon-1.0.16-1.2.1.jdk6.ep5.el4.noarch.rpm
jfreechart-1.0.13-2.3.2.1.jdk6.ep5.el4.noarch.rpm
log4j-1.2.14-18.1.jdk6.ep5.el4.noarch.rpm
mod_cluster-demo-1.0.10-2.GA_CP01.ep5.el4.noarch.rpm
mod_cluster-jbossas-1.0.10-2.GA_CP01.ep5.el4.noarch.rpm
mod_cluster-jbossweb2-1.0.10-2.GA_CP01.ep5.el4.noarch.rpm
mod_cluster-tomcat6-1.0.10-2.GA_CP01.ep5.el4.noarch.rpm
mx4j-3.0.1-9.3.4.ep5.el4.noarch.rpm
objectweb-asm-3.1-5.3.1.jdk6.ep5.el4.noarch.rpm
regexp-1.5-1.2.1.jdk6.ep5.el4.noarch.rpm
struts12-1.2.9-3.ep5.el4.noarch.rpm
tomcat-jkstatus-ant-1.2.31-2.ep5.el4.noarch.rpm
tomcat5-5.5.33-14_patch_04.ep5.el4.noarch.rpm
tomcat5-admin-webapps-5.5.33-14_patch_04.ep5.el4.noarch.rpm
tomcat5-common-lib-5.5.33-14_patch_04.ep5.el4.noarch.rpm
tomcat5-jasper-5.5.33-14_patch_04.ep5.el4.noarch.rpm
tomcat5-jasper-eclipse-5.5.33-14_patch_04.ep5.el4.noarch.rpm
tomcat5-jasper-javadoc-5.5.33-14_patch_04.ep5.el4.noarch.rpm
tomcat5-jsp-2.0-api-5.5.33-14_patch_04.ep5.el4.noarch.rpm
tomcat5-jsp-2.0-api-javadoc-5.5.33-14_patch_04.ep5.el4.noarch.rpm
tomcat5-parent-5.5.33-14_patch_04.ep5.el4.noarch.rpm
tomcat5-server-lib-5.5.33-14_patch_04.ep5.el4.noarch.rpm
tomcat5-servlet-2.4-api-5.5.33-14_patch_04.ep5.el4.noarch.rpm
tomcat5-servlet-2.4-api-javadoc-5.5.33-14_patch_04.ep5.el4.noarch.rpm
tomcat5-webapps-5.5.33-14_patch_04.ep5.el4.noarch.rpm
tomcat6-6.0.32-15_patch_03.ep5.el4.noarch.rpm
tomcat6-admin-webapps-6.0.32-15_patch_03.ep5.el4.noarch.rpm
tomcat6-docs-webapp-6.0.32-15_patch_03.ep5.el4.noarch.rpm
tomcat6-el-1.0-api-6.0.32-15_patch_03.ep5.el4.noarch.rpm
tomcat6-javadoc-6.0.32-15_patch_03.ep5.el4.noarch.rpm
tomcat6-jsp-2.1-api-6.0.32-15_patch_03.ep5.el4.noarch.rpm
tomcat6-lib-6.0.32-15_patch_03.ep5.el4.noarch.rpm
tomcat6-log4j-6.0.32-15_patch_03.ep5.el4.noarch.rpm
tomcat6-servlet-2.5-api-6.0.32-15_patch_03.ep5.el4.noarch.rpm
tomcat6-webapps-6.0.32-15_patch_03.ep5.el4.noarch.rpm
xalan-j2-2.7.1-5.3_patch_04.ep5.el4.noarch.rpm
xerces-j2-2.9.1-3.patch01.1.ep5.el4.noarch.rpm
xml-commons-1.3.04-7.12.ep5.el4.noarch.rpm
xml-commons-jaxp-1.2-apis-1.3.04-7.12.ep5.el4.noarch.rpm
xml-commons-jaxp-1.3-apis-1.3.04-7.12.ep5.el4.noarch.rpm
xml-commons-resolver12-1.3.04-7.12.ep5.el4.noarch.rpm
x86_64:
httpd22-2.2.17-14.ep5.el4.x86_64.rpm
httpd22-apr-2.2.17-14.ep5.el4.x86_64.rpm
httpd22-apr-devel-2.2.17-14.ep5.el4.x86_64.rpm
httpd22-apr-util-2.2.17-14.ep5.el4.x86_64.rpm
httpd22-apr-util-devel-2.2.17-14.ep5.el4.x86_64.rpm
httpd22-debuginfo-2.2.17-14.ep5.el4.x86_64.rpm
httpd22-devel-2.2.17-14.ep5.el4.x86_64.rpm
httpd22-manual-2.2.17-14.ep5.el4.x86_64.rpm
jakarta-commons-daemon-jsvc-1.0.5-1.4.ep5.el4.x86_64.rpm
jakarta-commons-daemon-jsvc-debuginfo-1.0.5-1.4.ep5.el4.x86_64.rpm
mod_cluster-native-1.0.10-2.GA_CP01.ep5.el4.x86_64.rpm
mod_cluster-native-debuginfo-1.0.10-2.GA_CP01.ep5.el4.x86_64.rpm
mod_jk-ap20-1.2.31-1.ep5.el4.x86_64.rpm
mod_jk-debuginfo-1.2.31-1.ep5.el4.x86_64.rpm
mod_jk-manual-1.2.31-1.ep5.el4.x86_64.rpm
mod_ssl22-2.2.17-14.ep5.el4.x86_64.rpm
tomcat-native-1.1.20-2.0.ep5.el4.x86_64.rpm
tomcat-native-debuginfo-1.1.20-2.0.ep5.el4.x86_64.rpm
JBoss Enterprise Web Server 1.0 for RHEL 4 ES:
Source:
ant-1.7.1-13.jdk6.ep5.el4.src.rpm
antlr-2.7.7-7.ep5.el4.src.rpm
bcel-5.2-8.1.ep5.el4.src.rpm
cglib-2.2-5.1.1.jdk6.ep5.el4.src.rpm
dom4j-1.6.1-11.ep5.el4.src.rpm
ecj-3.3.1.1-3.2.2.jdk6.ep5.el4.src.rpm
glassfish-jaf-1.1.0-6.1.1.jdk6.ep5.el4.src.rpm
glassfish-javamail-1.4.2-0.4.ep5.el4.src.rpm
glassfish-jsf-1.2_13-2.2.1.jdk6.ep5.el4.src.rpm
hibernate3-3.3.2-1.5.GA_CP04.ep5.el4.src.rpm
hibernate3-annotations-3.4.0-3.3.GA_CP04.ep5.el4.src.rpm
hibernate3-commons-annotations-3.1.0-1.8.ep5.el4.src.rpm
hibernate3-ejb-persistence-3.0-api-1.0.2-3.jdk6.ep5.el4.src.rpm
hibernate3-entitymanager-3.4.0-4.3.GA_CP04.ep5.el4.src.rpm
httpd22-2.2.17-14.ep5.el4.src.rpm
jakarta-commons-beanutils-1.8.0-4.1.1.jdk6.ep5.el4.src.rpm
jakarta-commons-chain-1.2-2.2.ep5.el4.src.rpm
jakarta-commons-codec-1.3-9.1.1.jdk6.ep5.el4.src.rpm
jakarta-commons-collections-3.2.1-4.ep5.el4.src.rpm
jakarta-commons-daemon-1.0.5-1.ep5.el4.src.rpm
jakarta-commons-daemon-jsvc-1.0.5-1.4.ep5.el4.src.rpm
jakarta-commons-dbcp-1.2.1-16.4.ep5.el4.src.rpm
jakarta-commons-digester-1.8.1-8.1.jdk6.ep5.el4.src.rpm
jakarta-commons-el-1.0-19.2.jdk6.ep5.el4.src.rpm
jakarta-commons-fileupload-1.1.1-7.4.ep5.el4.src.rpm
jakarta-commons-httpclient-3.1-1.1.1.jdk6.ep5.el4.src.rpm
jakarta-commons-io-1.4-1.3.1.jdk6.ep5.el4.src.rpm
jakarta-commons-launcher-1.1-4.6.1.ep5.el4.src.rpm
jakarta-commons-logging-1.1.1-0.4.1.jdk6.ep5.el4.src.rpm
jakarta-commons-logging-jboss-1.1-10.2.1.jdk6.ep5.el4.src.rpm
jakarta-commons-modeler-2.0-4.ep5.el4.src.rpm
jakarta-commons-pool-1.3-11.2.1.jdk6.ep5.el4.src.rpm
jakarta-commons-validator-1.3.1-7.5.1.ep5.el4.src.rpm
jakarta-oro-2.0.8-3.3.2.1.jdk6.ep5.el4.src.rpm
jakarta-taglibs-standard-1.1.1-9.ep5.el4.src.rpm
javassist-3.12.0-1.jdk6.ep5.el4.src.rpm
jboss-common-core-2.2.17-1.ep5.el4.src.rpm
jboss-common-logging-jdk-2.1.2-1.ep5.el4.src.rpm
jboss-common-logging-spi-2.1.2-1.ep5.el4.src.rpm
jboss-javaee-5.0.1-2.9.ep5.el4.src.rpm
jcommon-1.0.16-1.2.1.jdk6.ep5.el4.src.rpm
jfreechart-1.0.13-2.3.2.1.jdk6.ep5.el4.src.rpm
log4j-1.2.14-18.1.jdk6.ep5.el4.src.rpm
mod_cluster-1.0.10-2.GA_CP01.ep5.el4.src.rpm
mod_cluster-native-1.0.10-2.GA_CP01.ep5.el4.src.rpm
mod_jk-1.2.31-1.ep5.el4.src.rpm
mx4j-3.0.1-9.3.4.ep5.el4.src.rpm
objectweb-asm-3.1-5.3.1.jdk6.ep5.el4.src.rpm
regexp-1.5-1.2.1.jdk6.ep5.el4.src.rpm
struts12-1.2.9-3.ep5.el4.src.rpm
tomcat-jkstatus-ant-1.2.31-2.ep5.el4.src.rpm
tomcat-native-1.1.20-2.0.ep5.el4.src.rpm
tomcat5-5.5.33-14_patch_04.ep5.el4.src.rpm
tomcat6-6.0.32-15_patch_03.ep5.el4.src.rpm
xalan-j2-2.7.1-5.3_patch_04.ep5.el4.src.rpm
xerces-j2-2.9.1-3.patch01.1.ep5.el4.src.rpm
xml-commons-1.3.04-7.12.ep5.el4.src.rpm
i386:
httpd22-2.2.17-14.ep5.el4.i386.rpm
httpd22-apr-2.2.17-14.ep5.el4.i386.rpm
httpd22-apr-devel-2.2.17-14.ep5.el4.i386.rpm
httpd22-apr-util-2.2.17-14.ep5.el4.i386.rpm
httpd22-apr-util-devel-2.2.17-14.ep5.el4.i386.rpm
httpd22-debuginfo-2.2.17-14.ep5.el4.i386.rpm
httpd22-devel-2.2.17-14.ep5.el4.i386.rpm
httpd22-manual-2.2.17-14.ep5.el4.i386.rpm
jakarta-commons-daemon-jsvc-1.0.5-1.4.ep5.el4.i386.rpm
jakarta-commons-daemon-jsvc-debuginfo-1.0.5-1.4.ep5.el4.i386.rpm
mod_cluster-native-1.0.10-2.GA_CP01.ep5.el4.i386.rpm
mod_cluster-native-debuginfo-1.0.10-2.GA_CP01.ep5.el4.i386.rpm
mod_jk-ap20-1.2.31-1.ep5.el4.i386.rpm
mod_jk-debuginfo-1.2.31-1.ep5.el4.i386.rpm
mod_jk-manual-1.2.31-1.ep5.el4.i386.rpm
mod_ssl22-2.2.17-14.ep5.el4.i386.rpm
tomcat-native-1.1.20-2.0.ep5.el4.i386.rpm
tomcat-native-debuginfo-1.1.20-2.0.ep5.el4.i386.rpm
noarch:
ant-1.7.1-13.jdk6.ep5.el4.noarch.rpm
antlr-2.7.7-7.ep5.el4.noarch.rpm
bcel-5.2-8.1.ep5.el4.noarch.rpm
cglib-2.2-5.1.1.jdk6.ep5.el4.noarch.rpm
dom4j-1.6.1-11.ep5.el4.noarch.rpm
ecj-3.3.1.1-3.2.2.jdk6.ep5.el4.noarch.rpm
glassfish-jaf-1.1.0-6.1.1.jdk6.ep5.el4.noarch.rpm
glassfish-javamail-1.4.2-0.4.ep5.el4.noarch.rpm
glassfish-jsf-1.2_13-2.2.1.jdk6.ep5.el4.noarch.rpm
hibernate3-3.3.2-1.5.GA_CP04.ep5.el4.noarch.rpm
hibernate3-annotations-3.4.0-3.3.GA_CP04.ep5.el4.noarch.rpm
hibernate3-annotations-javadoc-3.4.0-3.3.GA_CP04.ep5.el4.noarch.rpm
hibernate3-commons-annotations-3.1.0-1.8.ep5.el4.noarch.rpm
hibernate3-commons-annotations-javadoc-3.1.0-1.8.ep5.el4.noarch.rpm
hibernate3-ejb-persistence-3.0-api-1.0.2-3.jdk6.ep5.el4.noarch.rpm
hibernate3-ejb-persistence-3.0-api-javadoc-1.0.2-3.jdk6.ep5.el4.noarch.rpm
hibernate3-entitymanager-3.4.0-4.3.GA_CP04.ep5.el4.noarch.rpm
hibernate3-entitymanager-javadoc-3.4.0-4.3.GA_CP04.ep5.el4.noarch.rpm
hibernate3-javadoc-3.3.2-1.5.GA_CP04.ep5.el4.noarch.rpm
jakarta-commons-beanutils-1.8.0-4.1.1.jdk6.ep5.el4.noarch.rpm
jakarta-commons-chain-1.2-2.2.ep5.el4.noarch.rpm
jakarta-commons-codec-1.3-9.1.1.jdk6.ep5.el4.noarch.rpm
jakarta-commons-collections-3.2.1-4.ep5.el4.noarch.rpm
jakarta-commons-collections-tomcat5-3.2.1-4.ep5.el4.noarch.rpm
jakarta-commons-daemon-1.0.5-1.ep5.el4.noarch.rpm
jakarta-commons-dbcp-1.2.1-16.4.ep5.el4.noarch.rpm
jakarta-commons-dbcp-tomcat5-1.2.1-16.4.ep5.el4.noarch.rpm
jakarta-commons-digester-1.8.1-8.1.jdk6.ep5.el4.noarch.rpm
jakarta-commons-el-1.0-19.2.jdk6.ep5.el4.noarch.rpm
jakarta-commons-fileupload-1.1.1-7.4.ep5.el4.noarch.rpm
jakarta-commons-httpclient-3.1-1.1.1.jdk6.ep5.el4.noarch.rpm
jakarta-commons-io-1.4-1.3.1.jdk6.ep5.el4.noarch.rpm
jakarta-commons-launcher-1.1-4.6.1.ep5.el4.noarch.rpm
jakarta-commons-logging-1.1.1-0.4.1.jdk6.ep5.el4.noarch.rpm
jakarta-commons-logging-jboss-1.1-10.2.1.jdk6.ep5.el4.noarch.rpm
jakarta-commons-logging-tomcat6-1.1.1-0.4.1.jdk6.ep5.el4.noarch.rpm
jakarta-commons-modeler-2.0-4.ep5.el4.noarch.rpm
jakarta-commons-pool-1.3-11.2.1.jdk6.ep5.el4.noarch.rpm
jakarta-commons-pool-tomcat5-1.3-11.2.1.jdk6.ep5.el4.noarch.rpm
jakarta-commons-validator-1.3.1-7.5.1.ep5.el4.noarch.rpm
jakarta-oro-2.0.8-3.3.2.1.jdk6.ep5.el4.noarch.rpm
jakarta-taglibs-standard-1.1.1-9.ep5.el4.noarch.rpm
javassist-3.12.0-1.jdk6.ep5.el4.noarch.rpm
jboss-common-core-2.2.17-1.ep5.el4.noarch.rpm
jboss-common-logging-jdk-2.1.2-1.ep5.el4.noarch.rpm
jboss-common-logging-spi-2.1.2-1.ep5.el4.noarch.rpm
jboss-javaee-poms-5.0.1-2.9.ep5.el4.noarch.rpm
jboss-jms-1.1-api-5.0.1-2.9.ep5.el4.noarch.rpm
jboss-transaction-1.0.1-api-5.0.1-2.9.ep5.el4.noarch.rpm
jcommon-1.0.16-1.2.1.jdk6.ep5.el4.noarch.rpm
jfreechart-1.0.13-2.3.2.1.jdk6.ep5.el4.noarch.rpm
log4j-1.2.14-18.1.jdk6.ep5.el4.noarch.rpm
mod_cluster-demo-1.0.10-2.GA_CP01.ep5.el4.noarch.rpm
mod_cluster-jbossas-1.0.10-2.GA_CP01.ep5.el4.noarch.rpm
mod_cluster-jbossweb2-1.0.10-2.GA_CP01.ep5.el4.noarch.rpm
mod_cluster-tomcat6-1.0.10-2.GA_CP01.ep5.el4.noarch.rpm
mx4j-3.0.1-9.3.4.ep5.el4.noarch.rpm
objectweb-asm-3.1-5.3.1.jdk6.ep5.el4.noarch.rpm
regexp-1.5-1.2.1.jdk6.ep5.el4.noarch.rpm
struts12-1.2.9-3.ep5.el4.noarch.rpm
tomcat-jkstatus-ant-1.2.31-2.ep5.el4.noarch.rpm
tomcat5-5.5.33-14_patch_04.ep5.el4.noarch.rpm
tomcat5-admin-webapps-5.5.33-14_patch_04.ep5.el4.noarch.rpm
tomcat5-common-lib-5.5.33-14_patch_04.ep5.el4.noarch.rpm
tomcat5-jasper-5.5.33-14_patch_04.ep5.el4.noarch.rpm
tomcat5-jasper-eclipse-5.5.33-14_patch_04.ep5.el4.noarch.rpm
tomcat5-jasper-javadoc-5.5.33-14_patch_04.ep5.el4.noarch.rpm
tomcat5-jsp-2.0-api-5.5.33-14_patch_04.ep5.el4.noarch.rpm
tomcat5-jsp-2.0-api-javadoc-5.5.33-14_patch_04.ep5.el4.noarch.rpm
tomcat5-parent-5.5.33-14_patch_04.ep5.el4.noarch.rpm
tomcat5-server-lib-5.5.33-14_patch_04.ep5.el4.noarch.rpm
tomcat5-servlet-2.4-api-5.5.33-14_patch_04.ep5.el4.noarch.rpm
tomcat5-servlet-2.4-api-javadoc-5.5.33-14_patch_04.ep5.el4.noarch.rpm
tomcat5-webapps-5.5.33-14_patch_04.ep5.el4.noarch.rpm
tomcat6-6.0.32-15_patch_03.ep5.el4.noarch.rpm
tomcat6-admin-webapps-6.0.32-15_patch_03.ep5.el4.noarch.rpm
tomcat6-docs-webapp-6.0.32-15_patch_03.ep5.el4.noarch.rpm
tomcat6-el-1.0-api-6.0.32-15_patch_03.ep5.el4.noarch.rpm
tomcat6-javadoc-6.0.32-15_patch_03.ep5.el4.noarch.rpm
tomcat6-jsp-2.1-api-6.0.32-15_patch_03.ep5.el4.noarch.rpm
tomcat6-lib-6.0.32-15_patch_03.ep5.el4.noarch.rpm
tomcat6-log4j-6.0.32-15_patch_03.ep5.el4.noarch.rpm
tomcat6-servlet-2.5-api-6.0.32-15_patch_03.ep5.el4.noarch.rpm
tomcat6-webapps-6.0.32-15_patch_03.ep5.el4.noarch.rpm
xalan-j2-2.7.1-5.3_patch_04.ep5.el4.noarch.rpm
xerces-j2-2.9.1-3.patch01.1.ep5.el4.noarch.rpm
xml-commons-1.3.04-7.12.ep5.el4.noarch.rpm
xml-commons-jaxp-1.2-apis-1.3.04-7.12.ep5.el4.noarch.rpm
xml-commons-jaxp-1.3-apis-1.3.04-7.12.ep5.el4.noarch.rpm
xml-commons-resolver12-1.3.04-7.12.ep5.el4.noarch.rpm
x86_64:
httpd22-2.2.17-14.ep5.el4.x86_64.rpm
httpd22-apr-2.2.17-14.ep5.el4.x86_64.rpm
httpd22-apr-devel-2.2.17-14.ep5.el4.x86_64.rpm
httpd22-apr-util-2.2.17-14.ep5.el4.x86_64.rpm
httpd22-apr-util-devel-2.2.17-14.ep5.el4.x86_64.rpm
httpd22-debuginfo-2.2.17-14.ep5.el4.x86_64.rpm
httpd22-devel-2.2.17-14.ep5.el4.x86_64.rpm
httpd22-manual-2.2.17-14.ep5.el4.x86_64.rpm
jakarta-commons-daemon-jsvc-1.0.5-1.4.ep5.el4.x86_64.rpm
jakarta-commons-daemon-jsvc-debuginfo-1.0.5-1.4.ep5.el4.x86_64.rpm
mod_cluster-native-1.0.10-2.GA_CP01.ep5.el4.x86_64.rpm
mod_cluster-native-debuginfo-1.0.10-2.GA_CP01.ep5.el4.x86_64.rpm
mod_jk-ap20-1.2.31-1.ep5.el4.x86_64.rpm
mod_jk-debuginfo-1.2.31-1.ep5.el4.x86_64.rpm
mod_jk-manual-1.2.31-1.ep5.el4.x86_64.rpm
mod_ssl22-2.2.17-14.ep5.el4.x86_64.rpm
tomcat-native-1.1.20-2.0.ep5.el4.x86_64.rpm
tomcat-native-debuginfo-1.1.20-2.0.ep5.el4.x86_64.rpm
JBoss Enterprise Web Server 1.0 for RHEL 5 Server:
Source:
ant-1.7.1-13.jdk6.ep5.el5.src.rpm
antlr-2.7.7-7.ep5.el5.src.rpm
cglib-2.2-5.1.1.1.jdk6.ep5.el5.src.rpm
dom4j-1.6.1-11.ep5.el5.src.rpm
ecj3-3.3.1.1-3.1.1.1.jdk6.ep5.el5.src.rpm
glassfish-jsf-1.2_13-3.1.1.jdk6.ep5.el5.src.rpm
hibernate3-3.3.2-1.4.GA_CP04.ep5.el5.src.rpm
hibernate3-annotations-3.4.0-3.2.GA_CP04.ep5.el5.src.rpm
hibernate3-commons-annotations-3.1.0-1.8.ep5.el5.src.rpm
hibernate3-ejb-persistence-3.0-api-1.0.2-3.1.jdk6.ep5.el5.src.rpm
hibernate3-entitymanager-3.4.0-4.3.GA_CP04.ep5.el5.src.rpm
httpd-2.2.17-11.1.ep5.el5.src.rpm
jakarta-commons-beanutils-1.8.0-4.1.2.1.jdk6.ep5.el5.src.rpm
jakarta-commons-chain-1.2-2.2.1.ep5.el5.src.rpm
jakarta-commons-codec-1.3-9.2.1.1.jdk6.ep5.el5.src.rpm
jakarta-commons-collections-3.2.1-4.1.ep5.el5.src.rpm
jakarta-commons-daemon-1.0.5-1.ep5.el5.src.rpm
jakarta-commons-daemon-jsvc-1.0.5-1.4.ep5.el5.src.rpm
jakarta-commons-dbcp-1.2.1-16.4.ep5.el5.src.rpm
jakarta-commons-digester-1.8.1-8.1.jdk6.ep5.el5.src.rpm
jakarta-commons-fileupload-1.1.1-7.4.ep5.el5.src.rpm
jakarta-commons-httpclient-3.1-1.2.1.jdk6.ep5.el5.src.rpm
jakarta-commons-io-1.4-1.3.1.jdk6.ep5.el5.src.rpm
jakarta-commons-logging-1.1.1-0.4.1.jdk6.ep5.el5.src.rpm
jakarta-commons-logging-jboss-1.1-10.2.1.jdk6.ep5.el5.src.rpm
jakarta-commons-pool-1.3-11.2.1.jdk6.ep5.el5.src.rpm
jakarta-commons-validator-1.3.1-7.5.2.ep5.el5.src.rpm
jakarta-oro-2.0.8-3.3.2.1.1.1.jdk6.ep5.el5.src.rpm
jakarta-taglibs-standard-1.1.1-9.1.ep5.el5.src.rpm
javassist-3.12.0-1.jdk6.ep5.el5.src.rpm
jboss-common-core-2.2.17-1.ep5.el5.src.rpm
jboss-common-logging-jdk-2.1.2-1.ep5.el5.src.rpm
jboss-common-logging-spi-2.1.2-1.ep5.el5.src.rpm
jboss-javaee-5.0.1-2.9.ep5.el5.src.rpm
jcommon-1.0.16-1.2.1.jdk6.ep5.el5.src.rpm
jfreechart-1.0.13-2.3.2.1.jdk6.ep5.el5.src.rpm
mod_cluster-1.0.10-2.1.GA_CP01.ep5.el5.src.rpm
mod_cluster-native-1.0.10-2.1.GA_CP01.ep5.el5.src.rpm
mod_jk-1.2.31-1.1.ep5.el5.src.rpm
objectweb-asm-3.1-5.3.1.jdk6.ep5.el5.src.rpm
struts12-1.2.9-3.1.ep5.el5.src.rpm
tomcat-jkstatus-ant-1.2.31-2.ep5.el5.src.rpm
tomcat-native-1.1.20-2.1.ep5.el5.src.rpm
tomcat5-5.5.33-16_patch_04.ep5.el5.src.rpm
tomcat6-6.0.32-15.1_patch_03.ep5.el5.src.rpm
xalan-j2-2.7.1-5.3_patch_04.ep5.el5.src.rpm
xerces-j2-2.9.1-3.patch01.1.ep5.el5.src.rpm
xml-commons-1.3.04-7.10.jdk6.ep5.el5.src.rpm
i386:
httpd-2.2.17-11.1.ep5.el5.i386.rpm
httpd-debuginfo-2.2.17-11.1.ep5.el5.i386.rpm
httpd-devel-2.2.17-11.1.ep5.el5.i386.rpm
httpd-manual-2.2.17-11.1.ep5.el5.i386.rpm
jakarta-commons-daemon-jsvc-1.0.5-1.4.ep5.el5.i386.rpm
jakarta-commons-daemon-jsvc-debuginfo-1.0.5-1.4.ep5.el5.i386.rpm
mod_cluster-native-1.0.10-2.1.GA_CP01.ep5.el5.i386.rpm
mod_cluster-native-debuginfo-1.0.10-2.1.GA_CP01.ep5.el5.i386.rpm
mod_jk-ap20-1.2.31-1.1.ep5.el5.i386.rpm
mod_jk-debuginfo-1.2.31-1.1.ep5.el5.i386.rpm
mod_jk-manual-1.2.31-1.1.ep5.el5.i386.rpm
mod_ssl-2.2.17-11.1.ep5.el5.i386.rpm
tomcat-native-1.1.20-2.1.ep5.el5.i386.rpm
tomcat-native-debuginfo-1.1.20-2.1.ep5.el5.i386.rpm
noarch:
ant-1.7.1-13.jdk6.ep5.el5.noarch.rpm
ant-antlr-1.7.1-13.jdk6.ep5.el5.noarch.rpm
ant-apache-bcel-1.7.1-13.jdk6.ep5.el5.noarch.rpm
ant-apache-bsf-1.7.1-13.jdk6.ep5.el5.noarch.rpm
ant-apache-log4j-1.7.1-13.jdk6.ep5.el5.noarch.rpm
ant-apache-oro-1.7.1-13.jdk6.ep5.el5.noarch.rpm
ant-apache-regexp-1.7.1-13.jdk6.ep5.el5.noarch.rpm
ant-apache-resolver-1.7.1-13.jdk6.ep5.el5.noarch.rpm
ant-commons-logging-1.7.1-13.jdk6.ep5.el5.noarch.rpm
ant-javamail-1.7.1-13.jdk6.ep5.el5.noarch.rpm
ant-jdepend-1.7.1-13.jdk6.ep5.el5.noarch.rpm
ant-jmf-1.7.1-13.jdk6.ep5.el5.noarch.rpm
ant-jsch-1.7.1-13.jdk6.ep5.el5.noarch.rpm
ant-junit-1.7.1-13.jdk6.ep5.el5.noarch.rpm
ant-nodeps-1.7.1-13.jdk6.ep5.el5.noarch.rpm
ant-scripts-1.7.1-13.jdk6.ep5.el5.noarch.rpm
ant-swing-1.7.1-13.jdk6.ep5.el5.noarch.rpm
ant-trax-1.7.1-13.jdk6.ep5.el5.noarch.rpm
antlr-2.7.7-7.ep5.el5.noarch.rpm
cglib-2.2-5.1.1.1.jdk6.ep5.el5.noarch.rpm
dom4j-1.6.1-11.ep5.el5.noarch.rpm
ecj3-3.3.1.1-3.1.1.1.jdk6.ep5.el5.noarch.rpm
glassfish-jsf-1.2_13-3.1.1.jdk6.ep5.el5.noarch.rpm
hibernate3-3.3.2-1.4.GA_CP04.ep5.el5.noarch.rpm
hibernate3-annotations-3.4.0-3.2.GA_CP04.ep5.el5.noarch.rpm
hibernate3-annotations-javadoc-3.4.0-3.2.GA_CP04.ep5.el5.noarch.rpm
hibernate3-commons-annotations-3.1.0-1.8.ep5.el5.noarch.rpm
hibernate3-commons-annotations-javadoc-3.1.0-1.8.ep5.el5.noarch.rpm
hibernate3-ejb-persistence-3.0-api-1.0.2-3.1.jdk6.ep5.el5.noarch.rpm
hibernate3-ejb-persistence-3.0-api-javadoc-1.0.2-3.1.jdk6.ep5.el5.noarch.rpm
hibernate3-entitymanager-3.4.0-4.3.GA_CP04.ep5.el5.noarch.rpm
hibernate3-entitymanager-javadoc-3.4.0-4.3.GA_CP04.ep5.el5.noarch.rpm
hibernate3-javadoc-3.3.2-1.4.GA_CP04.ep5.el5.noarch.rpm
jakarta-commons-beanutils-1.8.0-4.1.2.1.jdk6.ep5.el5.noarch.rpm
jakarta-commons-chain-1.2-2.2.1.ep5.el5.noarch.rpm
jakarta-commons-codec-1.3-9.2.1.1.jdk6.ep5.el5.noarch.rpm
jakarta-commons-collections-3.2.1-4.1.ep5.el5.noarch.rpm
jakarta-commons-collections-tomcat5-3.2.1-4.1.ep5.el5.noarch.rpm
jakarta-commons-daemon-1.0.5-1.ep5.el5.noarch.rpm
jakarta-commons-dbcp-1.2.1-16.4.ep5.el5.noarch.rpm
jakarta-commons-dbcp-tomcat5-1.2.1-16.4.ep5.el5.noarch.rpm
jakarta-commons-digester-1.8.1-8.1.jdk6.ep5.el5.noarch.rpm
jakarta-commons-fileupload-1.1.1-7.4.ep5.el5.noarch.rpm
jakarta-commons-httpclient-3.1-1.2.1.jdk6.ep5.el5.noarch.rpm
jakarta-commons-io-1.4-1.3.1.jdk6.ep5.el5.noarch.rpm
jakarta-commons-logging-1.1.1-0.4.1.jdk6.ep5.el5.noarch.rpm
jakarta-commons-logging-jboss-1.1-10.2.1.jdk6.ep5.el5.noarch.rpm
jakarta-commons-logging-tomcat6-1.1.1-0.4.1.jdk6.ep5.el5.noarch.rpm
jakarta-commons-pool-1.3-11.2.1.jdk6.ep5.el5.noarch.rpm
jakarta-commons-pool-tomcat5-1.3-11.2.1.jdk6.ep5.el5.noarch.rpm
jakarta-commons-validator-1.3.1-7.5.2.ep5.el5.noarch.rpm
jakarta-oro-2.0.8-3.3.2.1.1.1.jdk6.ep5.el5.noarch.rpm
jakarta-taglibs-standard-1.1.1-9.1.ep5.el5.noarch.rpm
javassist-3.12.0-1.jdk6.ep5.el5.noarch.rpm
jboss-common-core-2.2.17-1.ep5.el5.noarch.rpm
jboss-common-logging-jdk-2.1.2-1.ep5.el5.noarch.rpm
jboss-common-logging-spi-2.1.2-1.ep5.el5.noarch.rpm
jboss-javaee-5.0.1-2.9.ep5.el5.noarch.rpm
jboss-javaee-poms-5.0.1-2.9.ep5.el5.noarch.rpm
jboss-jms-1.1-api-5.0.1-2.9.ep5.el5.noarch.rpm
jboss-transaction-1.0.1-api-5.0.1-2.9.ep5.el5.noarch.rpm
jcommon-1.0.16-1.2.1.jdk6.ep5.el5.noarch.rpm
jfreechart-1.0.13-2.3.2.1.jdk6.ep5.el5.noarch.rpm
mod_cluster-demo-1.0.10-2.1.GA_CP01.ep5.el5.noarch.rpm
mod_cluster-jbossas-1.0.10-2.1.GA_CP01.ep5.el5.noarch.rpm
mod_cluster-jbossweb2-1.0.10-2.1.GA_CP01.ep5.el5.noarch.rpm
mod_cluster-tomcat6-1.0.10-2.1.GA_CP01.ep5.el5.noarch.rpm
objectweb-asm-3.1-5.3.1.jdk6.ep5.el5.noarch.rpm
struts12-1.2.9-3.1.ep5.el5.noarch.rpm
tomcat-jkstatus-ant-1.2.31-2.ep5.el5.noarch.rpm
tomcat5-5.5.33-16_patch_04.ep5.el5.noarch.rpm
tomcat5-admin-webapps-5.5.33-16_patch_04.ep5.el5.noarch.rpm
tomcat5-common-lib-5.5.33-16_patch_04.ep5.el5.noarch.rpm
tomcat5-jasper-5.5.33-16_patch_04.ep5.el5.noarch.rpm
tomcat5-jasper-eclipse-5.5.33-16_patch_04.ep5.el5.noarch.rpm
tomcat5-jasper-javadoc-5.5.33-16_patch_04.ep5.el5.noarch.rpm
tomcat5-jsp-2.0-api-5.5.33-16_patch_04.ep5.el5.noarch.rpm
tomcat5-jsp-2.0-api-javadoc-5.5.33-16_patch_04.ep5.el5.noarch.rpm
tomcat5-parent-5.5.33-16_patch_04.ep5.el5.noarch.rpm
tomcat5-server-lib-5.5.33-16_patch_04.ep5.el5.noarch.rpm
tomcat5-servlet-2.4-api-5.5.33-16_patch_04.ep5.el5.noarch.rpm
tomcat5-servlet-2.4-api-javadoc-5.5.33-16_patch_04.ep5.el5.noarch.rpm
tomcat5-webapps-5.5.33-16_patch_04.ep5.el5.noarch.rpm
tomcat6-6.0.32-15.1_patch_03.ep5.el5.noarch.rpm
tomcat6-admin-webapps-6.0.32-15.1_patch_03.ep5.el5.noarch.rpm
tomcat6-docs-webapp-6.0.32-15.1_patch_03.ep5.el5.noarch.rpm
tomcat6-el-1.0-api-6.0.32-15.1_patch_03.ep5.el5.noarch.rpm
tomcat6-javadoc-6.0.32-15.1_patch_03.ep5.el5.noarch.rpm
tomcat6-jsp-2.1-api-6.0.32-15.1_patch_03.ep5.el5.noarch.rpm
tomcat6-lib-6.0.32-15.1_patch_03.ep5.el5.noarch.rpm
tomcat6-log4j-6.0.32-15.1_patch_03.ep5.el5.noarch.rpm
tomcat6-servlet-2.5-api-6.0.32-15.1_patch_03.ep5.el5.noarch.rpm
tomcat6-webapps-6.0.32-15.1_patch_03.ep5.el5.noarch.rpm
xalan-j2-2.7.1-5.3_patch_04.ep5.el5.noarch.rpm
xerces-j2-2.9.1-3.patch01.1.ep5.el5.noarch.rpm
xml-commons-1.3.04-7.10.jdk6.ep5.el5.noarch.rpm
xml-commons-jaxp-1.2-apis-1.3.04-7.10.jdk6.ep5.el5.noarch.rpm
xml-commons-jaxp-1.3-apis-1.3.04-7.10.jdk6.ep5.el5.noarch.rpm
xml-commons-resolver12-1.3.04-7.10.jdk6.ep5.el5.noarch.rpm
x86_64:
httpd-2.2.17-11.1.ep5.el5.x86_64.rpm
httpd-debuginfo-2.2.17-11.1.ep5.el5.x86_64.rpm
httpd-devel-2.2.17-11.1.ep5.el5.x86_64.rpm
httpd-manual-2.2.17-11.1.ep5.el5.x86_64.rpm
jakarta-commons-daemon-jsvc-1.0.5-1.4.ep5.el5.x86_64.rpm
jakarta-commons-daemon-jsvc-debuginfo-1.0.5-1.4.ep5.el5.x86_64.rpm
mod_cluster-native-1.0.10-2.1.GA_CP01.ep5.el5.x86_64.rpm
mod_cluster-native-debuginfo-1.0.10-2.1.GA_CP01.ep5.el5.x86_64.rpm
mod_jk-ap20-1.2.31-1.1.ep5.el5.x86_64.rpm
mod_jk-debuginfo-1.2.31-1.1.ep5.el5.x86_64.rpm
mod_jk-manual-1.2.31-1.1.ep5.el5.x86_64.rpm
mod_ssl-2.2.17-11.1.ep5.el5.x86_64.rpm
tomcat-native-1.1.20-2.1.ep5.el5.x86_64.rpm
tomcat-native-debuginfo-1.1.20-2.1.ep5.el5.x86_64.rpm
JBoss Enterprise Web Server 1.0 for RHEL 6 Server:
Source:
ant-1.7.1-14.ep5.el6.src.rpm
antlr-2.7.7-7.ep5.el6.src.rpm
cglib-2.2-5.4.ep5.el6.src.rpm
dom4j-1.6.1-11.1.ep5.el6.src.rpm
ecj3-3.3.1.1-4.ep5.el6.src.rpm
glassfish-jsf-1.2_13-3.1.4.ep5.el6.src.rpm
hibernate3-3.3.2-1.8.GA_CP04.ep5.el6.src.rpm
hibernate3-annotations-3.4.0-3.5.GA_CP04.ep5.el6.src.rpm
hibernate3-commons-annotations-3.1.0-1.8.ep5.el6.src.rpm
hibernate3-ejb-persistence-3.0-api-1.0.2-3.3.ep5.el6.src.rpm
hibernate3-entitymanager-3.4.0-4.4.GA_CP04.ep5.el6.src.rpm
httpd-2.2.17-11.2.ep5.el6.src.rpm
jakarta-commons-beanutils-1.8.0-9.ep5.el6.src.rpm
jakarta-commons-chain-1.2-2.2.2.ep5.el6.src.rpm
jakarta-commons-codec-1.3-12.1.ep5.el6.src.rpm
jakarta-commons-collections-3.2.1-4.ep5.el6.src.rpm
jakarta-commons-daemon-1.0.5-1.1.ep5.el6.src.rpm
jakarta-commons-daemon-jsvc-1.0.5-1.4.ep5.el6.src.rpm
jakarta-commons-dbcp-1.2.1-16.2.ep5.el6.src.rpm
jakarta-commons-digester-1.8.1-8.1.1.1.ep5.el6.src.rpm
jakarta-commons-fileupload-1.1.1-7.5.ep5.el6.src.rpm
jakarta-commons-httpclient-3.1-1.2.2.ep5.el6.src.rpm
jakarta-commons-io-1.4-4.ep5.el6.src.rpm
jakarta-commons-logging-1.1.1-1.ep5.el6.src.rpm
jakarta-commons-logging-jboss-1.1-10.2.2.1.ep5.el6.src.rpm
jakarta-commons-pool-1.3-15.ep5.el6.src.rpm
jakarta-commons-validator-1.3.1-7.5.2.ep5.el6.src.rpm
jakarta-oro-2.0.8-7.ep5.el6.src.rpm
jakarta-taglibs-standard-1.1.1-12.ep5.el6.src.rpm
javassist-3.12.0-3.ep5.el6.src.rpm
jboss-common-core-2.2.17-1.2.ep5.el6.src.rpm
jboss-common-logging-jdk-2.1.2-1.2.ep5.el6.src.rpm
jboss-common-logging-spi-2.1.2-1.ep5.el6.src.rpm
jboss-javaee-5.0.1-2.9.ep5.el6.src.rpm
jcommon-1.0.16-1.2.2.ep5.el6.src.rpm
jfreechart-1.0.13-2.3.2.1.2.ep5.el6.src.rpm
mod_cluster-1.0.10-2.2.GA_CP01.ep5.el6.src.rpm
mod_cluster-native-1.0.10-2.1.1.GA_CP01.ep5.el6.src.rpm
mod_jk-1.2.31-1.1.2.ep5.el6.src.rpm
objectweb-asm31-3.1-12.1.ep5.el6.src.rpm
struts12-1.2.9-3.1.ep5.el6.src.rpm
tomcat-jkstatus-ant-1.2.31-2.1.ep5.el6.src.rpm
tomcat-native-1.1.20-2.1.2.ep5.el6.src.rpm
tomcat5-5.5.33-15_patch_04.ep5.el6.src.rpm
tomcat6-6.0.32-14_patch_03.ep5.el6.src.rpm
xalan-j2-2.7.1-5.3_patch_04.ep5.el6.src.rpm
xerces-j2-2.9.1-8.patch01.1.ep5.el6.src.rpm
xml-commons-1.3.04-7.14.ep5.el6.src.rpm
i386:
httpd-2.2.17-11.2.ep5.el6.i386.rpm
httpd-debuginfo-2.2.17-11.2.ep5.el6.i386.rpm
httpd-devel-2.2.17-11.2.ep5.el6.i386.rpm
httpd-manual-2.2.17-11.2.ep5.el6.i386.rpm
httpd-tools-2.2.17-11.2.ep5.el6.i386.rpm
jakarta-commons-daemon-jsvc-1.0.5-1.4.ep5.el6.i386.rpm
jakarta-commons-daemon-jsvc-debuginfo-1.0.5-1.4.ep5.el6.i386.rpm
mod_cluster-native-1.0.10-2.1.1.GA_CP01.ep5.el6.i386.rpm
mod_cluster-native-debuginfo-1.0.10-2.1.1.GA_CP01.ep5.el6.i386.rpm
mod_jk-ap20-1.2.31-1.1.2.ep5.el6.i386.rpm
mod_jk-debuginfo-1.2.31-1.1.2.ep5.el6.i386.rpm
mod_jk-manual-1.2.31-1.1.2.ep5.el6.i386.rpm
mod_ssl-2.2.17-11.2.ep5.el6.i386.rpm
tomcat-native-1.1.20-2.1.2.ep5.el6.i386.rpm
tomcat-native-debuginfo-1.1.20-2.1.2.ep5.el6.i386.rpm
noarch:
ant-1.7.1-14.ep5.el6.noarch.rpm
ant-antlr-1.7.1-14.ep5.el6.noarch.rpm
ant-apache-bcel-1.7.1-14.ep5.el6.noarch.rpm
ant-apache-bsf-1.7.1-14.ep5.el6.noarch.rpm
ant-apache-log4j-1.7.1-14.ep5.el6.noarch.rpm
ant-apache-oro-1.7.1-14.ep5.el6.noarch.rpm
ant-apache-regexp-1.7.1-14.ep5.el6.noarch.rpm
ant-apache-resolver-1.7.1-14.ep5.el6.noarch.rpm
ant-commons-logging-1.7.1-14.ep5.el6.noarch.rpm
ant-commons-net-1.7.1-14.ep5.el6.noarch.rpm
ant-javamail-1.7.1-14.ep5.el6.noarch.rpm
ant-jdepend-1.7.1-14.ep5.el6.noarch.rpm
ant-jmf-1.7.1-14.ep5.el6.noarch.rpm
ant-jsch-1.7.1-14.ep5.el6.noarch.rpm
ant-junit-1.7.1-14.ep5.el6.noarch.rpm
ant-nodeps-1.7.1-14.ep5.el6.noarch.rpm
ant-scripts-1.7.1-14.ep5.el6.noarch.rpm
ant-swing-1.7.1-14.ep5.el6.noarch.rpm
ant-trax-1.7.1-14.ep5.el6.noarch.rpm
antlr-2.7.7-7.ep5.el6.noarch.rpm
cglib-2.2-5.4.ep5.el6.noarch.rpm
dom4j-1.6.1-11.1.ep5.el6.noarch.rpm
ecj3-3.3.1.1-4.ep5.el6.noarch.rpm
glassfish-jsf-1.2_13-3.1.4.ep5.el6.noarch.rpm
hibernate3-3.3.2-1.8.GA_CP04.ep5.el6.noarch.rpm
hibernate3-annotations-3.4.0-3.5.GA_CP04.ep5.el6.noarch.rpm
hibernate3-annotations-javadoc-3.4.0-3.5.GA_CP04.ep5.el6.noarch.rpm
hibernate3-commons-annotations-3.1.0-1.8.ep5.el6.noarch.rpm
hibernate3-commons-annotations-javadoc-3.1.0-1.8.ep5.el6.noarch.rpm
hibernate3-ejb-persistence-3.0-api-1.0.2-3.3.ep5.el6.noarch.rpm
hibernate3-ejb-persistence-3.0-api-javadoc-1.0.2-3.3.ep5.el6.noarch.rpm
hibernate3-entitymanager-3.4.0-4.4.GA_CP04.ep5.el6.noarch.rpm
hibernate3-entitymanager-javadoc-3.4.0-4.4.GA_CP04.ep5.el6.noarch.rpm
hibernate3-javadoc-3.3.2-1.8.GA_CP04.ep5.el6.noarch.rpm
jakarta-commons-beanutils-1.8.0-9.ep5.el6.noarch.rpm
jakarta-commons-chain-1.2-2.2.2.ep5.el6.noarch.rpm
jakarta-commons-codec-1.3-12.1.ep5.el6.noarch.rpm
jakarta-commons-collections-3.2.1-4.ep5.el6.noarch.rpm
jakarta-commons-collections-tomcat5-3.2.1-4.ep5.el6.noarch.rpm
jakarta-commons-daemon-1.0.5-1.1.ep5.el6.noarch.rpm
jakarta-commons-dbcp-1.2.1-16.2.ep5.el6.noarch.rpm
jakarta-commons-dbcp-tomcat5-1.2.1-16.2.ep5.el6.noarch.rpm
jakarta-commons-digester-1.8.1-8.1.1.1.ep5.el6.noarch.rpm
jakarta-commons-fileupload-1.1.1-7.5.ep5.el6.noarch.rpm
jakarta-commons-httpclient-3.1-1.2.2.ep5.el6.noarch.rpm
jakarta-commons-io-1.4-4.ep5.el6.noarch.rpm
jakarta-commons-logging-1.1.1-1.ep5.el6.noarch.rpm
jakarta-commons-logging-jboss-1.1-10.2.2.1.ep5.el6.noarch.rpm
jakarta-commons-logging-tomcat6-1.1.1-1.ep5.el6.noarch.rpm
jakarta-commons-pool-1.3-15.ep5.el6.noarch.rpm
jakarta-commons-pool-tomcat5-1.3-15.ep5.el6.noarch.rpm
jakarta-commons-validator-1.3.1-7.5.2.ep5.el6.noarch.rpm
jakarta-oro-2.0.8-7.ep5.el6.noarch.rpm
jakarta-taglibs-standard-1.1.1-12.ep5.el6.noarch.rpm
javassist-3.12.0-3.ep5.el6.noarch.rpm
jboss-common-core-2.2.17-1.2.ep5.el6.noarch.rpm
jboss-common-logging-jdk-2.1.2-1.2.ep5.el6.noarch.rpm
jboss-common-logging-spi-2.1.2-1.ep5.el6.noarch.rpm
jboss-javaee-5.0.1-2.9.ep5.el6.noarch.rpm
jboss-javaee-poms-5.0.1-2.9.ep5.el6.noarch.rpm
jboss-jms-1.1-api-5.0.1-2.9.ep5.el6.noarch.rpm
jboss-transaction-1.0.1-api-5.0.1-2.9.ep5.el6.noarch.rpm
jcommon-1.0.16-1.2.2.ep5.el6.noarch.rpm
jfreechart-1.0.13-2.3.2.1.2.ep5.el6.noarch.rpm
mod_cluster-demo-1.0.10-2.2.GA_CP01.ep5.el6.noarch.rpm
mod_cluster-jbossas-1.0.10-2.2.GA_CP01.ep5.el6.noarch.rpm
mod_cluster-jbossweb2-1.0.10-2.2.GA_CP01.ep5.el6.noarch.rpm
mod_cluster-tomcat6-1.0.10-2.2.GA_CP01.ep5.el6.noarch.rpm
objectweb-asm31-3.1-12.1.ep5.el6.noarch.rpm
struts12-1.2.9-3.1.ep5.el6.noarch.rpm
tomcat-jkstatus-ant-1.2.31-2.1.ep5.el6.noarch.rpm
tomcat5-5.5.33-15_patch_04.ep5.el6.noarch.rpm
tomcat5-admin-webapps-5.5.33-15_patch_04.ep5.el6.noarch.rpm
tomcat5-common-lib-5.5.33-15_patch_04.ep5.el6.noarch.rpm
tomcat5-jasper-5.5.33-15_patch_04.ep5.el6.noarch.rpm
tomcat5-jasper-eclipse-5.5.33-15_patch_04.ep5.el6.noarch.rpm
tomcat5-jasper-javadoc-5.5.33-15_patch_04.ep5.el6.noarch.rpm
tomcat5-jsp-2.0-api-5.5.33-15_patch_04.ep5.el6.noarch.rpm
tomcat5-jsp-2.0-api-javadoc-5.5.33-15_patch_04.ep5.el6.noarch.rpm
tomcat5-parent-5.5.33-15_patch_04.ep5.el6.noarch.rpm
tomcat5-server-lib-5.5.33-15_patch_04.ep5.el6.noarch.rpm
tomcat5-servlet-2.4-api-5.5.33-15_patch_04.ep5.el6.noarch.rpm
tomcat5-servlet-2.4-api-javadoc-5.5.33-15_patch_04.ep5.el6.noarch.rpm
tomcat5-webapps-5.5.33-15_patch_04.ep5.el6.noarch.rpm
tomcat6-6.0.32-14_patch_03.ep5.el6.noarch.rpm
tomcat6-admin-webapps-6.0.32-14_patch_03.ep5.el6.noarch.rpm
tomcat6-docs-webapp-6.0.32-14_patch_03.ep5.el6.noarch.rpm
tomcat6-el-1.0-api-6.0.32-14_patch_03.ep5.el6.noarch.rpm
tomcat6-javadoc-6.0.32-14_patch_03.ep5.el6.noarch.rpm
tomcat6-jsp-2.1-api-6.0.32-14_patch_03.ep5.el6.noarch.rpm
tomcat6-lib-6.0.32-14_patch_03.ep5.el6.noarch.rpm
tomcat6-log4j-6.0.32-14_patch_03.ep5.el6.noarch.rpm
tomcat6-servlet-2.5-api-6.0.32-14_patch_03.ep5.el6.noarch.rpm
tomcat6-webapps-6.0.32-14_patch_03.ep5.el6.noarch.rpm
xalan-j2-2.7.1-5.3_patch_04.ep5.el6.noarch.rpm
xerces-j2-2.9.1-8.patch01.1.ep5.el6.noarch.rpm
xml-commons-1.3.04-7.14.ep5.el6.noarch.rpm
xml-commons-jaxp-1.1-apis-1.3.04-7.14.ep5.el6.noarch.rpm
xml-commons-jaxp-1.2-apis-1.3.04-7.14.ep5.el6.noarch.rpm
xml-commons-jaxp-1.3-apis-1.3.04-7.14.ep5.el6.noarch.rpm
xml-commons-resolver10-1.3.04-7.14.ep5.el6.noarch.rpm
xml-commons-resolver11-1.3.04-7.14.ep5.el6.noarch.rpm
xml-commons-resolver12-1.3.04-7.14.ep5.el6.noarch.rpm
xml-commons-which10-1.3.04-7.14.ep5.el6.noarch.rpm
xml-commons-which11-1.3.04-7.14.ep5.el6.noarch.rpm
x86_64:
httpd-2.2.17-11.2.ep5.el6.x86_64.rpm
httpd-debuginfo-2.2.17-11.2.ep5.el6.x86_64.rpm
httpd-devel-2.2.17-11.2.ep5.el6.x86_64.rpm
httpd-manual-2.2.17-11.2.ep5.el6.x86_64.rpm
httpd-tools-2.2.17-11.2.ep5.el6.x86_64.rpm
jakarta-commons-daemon-jsvc-1.0.5-1.4.ep5.el6.x86_64.rpm
jakarta-commons-daemon-jsvc-debuginfo-1.0.5-1.4.ep5.el6.x86_64.rpm
mod_cluster-native-1.0.10-2.1.1.GA_CP01.ep5.el6.x86_64.rpm
mod_cluster-native-debuginfo-1.0.10-2.1.1.GA_CP01.ep5.el6.x86_64.rpm
mod_jk-ap20-1.2.31-1.1.2.ep5.el6.x86_64.rpm
mod_jk-debuginfo-1.2.31-1.1.2.ep5.el6.x86_64.rpm
mod_jk-manual-1.2.31-1.1.2.ep5.el6.x86_64.rpm
mod_ssl-2.2.17-11.2.ep5.el6.x86_64.rpm
tomcat-native-1.1.20-2.1.2.ep5.el6.x86_64.rpm
tomcat-native-debuginfo-1.1.20-2.1.2.ep5.el6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2010-1157.html
https://www.redhat.com/security/data/cve/CVE-2010-1452.html
https://www.redhat.com/security/data/cve/CVE-2010-1623.html
https://www.redhat.com/security/data/cve/CVE-2010-3718.html
https://www.redhat.com/security/data/cve/CVE-2010-4172.html
https://www.redhat.com/security/data/cve/CVE-2011-0013.html
https://www.redhat.com/security/data/cve/CVE-2011-0419.html
https://access.redhat.com/security/updates/classification/#moderate
http://docs.redhat.com/docs/en-US/JBoss_Enterprise_Web_Server/1.0/html-single/Release_Notes_1.0.2/index.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2011 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFOAubvXlSAg2UNWIIRApW6AJ4kvQ3q2boy3UntDB/XSHBuOmN02QCgmLaj
NXAWrqe0nO3HRh9R1bnYZR0=
=YW2z
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
VAR-201010-0444 | No CVE | 3Com H3C 3100 / 3600 Switch DHCP Denial of Service Vulnerability |
CVSS V2: - CVSS V3: - Severity: - |
The 3Com H3C S3600/S3100 is an intelligent, resilient Ethernet switch designed and developed based on the IToIP concept. The 3Com H3C S3600/S3100 series switches have security vulnerabilities that allow malicious users to perform denial of service attacks. When there is an error in processing DHCP messages, submitting a specially constructed BOOTP or DHCP message without the \"Discover\" (53) option can cause the device to reset. To successfully exploit the vulnerability, DHCP sniffing needs to be enabled. ----------------------------------------------------------------------
Windows Applications Insecure Library Loading
The Official, Verified Secunia List:
http://secunia.com/advisories/windows_insecure_library_loading/
The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected.
----------------------------------------------------------------------
TITLE:
3Com H3C 3100 / 3600 Switches DHCP Denial of Service Vulnerability
SECUNIA ADVISORY ID:
SA41531
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/41531/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=41531
RELEASE DATE:
2010-09-30
DISCUSS ADVISORY:
http://secunia.com/advisories/41531/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/41531/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=41531
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been reported in 3Com H3C 3100 and 3600 Series
switches, which can be exploited by malicious people to cause a DoS
(Denial of Service).
The vulnerability is reported in the following products:
* 3Com H3C S3100-EI
* 3Com H3C S3600-SI
* 3Com H3C S3600-EI
SOLUTION:
Update to the latest version.
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
3Com (LSOD10083, LSOD10084):
http://support.3com.com/documents/93010/H3C_S3600EI_CMW3.10.R1702P18_Release_Notes.pdf
http://support.3com.com/documents/93010/H3C_S3100EI_CMW3.10.R2211P06_Release_Notes.pdf
http://support.3com.com/documents/93010/H3C_S3600SI_CMW3.10.R1702P18_Release_Notes.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-201009-0246 | CVE-2010-3684 | Synology Disk Station of FTP Vulnerability in the acquisition of important information in the authentication module |
CVSS V2: 2.1 CVSS V3: - Severity: LOW |
The FTP authentication module in Synology Disk Station 2.x logs passwords to the web application interface in cases of incorrect login attempts, which allows local users to obtain sensitive information by reading a log, a different vulnerability than CVE-2010-2453. Synology DiskStation (DSM) is a network storage server (NAS) from Synology, which can be used as a file sharing center in a local area network
VAR-201009-0275 | CVE-2010-2453 | Synology Disk Station Vulnerable to cross-site scripting |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in Synology Disk Station 2.x before DSM3.0-1337 allow remote attackers to inject arbitrary web script or HTML by connecting to the FTP server and providing a crafted (1) USER or (2) PASS command, which is written by the FTP logging module to a web-interface log window, related to a "web commands injection" issue. Synology DiskStation Manager is prone to multiple HTML-injection vulnerabilities because the device's web-based administration application fails to properly sanitize user-supplied input before using it in dynamically generated content.
Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
Synology DiskStation Manager 2.x is vulnerable; other versions may also be affected. Synology DiskStation (DSM) is a network storage server (NAS) from Synology, which can be used as a file sharing center in a local area network. Check Point Software Technologies - Vulnerability Discovery Team (VDT)
http://www.checkpoint.com/defense/
Web commands injection through FTP Login in Synology Disk Station
CVE-2010-2453
INTRODUCTION
Synology Inc develops high-performance, reliable, versatile, and environmentally-friendly Network Attached Storage (NAS) products. Synology's goal
is to deliver user-friendly storage solutions and solid customer service to satisfy the needs of businesses, home offices, individual users and
families.
The disk station product provided by Synology as Network Attached Storage is vulnerable to multiple vulnerabilities including the possibility of
remote command execution via CSRF (Cross Site Request Forging) through FTP login console. The FTP server is provided as a configurable service
through web interface which provides backend access to manage the disks station. The problem occurs in the FTP logging mechanism together with the
admin interface used to view those logs. The FTP console input in the form username and password gets logged in the web application interface.
This problem was confirmed in the following versions of Synology Disk Station, other versions may be also affected.
Synology Disk Station 2.x
Synology issued an update for this vulnerability in the release DSM3.0-1337.
CVSS Scoring System
The CVSS score is: 9.5
Base Score: 10
Temporal Score: 9.5
We used the following values to calculate the scores:
Base score is: AV:N/AC:L/Au:N/C:C/I:C/A:C
Temporal score is: E:F/RL:U/RC:C
DETAILS
There are four steps for exploitation, specified here together with the identified problem:
1. The attacker can inject malicious input from the FTP login console. As the authentication credentials are inappropriate the FTP authentication
module generates error and the requisite input is logged in to the web interface of the disk station.
2. Secondly the FTP logging module is not designed appropriately and the content comes from the FTP login console is directly placed into the log
window without verification of the Content-Type parameter. The content is allowed to be rendered as HTML, Script etc. An attacker can inject
malicious HTML tags, DOM calls, third part y scripts, CSRF calls that gets executed in the context of logged in account which is administering it.
3. Usually log mechanism is handled by the admin account. The chances of code execution and injection fulfillment are high within full privileges
as of administrator. So any code injected by the attacker becomes persistent in most of the cases and remain there for execution. Moreover CSRF
code with malicious calls can be executed without user interaction.
4. Attacker has to be well versed in directory structure of the disk station manager so that injections can be made according to that and further
operations can be performed. The FTP servers accept username string upto 80-100 characters which is good enough to craft injections to get the
things done The scripts can be inserted from local domain or LAN or third party source to inject arbitrary code.
C:\Users\Administrator>ftp example.com
Connected to example.com.
220 Disk Station FTP server at DiskStation ready.
User (example.com:(none)): "/><script>alert("Check Point VDT"</script>
331 Password required for "/><script>alert("Check Point VDT"</script>
Password:
530 Login incorrect.
Login failed.
ftp> Invalid command.
ftp> bye
421 Timeout (300 seconds): closing control connection.
In order to determine the size of the allowed input string, we can do:
C:\Users\Administrator>ftp example.com
Connected to example.com.
220 Disk Station FTP server at DiskStation ready.
User (example.com:(none)): AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -> Our input
331 Password required for AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA. -> The total lenght really used
Password:
530 Login incorrect.
Login failed.
ftp> Invalid command.
ftp> bye
421 Timeout (300 seconds): closing control connection.
CREDITS
This vulnerability was discovered and researched by Rodrigo Rubira Branco from Check Point Vulnerability Discovery Team (VDT) and Aditya
K. Sood from Secniche.
Best Regards,
Rodrigo.
--
Rodrigo Rubira Branco
Senior Security Researcher
Vulnerability Discovery Team (VDT)
Check Point Software Technologies
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
VAR-201010-0440 | No CVE | SAP Management Console Null Pointer Reference Denial of Service Vulnerability |
CVSS V2: - CVSS V3: - Severity: LOW |
The SAP Management Console is a management console for SAP products. A security vulnerability exists in the SAP Management Console that allows an attacker to exploit this vulnerability to trigger a null pointer application, destroy the primary management interface, and perform a denial of service attack. Due to the nature of this issue, arbitrary code execution may be possible; this has not been confirmed
VAR-201009-0316 | No CVE | Ipswitch IMail Server has a denial of service vulnerability |
CVSS V2: - CVSS V3: - Severity: - |
Ipswitch IMail Server is a mail server bundled with the Ipswitch collaboration component. IMail Server has multiple security vulnerabilities that allow an attacker to conduct a denial of service attack. 1) SmtpDLL.dll has two boundary errors. Sending an email containing a specially constructed sender (\"FROM:\" field) can cause the queue management service (queuemgr.exe) to crash. To successfully exploit the vulnerability you need to enable \"Copy All Mail To:\" and archive via SMTP options. 2) IMailSrv.exe has a boundary error when processing some spool files, and sends a specially constructed email, such as containing multiple \"Reply-To:\" or \"Resent-From:\" header fields to the SMTP service, which can trigger stack-based buffering. Area overflow. This vulnerability can be used to generate multiple windows crash dialogs or to write disk space with a spool file.
VAR-201009-0126 | CVE-2010-2829 |
Cisco IOS of H.323 Service disruption in implementation (DoS) Vulnerabilities
Related entries in the VARIoT exploits database: VAR-E-201009-1158 |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in the H.323 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 2.5.x before 2.5.2 and 2.6.x before 2.6.1, allows remote attackers to cause a denial of service (traceback and device reload) via crafted H.323 packets, aka Bug ID CSCtd33567. Cisco IOS of H.323 For implementation, H.323 Service operation disruption due to incomplete packet processing (DoS) There is a vulnerability that becomes a condition. The problem is Bug ID : CSCtd33567 It is a problem.Skillfully crafted by a third party H.323 Service disruption via packets (DoS) There is a possibility of being put into a state. Cisco IOS is prone to an unspecified remote denial-of-service vulnerability.
An attacker can exploit this issue to cause the affected device to reload, denying service to legitimate users.
This issue is being tracked by Cisco Bug ID CSCtd33567. ----------------------------------------------------------------------
Windows Applications Insecure Library Loading
The Official, Verified Secunia List:
http://secunia.com/advisories/windows_insecure_library_loading/
The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected.
SOLUTION:
Apply updates (please see the vendor's advisory for details).
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
cisco-sa-20100922-h323:
http://www.cisco.com/warp/public/707/cisco-sa-20100922-h323.shtml
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
Cisco has released free software updates that address these
vulnerabilities. There are no workarounds to mitigate these
vulnerabilities other than disabling H.323 on the vulnerable device.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20100922-h323.shtml
Note: The September 22, 2010, Cisco IOS Software Security Advisory
bundled publication includes six Cisco Security Advisories. Five of
the advisories address vulnerabilities in Cisco IOS Software, and one
advisory addresses vulnerabilities in Cisco Unified Communications
Manager. Each advisory lists the releases that correct the
vulnerability or vulnerabilities detailed in the advisory. The table
at the following URL lists releases that correct all Cisco IOS
Software vulnerabilities that have been published on September 22,
2010, or earlier:
http://www.cisco.com/warp/public/707/cisco-sa-20100922-bundle.shtml
Individual publication links are in "Cisco Event Response: Semiannual
Cisco IOS Software Security Advisory Bundled Publication" at the
following link:
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep10.html
Affected Products
=================
These vulnerabilities only affect devices that are running Cisco IOS
Software with H.323 voice services enabled.
Vulnerable Products
+------------------
Cisco devices that are running affected Cisco IOS Software versions
that are configured to process H.323 messages are affected by these
vulnerabilities. H.323 is not enabled by default.
To determine if the Cisco IOS Software device is running H.323
services, issue the show process cpu | include H323 command, as shown
in this example:
Router# show process cpu | include H323
249 16000 3 5333 0.00% 0.00% 0.00% 0 CCH323_CT
250 0 1 0 0.00% 0.00% 0.00% 0 CCH323_DNS
Router#
In the previous example the processes CCH323_CT and CCH323_DNS are
running on the device; therefore, the device is listening to H.323
messages. The device is vulnerable if any of these processes (or
similar) are active.
Note: Creating a dial peer by issuing the dial-peer voice command
will start the H.323 processes, which causes the Cisco IOS device to
process H.323 messages.
To determine the Cisco IOS Software release that is running on a
Cisco product, administrators can log in to the device and issue the
show version command to display the system banner. The system banner
confirms that the device is running Cisco IOS Software by displaying
text similar to "Cisco Internetwork Operating System Software" or
"Cisco IOS Software." The image name displays in parentheses,
followed by "Version" and the Cisco IOS Software release name. Other
Cisco devices do not have the show version command or may provide
different output.
The following example identifies a Cisco product that is running
Cisco IOS Software Release 12.3(26) with an installed image name of
C2500-IS-L:
Router# show version
Cisco Internetwork Operating System Software
IOS (tm) 2500 Software (C2500-IS-L), Version 12.3(26), RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2008 by cisco Systems, Inc.
Compiled Mon 17-Mar-08 14:39 by dchih
!--- output truncated
The following example identifies a Cisco product that is running
Cisco IOS Software Release 12.4(20)T with an installed image name of
C1841-ADVENTERPRISEK9-M:
Router# show version
Cisco IOS Software, 1841 Software (C1841-ADVENTERPRISEK9-M), Version 12.4(20)T,
RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2008 by Cisco Systems, Inc.
Compiled Thu 10-Jul-08 20:25 by prod_rel_team
!--- output truncated
Additional information about Cisco IOS Software release naming
conventions is available in "White Paper: Cisco IOS Reference Guide"
at the following link:
http://www.cisco.com/web/about/security/intelligence/ios-ref.html
Products Confirmed Not Vulnerable
+--------------------------------
Cisco IOS XR Software is not affected by these vulnerabilities.
No other Cisco products are currently known to be affected by these
vulnerabilities.
Details
=======
H.323 is the International Telecommunication Union (ITU) standard for
real-time multimedia communications and conferencing over
packet-based (IP) networks. A subset of the H.323 standard is
H.225.0, a standard that is used for call signaling protocols and
media stream packetization over IP networks. An attacker can exploit these vulnerabilities
remotely by sending crafted H.323 packets to an affected device that
is running Cisco IOS Software. A TCP three-way handshake is required
to exploit these vulnerabilities.
These vulnerabilities are documented in Cisco Bug IDs CSCtc73759 (
registered customers only) and CSCtd33567 ( registered customers
only) , and have been assigned Common Vulnerabilities and Exposures
(CVE) IDs CVE-2010-2828 and CVE-2010-2829, respectively.
Vulnerability Scoring Details
=============================
Cisco has provided scores for the vulnerabilities in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of
the vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding
CVSS at
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html
Cisco has also provided a CVSS calculator to help compute the
environmental impact for individual networks at
http://intellishield.cisco.com/security/alertmanager/cvss
CSCtc73759 - Device crashing upon receipt of specific traffic
CVSS Base Score - 7.8
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Complete
CVSS Temporal Score - 6.4
Exploitability Functional
Remediation Level Official Fix
Report Confidence Confirmed
CSCtd33567 - Traceback seen when receiving crafted H.323 packets
CVSS Base Score - 7.8
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Complete
CVSS Temporal Score - 6.4
Exploitability Functional
Remediation Level Official Fix
Report Confidence Confirmed
Impact
======
Successful exploitation of the vulnerabilities described in this
advisory may cause the affected device to reload. Theses
vulnerabilities could be exploited repeatedly to cause an extended
DoS condition.
Software Versions and Fixes
===========================
When considering software upgrades, also consult
http://www.cisco.com/go/psirt and any subsequent advisories to
determine exposure and a complete upgrade solution.
In all cases, customers should exercise caution to be certain the
devices to be upgraded contain sufficient memory and that current
hardware and software configurations will continue to be supported
properly by the new release. If the information is not clear, contact
the Cisco Technical Assistance Center (TAC) or your contracted
maintenance provider for assistance.
Each row of the following Cisco IOS Software table corresponds to a
Cisco IOS Software train. If a particular train is vulnerable, the
earliest releases that contain the fix are listed in the First Fixed
Release For This Advisory column. The First Fixed Release for All
Advisories in the September 2010 Bundle Publication column lists the
earliest possible releases that correct all the published
vulnerabilities in the Cisco IOS Software Security Advisory bundled
publication. Cisco recommends upgrading to the latest available
release, where possible.
+--------------------------------------------------------------------+
| Major | Availability of Repaired Releases |
| Release | |
|------------+-------------------------------------------------------|
| Affected | | First Fixed Release for |
| 12.0-Based | First Fixed Release for | All Advisories in the |
| Releases | This Advisory | September 2010 Bundle |
| | | Publication |
|--------------------------------------------------------------------|
| There are no affected 12.0-based releases |
|--------------------------------------------------------------------|
| Affected | | First Fixed Release for |
| 12.1-Based | First Fixed Release for | All Advisories in the |
| Releases | This Advisory | September 2010 Bundle |
| | | Publication |
|------------+---------------------------+---------------------------|
| | | Vulnerable; first fixed |
| | | in 12.4T |
| 12.1 | Not Vulnerable | |
| | | Releases up to and |
| | | including 12.1(4b) are |
| | | not vulnerable. |
|------------+---------------------------+---------------------------|
| 12.1AA | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.1AX | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.1AY | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.1AZ | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.1CX | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.1DA | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.1DB | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.1DC | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.1E | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.1EA | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.1EB | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.1EC | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.1EO | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.1EU | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.1EV | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.1EW | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.1EX | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.1EY | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.1EZ | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.1GA | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.1GB | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
| 12.1T | | |
| | Releases up to and | Releases up to and |
| | including 12.1(3a)T8 are | including 12.1(3a)T8 are |
| | not vulnerable. | not vulnerable. |
|------------+---------------------------+---------------------------|
| 12.1XA | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.1XB | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.1XC | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.1XD | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.1XE | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.1XF | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.1XG | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.1XH | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.1XI | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.1XJ | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.1XL | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.1XM | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.1XP | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.1XQ | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.1XR | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
| 12.1XS | | |
| | Releases up to and | Releases up to and |
| | including 12.1(3)XS are | including 12.1(3)XS are |
| | not vulnerable. | not vulnerable. |
|------------+---------------------------+---------------------------|
| | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
| 12.1XT | | |
| | Releases up to and | Releases up to and |
| | including 12.1(2)XT2 are | including 12.1(2)XT2 are |
| | not vulnerable. | not vulnerable. |
|------------+---------------------------+---------------------------|
| 12.1XU | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.1XV | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.1XW | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.1XX | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
| 12.1XY | | |
| | Releases up to and | Releases up to and |
| | including 12.1(4)XY are | including 12.1(4)XY are |
| | not vulnerable. | not vulnerable. |
|------------+---------------------------+---------------------------|
| 12.1XZ | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.1YA | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.1YB | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.1YC | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.1YD | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| | Releases prior to 12.1(5) | Releases prior to 12.1(5) |
| | YE6 are vulnerable, | YE6 are vulnerable, |
| 12.1YE | release 12.1(5)YE6 and | release 12.1(5)YE6 and |
| | later are not vulnerable; | later are not vulnerable; |
| | first fixed in 12.4 | first fixed in 12.4T |
|------------+---------------------------+---------------------------|
| 12.1YF | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.1YH | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.1YI | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+---------------------------|
| 12.1YJ | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| Affected | | First Fixed Release for |
| 12.2-Based | First Fixed Release for | All Advisories in the |
| Releases | This Advisory | September 2010 Bundle |
| | | Publication |
|------------+---------------------------+---------------------------|
| 12.2 | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
| 12.2B | | |
| | Releases up to and | Releases up to and |
| | including 12.2(2)B7 are | including 12.2(2)B7 are |
| | not vulnerable. | not vulnerable. |
|------------+---------------------------+---------------------------|
| 12.2BC | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.2BW | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.2SB | in 12.2SB |
| 12.2BX | | |
| | Releases up to and | Releases up to and |
| | including 12.2(15)BX are | including 12.2(15)BX are |
| | not vulnerable. | not vulnerable. |
|------------+---------------------------+---------------------------|
| | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
| 12.2BY | | |
| | Releases up to and | Releases up to and |
| | including 12.2(2)BY3 are | including 12.2(2)BY3 are |
| | not vulnerable. | not vulnerable. |
|------------+---------------------------+---------------------------|
| 12.2BZ | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.2CX | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.2CY | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2CZ | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+---------------------------|
| 12.2DA | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.2DD | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.2DX | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.2EW | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.2EWA | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.2EX | Vulnerable; migrate to | Not Vulnerable |
| | any release in 12.2SE | |
|------------+---------------------------+---------------------------|
| 12.2EY | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.2EZ | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.2FX | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.2FY | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.2FZ | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2IRA | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+---------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2IRB | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+---------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2IRC | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+---------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2IRD | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+---------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2IRE | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+---------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2IXA | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+---------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2IXB | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+---------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2IXC | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+---------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2IXD | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+---------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2IXE | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+---------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2IXF | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+---------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2IXG | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+---------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2IXH | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+---------------------------+---------------------------|
| 12.2JA | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.2JK | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.2MB | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| | Releases up to and | Releases up to and |
| | including 12.2(15)MC1 are | including 12.2(15)MC1 are |
| | not vulnerable. | not vulnerable. Releases |
| 12.2MC | | 12.2(15)MC2b and later |
| | Releases 12.2(15)MC2b and | are not vulnerable; first |
| | later are not vulnerable; | fixed in 12.4T |
| | first fixed in 12.4 | |
|------------+---------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2MRA | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+---------------------------+---------------------------|
| 12.2MRB | Not Vulnerable | 12.2(33)MRB2 |
|------------+---------------------------+---------------------------|
| | Releases prior to 12.2 | Releases prior to 12.2 |
| 12.2S | (30)S are vulnerable, | (30)S are vulnerable, |
| | release 12.2(30)S and | release 12.2(30)S and |
| | later are not vulnerable | later are not vulnerable |
|------------+---------------------------+---------------------------|
| | 12.2(31)SB19 | 12.2(31)SB19 |
| | | |
| 12.2SB | Releases prior to 12.2 | Releases prior to 12.2 |
| | (33)SB5 are vulnerable, | (33)SB5 are vulnerable, |
| | release 12.2(33)SB5 and | release 12.2(33)SB5 and |
| | later are not vulnerable | later are not vulnerable |
|------------+---------------------------+---------------------------|
| 12.2SBC | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.2SB | in 12.2SB |
|------------+---------------------------+---------------------------|
| 12.2SCA | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.2SCB | in 12.2SCB |
|------------+---------------------------+---------------------------|
| | 12.2(33)SCB10 | |
| | | |
| 12.2SCB | 12.2(33)SCB9 | 12.2(33)SCB9 |
| | | |
| | 12.2(33)SCB8 | |
|------------+---------------------------+---------------------------|
| | 12.2(33)SCC5 | |
| 12.2SCC | | 12.2(33)SCC5 |
| | 12.2(33)SCC4 | |
|------------+---------------------------+---------------------------|
| | 12.2(33)SCD3 | |
| 12.2SCD | | 12.2(33)SCD3 |
| | 12.2(33)SCD4 | |
|------------+---------------------------+---------------------------|
| 12.2SE | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.2SEA | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.2SEB | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.2SEC | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.2SED | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.2SEE | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.2SEF | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.2SEG | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| | Releases prior to 12.2 | Releases prior to 12.2 |
| | (40)SG are vulnerable, | (40)SG are vulnerable, |
| 12.2SG | release 12.2(40)SG and | release 12.2(40)SG and |
| | later are not vulnerable; | later are not vulnerable; |
| | migrate to any release in | migrate to any release in |
| | 12.2SGA | 12.2SGA |
|------------+---------------------------+---------------------------|
| 12.2SGA | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.2SL | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.2SM | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.2SO | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.2SQ | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| | Releases prior to 12.2 | Releases prior to 12.2 |
| 12.2SRA | (33)SRA6 are vulnerable, | (33)SRA6 are vulnerable, |
| | release 12.2(33)SRA6 and | release 12.2(33)SRA6 and |
| | later are not vulnerable | later are not vulnerable |
|------------+---------------------------+---------------------------|
| | Releases prior to 12.2 | Releases prior to 12.2 |
| 12.2SRB | (33)SRB1 are vulnerable, | (33)SRB1 are vulnerable, |
| | release 12.2(33)SRB1 and | release 12.2(33)SRB1 and |
| | later are not vulnerable | later are not vulnerable |
|------------+---------------------------+---------------------------|
| 12.2SRC | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.2SRD | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.2SRE | Not Vulnerable | 12.2(33)SRE1 |
|------------+---------------------------+---------------------------|
| 12.2STE | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.2SU | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| | Releases prior to 12.2 | Releases prior to 12.2 |
| | (29b)SV1 are vulnerable, | (29b)SV1 are vulnerable, |
| 12.2SV | release 12.2(29b)SV1 and | release 12.2(29b)SV1 and |
| | later are not vulnerable; | later are not vulnerable; |
| | migrate to any release in | migrate to any release in |
| | 12.2SVD | 12.2SVD |
|------------+---------------------------+---------------------------|
| 12.2SVA | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.2SVC | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.2SVD | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.2SVE | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| | Releases up to and | Releases up to and |
| | including 12.2(21)SW1 are | including 12.2(21)SW1 are |
| | not vulnerable. | not vulnerable. Releases |
| 12.2SW | | 12.2(25)SW12 and later |
| | Releases 12.2(25)SW12 and | are not vulnerable; first |
| | later are not vulnerable; | fixed in 12.4T |
| | first fixed in 12.4T | |
|------------+---------------------------+---------------------------|
| | | Releases up to and |
| 12.2SX | Not Vulnerable | including 12.2(14)SX2 are |
| | | not vulnerable. |
|------------+---------------------------+---------------------------|
| | Releases prior to 12.2 | Vulnerable; Contact your |
| | (17b)SXA2 are vulnerable, | support organization per |
| 12.2SXA | release 12.2(17b)SXA2 and | the instructions in |
| | later are not vulnerable | Obtaining Fixed Software |
| | | section of this advisory |
|------------+---------------------------+---------------------------|
| | Releases prior to 12.2 | Vulnerable; Contact your |
| | (17d)SXB7 are vulnerable, | support organization per |
| 12.2SXB | release 12.2(17d)SXB7 and | the instructions in |
| | later are not vulnerable; | Obtaining Fixed Software |
| | migrate to any release in | section of this advisory |
| | 12.2SXE | |
|------------+---------------------------+---------------------------|
| | Releases prior to 12.2 | Vulnerable; Contact your |
| | (18)SXD2 are vulnerable, | support organization per |
| 12.2SXD | release 12.2(18)SXD2 and | the instructions in |
| | later are not vulnerable | Obtaining Fixed Software |
| | | section of this advisory |
|------------+---------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2SXE | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+---------------------------+---------------------------|
| | Only 12.2(18)SXF7 and | Releases prior to 12.2 |
| 12.2SXF | 12.2(18)SXF8 are | (18)SXF11 are vulnerable, |
| | vulnerable | release 12.2(18)SXF11 and |
| | | later are not vulnerable |
|------------+---------------------------+---------------------------|
| 12.2SXH | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.2SXI | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| | Vulnerable; Contact your | |
| | support organization per | |
| 12.2SY | the instructions in | Not Vulnerable |
| | Obtaining Fixed Software | |
| | section of this advisory | |
|------------+---------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2SZ | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+---------------------------|
| 12.2T | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2TPC | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+---------------------------|
| | Vulnerable; first fixed | |
| | in 12.4 | |
| 12.2XA | | Vulnerable; first fixed |
| | Releases up to and | in 12.4T |
| | including 12.2(1)XA are | |
| | not vulnerable. | |
|------------+---------------------------+---------------------------|
| 12.2XB | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.2XC | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.2XD | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.2XE | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.2XF | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.2XG | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.2XH | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.2XI | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.2XJ | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.2XK | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.2XL | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.2XM | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| | Releases prior to 12.2 | |
| | (33)XN1 are vulnerable, | Vulnerable; first fixed |
| 12.2XN | release 12.2(33)XN1 and | in 12.2SB |
| | later are not vulnerable; | |
| | first fixed in 12.2SB | |
|------------+---------------------------+---------------------------|
| 12.2XNA | Please see Cisco IOS-XE | Please see Cisco IOS-XE |
| | Software Availability | Software Availability |
|------------+---------------------------+---------------------------|
| 12.2XNB | Please see Cisco IOS-XE | Please see Cisco IOS-XE |
| | Software Availability | Software Availability |
|------------+---------------------------+---------------------------|
| 12.2XNC | Please see Cisco IOS-XE | Please see Cisco IOS-XE |
| | Software Availability | Software Availability |
|------------+---------------------------+---------------------------|
| 12.2XND | Please see Cisco IOS-XE | Please see Cisco IOS-XE |
| | Software Availability | Software Availability |
|------------+---------------------------+---------------------------|
| 12.2XNE | Please see Cisco IOS-XE | Please see Cisco IOS-XE |
| | Software Availability | Software Availability |
|------------+---------------------------+---------------------------|
| 12.2XNF | Please see Cisco IOS-XE | Please see Cisco IOS-XE |
| | Software Availability | Software Availability |
|------------+---------------------------+---------------------------|
| 12.2XO | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.2XQ | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.2XR | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.2XS | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.2XT | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.2XU | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.2XV | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.2XW | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.2YA | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2YB | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2YC | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2YD | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2YE | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2YF | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+---------------------------|
| 12.2YG | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2YH | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2YJ | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2YK | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2YL | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+---------------------------|
| 12.2YM | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2YN | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+---------------------------|
| | Vulnerable; Contact your | |
| | support organization per | |
| 12.2YO | the instructions in | Not Vulnerable |
| | Obtaining Fixed Software | |
| | section of this advisory | |
|------------+---------------------------+---------------------------|
| 12.2YP | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.2YQ | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.2YR | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.2YS | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2YT | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2YU | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+---------------------------|
| | Releases prior to 12.2 | Releases prior to 12.2 |
| 12.2YV | (11)YV1 are vulnerable, | (11)YV1 are vulnerable, |
| | release 12.2(11)YV1 and | release 12.2(11)YV1 and |
| | later are not vulnerable | later are not vulnerable |
|------------+---------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2YW | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2YX | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2YY | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2YZ | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+---------------------------|
| 12.2ZA | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| | Releases up to and | Releases up to and |
| 12.2ZB | including 12.2(8)ZB are | including 12.2(8)ZB are |
| | not vulnerable. | not vulnerable. |
|------------+---------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2ZC | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2ZD | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+---------------------------|
| 12.2ZE | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.2ZF | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.2ZG | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.2ZH | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2ZJ | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2ZL | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2ZP | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+---------------------------|
| | Vulnerable; migrate to | Vulnerable; Contact your |
| | any release in 12.2SXH | support organization per |
| 12.2ZU | | the instructions in |
| | Releases up to and | Obtaining Fixed Software |
| | including 12.2(18)ZU are | section of this advisory |
| | not vulnerable. | |
|------------+---------------------------+---------------------------|
| 12.2ZX | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2ZY | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+---------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2ZYA | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+---------------------------+---------------------------|
| Affected | | First Fixed Release for |
| 12.3-Based | First Fixed Release for | All Advisories in the |
| Releases | This Advisory | September 2010 Bundle |
| | | Publication |
|------------+---------------------------+---------------------------|
| 12.3 | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.3B | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.3BC | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.3BW | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.3EU | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.3JA | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.3JEA | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.3JEB | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.3JEC | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.3JED | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| | Releases up to and | Releases up to and |
| | including 12.3(2)JK3 are | including 12.3(2)JK3 are |
| | not vulnerable. | not vulnerable. Releases |
| 12.3JK | | 12.3(8)JK1 and later are |
| | Releases 12.3(8)JK1 and | not vulnerable; first |
| | later are not vulnerable; | fixed in 12.4T |
| | first fixed in 12.4 | |
|------------+---------------------------+---------------------------|
| 12.3JL | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.3JX | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.3T | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | Releases up to and | support organization per |
| 12.3TPC | including 12.3(4)TPC11a | the instructions in |
| | are not vulnerable. | Obtaining Fixed Software |
| | | section of this advisory |
|------------+---------------------------+---------------------------|
| 12.3VA | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+---------------------------+---------------------------|
| | Releases prior to 12.3(2) | |
| | XA7 are vulnerable, | Vulnerable; first fixed |
| 12.3XA | release 12.3(2)XA7 and | in 12.4T |
| | later are not vulnerable; | |
| | first fixed in 12.4 | |
|------------+---------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.3XB | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+---------------------------|
| 12.3XC | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.3XD | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.3XE | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.3XF | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+---------------------------|
| 12.3XG | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| | Releases prior to 12.3(7) | Releases prior to 12.3(7) |
| | XI11 are vulnerable, | XI11 are vulnerable, |
| 12.3XI | release 12.3(7)XI11 and | release 12.3(7)XI11 and |
| | later are not vulnerable; | later are not vulnerable; |
| | first fixed in 12.2SB | first fixed in 12.2SB |
|------------+---------------------------+---------------------------|
| 12.3XJ | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.3YX | in 12.4XR |
|------------+---------------------------+---------------------------|
| 12.3XK | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.3XL | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.3XQ | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.3XR | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.3XS | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+---------------------------+---------------------------|
| | Vulnerable; first fixed | |
| | in 12.4T | |
| 12.3XU | | Vulnerable; first fixed |
| | Releases up to and | in 12.4T |
| | including 12.3(8)XU1 are | |
| | not vulnerable. | |
|------------+---------------------------+---------------------------|
| 12.3XW | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.3YX | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.3XX | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.3XY | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.3XZ | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.3YA | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.3YD | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.3YF | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.3YX | in 12.4XR |
|------------+---------------------------+---------------------------|
| 12.3YG | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.3YH | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.3YI | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.3YJ | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+---------------------------+---------------------------|
| | Releases prior to 12.3 | |
| | (11)YK3 are vulnerable, | Vulnerable; first fixed |
| 12.3YK | release 12.3(11)YK3 and | in 12.4T |
| | later are not vulnerable; | |
| | first fixed in 12.4T | |
|------------+---------------------------+---------------------------|
| 12.3YM | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.3YQ | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+---------------------------+---------------------------|
| | Vulnerable; first fixed | |
| | in 12.4T | |
| 12.3YS | | Vulnerable; first fixed |
| | Releases up to and | in 12.4T |
| | including 12.3(11)YS1 are | |
| | not vulnerable. | |
|------------+---------------------------+---------------------------|
| 12.3YT | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.3YU | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.3YX | 12.3(14)YX17 | Vulnerable; first fixed |
| | | in 12.4XR |
|------------+---------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.3YZ | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+---------------------------|
| 12.3ZA | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+---------------------------+---------------------------|
| Affected | | First Fixed Release for |
| 12.4-Based | First Fixed Release for | All Advisories in the |
| Releases | This Advisory | September 2010 Bundle |
| | | Publication |
|------------+---------------------------+---------------------------|
| 12.4 | 12.4(25d) | 12.4(25d) |
|------------+---------------------------+---------------------------|
| 12.4GC | 12.4(24)GC2 | 12.4(24)GC2 |
|------------+---------------------------+---------------------------|
| 12.4JA | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.4JDA | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.4JDC | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.4JDD | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.4JHA | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.4JHB | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.4JK | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.4JL | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.4JMA | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.4JMB | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.4JX | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.4JY | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.4MD | Not Vulnerable | 12.4(24)MD2 |
|------------+---------------------------+---------------------------|
| 12.4MDA | 12.4(22)MDA4 | 12.4(22)MDA4 |
|------------+---------------------------+---------------------------|
| 12.4MR | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4MRA | in 12.4MRA |
|------------+---------------------------+---------------------------|
| 12.4MRA | 12.4(20)MRA1 | 12.4(20)MRA1 |
|------------+---------------------------+---------------------------|
| | Releases prior to 12.4 | |
| | (15)SW6 are vulnerable, | Vulnerable; first fixed |
| 12.4SW | release 12.4(15)SW6 and | in 12.4T |
| | later are not vulnerable; | |
| | first fixed in 12.4T | |
|------------+---------------------------+---------------------------|
| | 12.4(15)T14 | 12.4(15)T14 |
| | | |
| 12.4T | 12.4(20)T6 | 12.4(20)T6 |
| | | |
| | 12.4(24)T4 | 12.4(24)T4 |
|------------+---------------------------+---------------------------|
| 12.4XA | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.4XB | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.4XC | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.4XD | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+---------------------------+---------------------------|
| | Releases prior to 12.4(6) | Releases prior to 12.4(6) |
| | XE5 are vulnerable, | XE5 are vulnerable, |
| 12.4XE | release 12.4(6)XE5 and | release 12.4(6)XE5 and |
| | later are not vulnerable; | later are not vulnerable; |
| | first fixed in 12.4T | first fixed in 12.4T |
|------------+---------------------------+---------------------------|
| 12.4XF | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+---------------------------+---------------------------|
| | Releases prior to 12.4(9) | |
| | XG5 are vulnerable, | Vulnerable; first fixed |
| 12.4XG | release 12.4(9)XG5 and | in 12.4T |
| | later are not vulnerable; | |
| | first fixed in 12.4T | |
|------------+---------------------------+---------------------------|
| 12.4XJ | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.4XK | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+---------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.4XL | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+---------------------------|
| | Releases prior to 12.4 | |
| | (15)XM3 are vulnerable, | Vulnerable; first fixed |
| 12.4XM | release 12.4(15)XM3 and | in 12.4T |
| | later are not vulnerable; | |
| | first fixed in 12.4T | |
|------------+---------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.4XN | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.4XP | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+---------------------------|
| | Releases up to and | |
| | including 12.4(15)XQ are | |
| | not vulnerable. | 12.4(15)XQ6; Available on |
| 12.4XQ | | 22-SEP-10 |
| | Releases 12.4(15)XQ6 and | |
| | later are not vulnerable; | |
| | first fixed in 12.4T | |
|------------+---------------------------+---------------------------|
| | | 12.4(15)XR9 |
| 12.4XR | Not Vulnerable | |
| | | 12.4(22)XR7 |
|------------+---------------------------+---------------------------|
| 12.4XT | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+---------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.4XV | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+---------------------------|
| 12.4XW | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.4XY | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.4XZ | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.4YA | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+---------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.4YB | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.4YD | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+---------------------------|
| | Releases prior to 12.4 | |
| | (24)YE1 are vulnerable, | |
| 12.4YE | release 12.4(24)YE1 and | 12.4(24)YE1 |
| | later are not vulnerable; | |
| | first fixed in 12.4T | |
|------------+---------------------------+---------------------------|
| 12.4YG | 12.4(24)YG3 | 12.4(24)YG3 |
|------------+---------------------------+---------------------------|
| Affected | | First Fixed Release for |
| 15.0-Based | First Fixed Release for | All Advisories in the |
| Releases | This Advisory | September 2010 Bundle |
| | | Publication |
|------------+---------------------------+---------------------------|
| 15.0M | 15.0(1)M3 | 15.0(1)M3 |
|------------+---------------------------+---------------------------|
| | Cisco 7600 and 10000 | Cisco 7600 and 10000 |
| | Series routers: Not | Series routers: 15.0(1)S1 |
| | Vulnerable | (available early October |
| | | 2010) |
| 15.0S | Cisco ASR 1000 Series | |
| | routes: Please see Cisco | Cisco ASR 1000 Series |
| | IOS-XE Software | routes: Please see Cisco |
| | Availability | IOS-XE Software |
| | | Availability |
|------------+---------------------------+---------------------------|
| 15.0XA | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 15.1T | in 15.1T |
|------------+---------------------------+---------------------------|
| 15.0XO | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| Affected | | First Fixed Release for |
| 15.1-Based | First Fixed Release for | All Advisories in the |
| Releases | This Advisory | September 2010 Bundle |
| | | Publication |
|------------+---------------------------+---------------------------|
| | 15.1(1)T1 | |
| 15.1T | | 15.1(2)T1 |
| | 15.1(2)T0a | |
|------------+---------------------------+---------------------------|
| 15.1XB | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 15.1T | in 15.1T |
+--------------------------------------------------------------------+
Cisco IOS XE Software
+--------------------
+-------------------------------------------------------------------+
| Cisco IOS | First Fixed | First Fixed Release for All |
| XE | Release for This | Advisories in the September 2010 |
| Release | Advisory | Bundle Publication |
|-----------+------------------+------------------------------------|
| 2.1.x | Not Vulnerable | Not Vulnerable |
|-----------+------------------+------------------------------------|
| 2.2.x | Not Vulnerable | Not Vulnerable |
|-----------+------------------+------------------------------------|
| 2.3.x | Not Vulnerable | Not Vulnerable |
|-----------+------------------+------------------------------------|
| 2.4.x | Not Vulnerable | Not Vulnerable |
|-----------+------------------+------------------------------------|
| 2.5.x | 2.5.2 | Vulnerable; migrate to 2.6.2 or |
| | | later |
|-----------+------------------+------------------------------------|
| 2.6.x | 2.6.1 | 2.6.2 |
|-----------+------------------+------------------------------------|
| 3.1.xS | Not Vulnerable | Not Vulnerable |
+-------------------------------------------------------------------+
For mapping of Cisco IOS XE to Cisco IOS releases, please refer to
the Cisco IOS XE 2 and Cisco IOS XE 3S Release Notes.
Workarounds
===========
There are no workarounds to mitigate these vulnerabilities apart from
disabling H.323 if the Cisco IOS device does not require it. Applying
access lists on interfaces that should not accept H.323 traffic and
placing firewalls in strategic locations may greatly reduce exposure
until an upgrade can be performed.
Cisco provides Solution Reference Network Design (SRND) guides to
help design and deploy networking solutions, which can be found at
http://www.cisco.com/go/srnd Voice Security best practices are
covered in the Cisco Unified Communications SRND Based on Cisco
Unified Communications Manager 6.x at
http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/srnd/6x/security.html
To disable all H.323 call processing, administrators can issue the
call service stop forced command under the voice service voip mode,
as shown in this example:
voice service voip
h323
call service stop forced
Note: The call service stop forced command disables all H.323 call
processing.
Additional mitigations that can be deployed on Cisco devices within
the network are available in the companion document "Cisco Applied
Mitigation Bulletin: Identifying and Mitigating Exploitation of the
Multiple Vulnerabilities in Cisco Voice Products", which is available
at the following location:
http://www.cisco.com/warp/public/707/cisco-amb-20100922-voice.shtml
Obtaining Fixed Software
========================
Cisco has released free software updates that address these
vulnerabilities. Prior to deploying software, customers should
consult their maintenance provider or check the software for feature
set compatibility and known issues specific to their environment.
Customers may only install and expect support for the feature sets
they have purchased. By installing, downloading, accessing or
otherwise using such software upgrades, customers agree to be bound
by the terms of Cisco's software license terms found at
http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html
or as otherwise set forth at Cisco.com Downloads at
http://www.cisco.com/public/sw-center/sw-usingswc.shtml
Do not contact psirt@cisco.com or security-alert@cisco.com for
software upgrades.
Customers with Service Contracts
+-------------------------------
Customers with contracts should obtain upgraded software through
their regular update channels. For most customers, this means that
upgrades should be obtained through the Software Center on Cisco's
worldwide website at http://www.cisco.com
Customers using Third Party Support Organizations
+------------------------------------------------
Customers whose Cisco products are provided or maintained through
prior or existing agreements with third-party support organizations,
such as Cisco Partners, authorized resellers, or service providers
should contact that support organization for guidance and assistance
with the appropriate course of action in regards to this advisory.
The effectiveness of any workaround or fix is dependent on specific
customer situations, such as product mix, network topology, traffic
behavior, and organizational mission. Due to the variety of affected
products and releases, customers should consult with their service
provider or support organization to ensure any applied workaround or
fix is the most appropriate for use in the intended network before it
is deployed.
Customers without Service Contracts
+----------------------------------
Customers who purchase direct from Cisco but do not hold a Cisco
service contract, and customers who purchase through third-party
vendors but are unsuccessful in obtaining fixed software through
their point of sale should acquire upgrades by contacting the Cisco
Technical Assistance Center (TAC). TAC contacts are as follows.
* +1 800 553 2447 (toll free from within North America)
* +1 408 526 7209 (toll call from anywhere in the world)
* e-mail: tac@cisco.com
Customers should have their product serial number available and be
prepared to give the URL of this notice as evidence of entitlement to
a free upgrade. Free upgrades for non-contract customers must be
requested through the TAC.
Refer to
http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html
for additional TAC contact information, including localized telephone
numbers, and instructions and e-mail addresses for use in various
languages.
Exploitation and Public Announcements
=====================================
The Cisco PSIRT is not aware of any public announcements or malicious
use of the vulnerabilities described in this advisory.
These vulnerabilities were found during Cisco internal testing.
Status of this Notice: FINAL
============================
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY
KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS
AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS
DOCUMENT AT ANY TIME.
A stand-alone copy or Paraphrase of the text of this document that
omits the distribution URL in the following section is an
uncontrolled copy, and may lack important information or contain
factual errors.
Distribution
============
This advisory is posted on Cisco's worldwide website at :
http://www.cisco.com/warp/public/707/cisco-sa-2010922-h323.shtml
In addition to worldwide web posting, a text version of this notice
is clear-signed with the Cisco PSIRT PGP key and is posted to the
following e-mail and Usenet news recipients.
* cust-security-announce@cisco.com
* first-bulletins@lists.first.org
* bugtraq@securityfocus.com
* vulnwatch@vulnwatch.org
* cisco@spot.colorado.edu
* cisco-nsp@puck.nether.net
* full-disclosure@lists.grok.org.uk
* comp.dcom.sys.cisco@newsgate.cisco.com
Future updates of this advisory, if any, will be placed on Cisco's
worldwide website, but may or may not be actively announced on
mailing lists or newsgroups. Users concerned about this problem are
encouraged to check the above URL for any updates.
Revision History
================
+-----------------------------------------+
| Revision | | Initial |
| 1.0 | 2010-September-22 | public |
| | | release. |
+-----------------------------------------+
Cisco Security Procedures
=========================
Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and
registering to receive security information from Cisco, is available
on Cisco's worldwide website at
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
This includes instructions for press inquiries regarding Cisco
security notices. All Cisco security advisories are available at
http://www.cisco.com/go/psirt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (Darwin)
iEYEARECAAYFAkyZ/SoACgkQ86n/Gc8U/uCR8ACfbSQwX1PMeEwUVJWTSeGDtyrW
jTMAnRuYshIzCis7CHMiORtLxeSKi80b
=B67E
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
VAR-201009-0127 | CVE-2010-2830 |
Cisco IOS Internet Group Management Protocol Denial of Service Vulnerability
Related entries in the VARIoT exploits database: VAR-E-201009-0622 |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
The IGMPv3 implementation in Cisco IOS 12.2, 12.3, 12.4, and 15.0 and IOS XE 2.5.x before 2.5.2, when PIM is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed IGMP packet, aka Bug ID CSCte14603. The problem is Bug ID : CSCte14603 It is a problem.Unauthorized by a third party IGMP Service disruption via packets (DoS) There is a possibility of being put into a state.
An attacker can exploit this issue to cause an affected device to reload, denying service to legitimate users.
This issue is being tracked by Cisco Bug ID CSCte14603. ----------------------------------------------------------------------
Windows Applications Insecure Library Loading
The Official, Verified Secunia List:
http://secunia.com/advisories/windows_insecure_library_loading/
The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected.
----------------------------------------------------------------------
TITLE:
Cisco IOS IGMPv3 Denial of Service Vulnerability
SECUNIA ADVISORY ID:
SA41551
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/41551/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=41551
RELEASE DATE:
2010-09-23
DISCUSS ADVISORY:
http://secunia.com/advisories/41551/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/41551/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=41551
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been reported in Cisco IOS, which can be
exploited by malicious people to cause a DoS (Denial of Service).
SOLUTION:
Apply updates (please see the vendor's advisory for details).
PROVIDED AND/OR DISCOVERED BY:
Reported to the vendor by a customer.
ORIGINAL ADVISORY:
cisco-sa-20100922-igmp:
http://www.cisco.com/warp/public/707/cisco-sa-20100922-igmp.shtml
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. Cisco has released free software updates that address this
vulnerability.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20100922-igmp.shtml
Note: The September 22, 2010, Cisco IOS Software Security Advisory
bundled publication includes six Cisco Security Advisories. Five of
the advisories address vulnerabilities in Cisco IOS Software, and one
advisory addresses vulnerabilities in Cisco Unified Communications
Manager. Each advisory lists the releases that correct the
vulnerability or vulnerabilities detailed in the advisory. The table
at the following URL lists releases that correct all Cisco IOS
Software vulnerabilities that have been published on September 22,
2010, or earlier:
http://www.cisco.com/warp/public/707/cisco-sa-20100922-bundle.shtml
Individual publication links are in "Cisco Event Response: Semiannual
Cisco IOS Software Security Advisory Bundled Publication" at the
following link:
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep10.html
Affected Products
=================
Vulnerable Products
+------------------
The following products are affected by this vulnerability:
* Cisco IOS Software
* Cisco IOS XE Software
To determine the Cisco IOS Software release that is running on a
Cisco product, administrators can log in to the device and issue
the show version command to display the system banner. The system
banner confirms that the device is running Cisco IOS Software by
displaying text similar to "Cisco Internetwork Operating System
Software" or "Cisco IOS Software." The image name displays in
parentheses, followed by "Version" and the Cisco IOS Software
release name. Other Cisco devices do not have the show version
command or may provide different output.
The following example identifies a Cisco product that is running
Cisco IOS Software Release 12.4(20)T with an installed image name
of C1841-ADVENTERPRISEK9-M:
Router#show version
Cisco IOS Software, 1841 Software (C1841-ADVENTERPRISEK9-M), Version 12.4(20)T, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2008 by Cisco Systems, Inc.
Compiled Thu 10-Jul-08 20:25 by prod_rel_team
Additional information about Cisco IOS Software release naming
conventions is available in White Paper: Cisco IOS and NX-OS
Software Reference Guide.
Products Confirmed Not Vulnerable
+--------------------------------
No other Cisco products are currently known to be affected by this
vulnerability.
The IGMP version 1, IGMP version 2, and IPv6 Multicast Listener
Discovery protocol (MLD) features in Cisco IOS and Cisco IOS XE
Software are not affected by this vulnerability.
Details
=======
Internet Group Management Protocol (IGMP) is the protocol used by
hosts and adjacent routers to manage membership in IP multicast
groups. The IGMP version 3 protocol permits source-specific multicast
which allows hosts to specify the IP address of the multicast source.
A malformed IGMP packet can cause a vulnerable device to reload. This
vulnerability can only be exploited if the malformed IGMP packet is
received on an interface that has been enabled for IGMP version 3 and
Protocol Independent Multicast (PIM). The malformed IGMP packet
destination address can be unicast, multicast, or broadcast and can
be addressed to any IP address in the vulnerable device, including
loopback addresses.
To exploit this vulnerability, a malformed packet must be received on
a vulnerable interface, but it can be addressed to any IP address on
the vulnerable device.
Transit traffic will not trigger this vulnerability.
A vulnerable interface configuration requires the PIM mode of
operation (sparse-dense, sparse, or dense) to be configured in
addition to the ip igmp version 3 command. The three possible
configurations that permit exploitation of this vulnerability are:
!--- Interface configured for PIM sparse and IGMPv3
interface GigabitEthernet0/0
ip address 192.168.0.1 255.255.255.0
ip pim sparse-mode
ip igmp version 3
!--- Interface configured for PIM sparse-dense and IGMPv3
interface GigabitEthernet0/1
ip address 192.168.1.1 255.255.255.0
ip pim sparse-dense-mode
ip igmp version 3
!--- Interface configured for PIM dense and IGMPv3
interface GigabitEthernet0/2
ip address 192.168.2.1 255.255.255.0
ip pim dense-mode
ip igmp version 3
The IGMP version 3 lite feature is unrelated to this vulnerability,
in that the presence or absence of the ip igmp v3lite command on an
interface does not change the vulnerable condition of that interface.
The IP router alert option may or may not be present in packets
attempting to exploit the vulnerability described in this document. This vulnerability has been assigned
Common Vulnerabilities and Exposures (CVE) ID CVE-2010-2830.
Vulnerability Scoring Details
=============================
Cisco has provided scores for the vulnerability in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of
the vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding
CVSS at
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html
Cisco has also provided a CVSS calculator to help compute the
environmental impact for individual networks at
http://intellishield.cisco.com/security/alertmanager/cvss
CSCte14603 - IGMPv3 DoS Vulnerability
CVSS Base Score - 7.1
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Complete
CVSS Temporal Score - 5.9
Exploitability Functional
Remediation Level Official Fix
Report Confidence Confirmed
Impact
======
Successful exploitation of this vulnerability may cause the affected
device vulnerable device to reload. Repeated exploitation may result
in a sustained DoS condition.
Software Versions and Fixes
===========================
When considering software upgrades, also consult
http://www.cisco.com/go/psirt and any subsequent advisories to
determine exposure and a complete upgrade solution.
In all cases, customers should exercise caution to be certain the
devices to be upgraded contain sufficient memory and that current
hardware and software configurations will continue to be supported
properly by the new release. If the information is not clear, contact
the Cisco Technical Assistance Center (TAC) or your contracted
maintenance provider for assistance.
Each row of the following Cisco IOS Software table corresponds to a
Cisco IOS Software train. If a particular train is vulnerable, the
earliest releases that contain the fix are listed in the First Fixed
Release For This Advisory column. The First Fixed Release for All
Advisories in the September 2010 Bundle Publication column lists the
earliest possible releases that correct all the published
vulnerabilities in the Cisco IOS Software Security Advisory bundled
publication. Cisco recommends upgrading to the latest available
release, where possible.
+-------------------------------------------------------------------+
| Major | Availability of Repaired Releases |
| Release | |
|------------+------------------------------------------------------|
| Affected | | First Fixed Release for |
| 12.0-Based | First Fixed Release for | All Advisories in the |
| Releases | This Advisory | September 2010 Bundle |
| | | Publication |
|-------------------------------------------------------------------|
| There are no affected 12.0 based releases |
|-------------------------------------------------------------------|
| Affected | | First Fixed Release for |
| 12.1-Based | First Fixed Release for | All Advisories in the |
| Releases | This Advisory | September 2010 Bundle |
| | | Publication |
|-------------------------------------------------------------------|
| There are no affected 12.1 based releases |
|-------------------------------------------------------------------|
| Affected | | First Fixed Release for |
| 12.2-Based | First Fixed Release for | All Advisories in the |
| Releases | This Advisory | September 2010 Bundle |
| | | Publication |
|------------+--------------------------+---------------------------|
| 12.2 | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| | | Vulnerable; first fixed |
| | | in 12.4T |
| 12.2B | Not Vulnerable | |
| | | Releases up to and |
| | | including 12.2(2)B7 are |
| | | not vulnerable. |
|------------+--------------------------+---------------------------|
| 12.2BC | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2BW | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| | | Vulnerable; first fixed |
| | | in 12.2SB |
| 12.2BX | Not Vulnerable | |
| | | Releases up to and |
| | | including 12.2(15)BX are |
| | | not vulnerable. |
|------------+--------------------------+---------------------------|
| | | Vulnerable; first fixed |
| | | in 12.4T |
| 12.2BY | Not Vulnerable | |
| | | Releases up to and |
| | | including 12.2(2)BY3 are |
| | | not vulnerable. |
|------------+--------------------------+---------------------------|
| 12.2BZ | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2CX | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2CY | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2CZ | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.2DA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2DD | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2DX | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2EW | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2EWA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2EX | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2EY | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2EZ | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2FX | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2FY | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2FZ | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2IRA | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2IRB | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2IRC | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2IRD | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2IRE | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2IXA | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2IXB | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2IXC | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2IXD | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2IXE | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2IXF | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2IXG | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2IXH | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.2JA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2JK | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2MB | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| | | Releases up to and |
| | | including 12.2(15)MC1 are |
| 12.2MC | Not Vulnerable | not vulnerable. Releases |
| | | 12.2(15)MC2b and later |
| | | are not vulnerable; first |
| | | fixed in 12.4T |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2MRA | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.2MRB | Not Vulnerable | 12.2(33)MRB2 |
|------------+--------------------------+---------------------------|
| | | Releases prior to 12.2 |
| 12.2S | Not Vulnerable | (30)S are vulnerable, |
| | | release 12.2(30)S and |
| | | later are not vulnerable |
|------------+--------------------------+---------------------------|
| | | 12.2(31)SB19; Releases |
| | | prior to 12.2(33)SB5 are |
| 12.2SB | Not Vulnerable | vulnerable, release 12.2 |
| | | (33)SB5 and later are not |
| | | vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SBC | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.2SB |
|------------+--------------------------+---------------------------|
| 12.2SCA | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.2SCB |
|------------+--------------------------+---------------------------|
| 12.2SCB | Not Vulnerable | 12.2(33)SCB9 |
|------------+--------------------------+---------------------------|
| 12.2SCC | Not Vulnerable | 12.2(33)SCC5 |
|------------+--------------------------+---------------------------|
| 12.2SCD | Not Vulnerable | 12.2(33)SCD3 |
|------------+--------------------------+---------------------------|
| 12.2SE | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SEA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SEB | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SEC | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SED | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SEE | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SEF | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SEG | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| | | Releases prior to 12.2 |
| | | (40)SG are vulnerable, |
| 12.2SG | Not Vulnerable | release 12.2(40)SG and |
| | | later are not vulnerable; |
| | | migrate to any release in |
| | | 12.2SGA |
|------------+--------------------------+---------------------------|
| 12.2SGA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SL | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SM | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SO | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SQ | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| | | Releases prior to 12.2 |
| 12.2SRA | Not Vulnerable | (33)SRA6 are vulnerable, |
| | | release 12.2(33)SRA6 and |
| | | later are not vulnerable |
|------------+--------------------------+---------------------------|
| | | Releases prior to 12.2 |
| 12.2SRB | Not Vulnerable | (33)SRB1 are vulnerable, |
| | | release 12.2(33)SRB1 and |
| | | later are not vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SRC | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SRD | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SRE | 12.2(33)SRE1 | 12.2(33)SRE1 |
|------------+--------------------------+---------------------------|
| 12.2STE | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SU | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| | | Releases prior to 12.2 |
| | | (29b)SV1 are vulnerable, |
| 12.2SV | Not Vulnerable | release 12.2(29b)SV1 and |
| | | later are not vulnerable; |
| | | migrate to any release in |
| | | 12.2SVD |
|------------+--------------------------+---------------------------|
| 12.2SVA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SVC | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SVD | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SVE | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| | | Releases up to and |
| | | including 12.2(21)SW1 are |
| 12.2SW | Not Vulnerable | not vulnerable. Releases |
| | | 12.2(25)SW12 and later |
| | | are not vulnerable; first |
| | | fixed in 12.4T |
|------------+--------------------------+---------------------------|
| | | Releases up to and |
| 12.2SX | Not Vulnerable | including 12.2(14)SX2 are |
| | | not vulnerable. |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2SXA | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2SXB | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2SXD | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2SXE | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Releases prior to 12.2 |
| | | (18)SXF11 are vulnerable, |
| 12.2SXF | Not Vulnerable | releases 12.2(18)SXF11 |
| | | and later are not |
| | | vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SXH | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SXI | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SY | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2SZ | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.2T | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2TPC | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.2XA | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2XB | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2XC | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2XD | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2XE | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2XF | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2XG | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2XH | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2XI | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2XJ | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2XK | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2XL | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2XM | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2XN | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.2SB |
|------------+--------------------------+---------------------------|
| 12.2XNA | Please see Cisco IOS-XE | Please see Cisco IOS-XE |
| | Software Availability | Software Availability |
|------------+--------------------------+---------------------------|
| 12.2XNB | Please see Cisco IOS-XE | Please see Cisco IOS-XE |
| | Software Availability | Software Availability |
|------------+--------------------------+---------------------------|
| 12.2XNC | Please see Cisco IOS-XE | Please see Cisco IOS-XE |
| | Software Availability | Software Availability |
|------------+--------------------------+---------------------------|
| 12.2XND | Please see Cisco IOS-XE | Please see Cisco IOS-XE |
| | Software Availability | Software Availability |
|------------+--------------------------+---------------------------|
| 12.2XNE | Please see Cisco IOS-XE | Please see Cisco IOS-XE |
| | Software Availability | Software Availability |
|------------+--------------------------+---------------------------|
| 12.2XNF | Please see Cisco IOS-XE | Please see Cisco IOS-XE |
| | Software Availability | Software Availability |
|------------+--------------------------+---------------------------|
| 12.2XO | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2XQ | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2XR | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2XS | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2XT | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2XU | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2XV | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2XW | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2YA | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YB | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YC | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YD | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YE | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YF | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.2YG | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YH | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YJ | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YK | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YL | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.2YM | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YN | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.2YO | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2YP | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2YQ | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2YR | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2YS | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YT | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YU | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Releases prior to 12.2 |
| 12.2YV | Not Vulnerable | (11)YV1 are vulnerable, |
| | | release 12.2(11)YV1 and |
| | | later are not vulnerable |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YW | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YX | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YY | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YZ | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.2ZA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| | | Releases up to and |
| 12.2ZB | Not Vulnerable | including 12.2(8)ZB are |
| | | not vulnerable. |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2ZC | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2ZD | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.2ZE | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2ZF | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2ZG | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2ZH | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2ZJ | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2ZL | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2ZP | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2ZU | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.2ZX | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2ZY | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2ZYA | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| Affected | | First Fixed Release for |
| 12.3-Based | First Fixed Release for | All Advisories in the |
| Releases | This Advisory | September 2010 Bundle |
| | | Publication |
|------------+--------------------------+---------------------------|
| 12.3 | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3B | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3BC | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.3BW | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.3EU | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.3JA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.3JEA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.3JEB | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.3JEC | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.3JED | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| | | Releases up to and |
| | | including 12.3(2)JK3 are |
| 12.3JK | Not Vulnerable | not vulnerable. Releases |
| | | 12.3(8)JK1 and later are |
| | | not vulnerable; first |
| | | fixed in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3JL | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.3JX | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| | Vulnerable; first fixed | |
| | in 12.4 | |
| 12.3T | | Vulnerable; first fixed |
| | Releases up to and | in 12.4T |
| | including 12.3(11)T11 | |
| | are not vulnerable. | |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.3TPC | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.3VA | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3XA | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.3XB | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.3XC | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3XD | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3XE | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.3XF | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.3XG | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| | | Releases prior to 12.3(7) |
| | | XI11 are vulnerable, |
| 12.3XI | Not Vulnerable | release 12.3(7)XI11 and |
| | | later are not vulnerable; |
| | | first fixed in 12.2SB |
|------------+--------------------------+---------------------------|
| 12.3XJ | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4XR |
|------------+--------------------------+---------------------------|
| 12.3XK | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3XL | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3XQ | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3XR | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3XS | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3XU | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3XW | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3XX | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3XY | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3XZ | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3YA | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3YD | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3YF | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4XR |
|------------+--------------------------+---------------------------|
| 12.3YG | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3YH | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3YI | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3YJ | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3YK | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3YM | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3YQ | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3YS | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3YT | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3YU | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3YX | 12.3(14)YX17 | Vulnerable; first fixed |
| | | in 12.4XR |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.3YZ | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.3ZA | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| Affected | | First Fixed Release for |
| 12.4-Based | First Fixed Release for | All Advisories in the |
| Releases | This Advisory | September 2010 Bundle |
| | | Publication |
|------------+--------------------------+---------------------------|
| 12.4 | 12.4(25d) | 12.4(25d) |
|------------+--------------------------+---------------------------|
| 12.4GC | 12.4(24)GC2 | 12.4(24)GC2 |
|------------+--------------------------+---------------------------|
| 12.4JA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.4JDA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.4JDC | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.4JDD | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.4JHA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.4JHB | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.4JK | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.4JL | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.4JMA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.4JMB | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.4JX | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.4JY | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.4MD | 12.4(24)MD2 | 12.4(24)MD2 |
|------------+--------------------------+---------------------------|
| | 12.4(24)MDA1 | |
| 12.4MDA | | 12.4(22)MDA4 |
| | 12.4(22)MDA4 | |
|------------+--------------------------+---------------------------|
| 12.4MR | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4MRA | in 12.4MRA |
|------------+--------------------------+---------------------------|
| 12.4MRA | 12.4(20)MRA1 | 12.4(20)MRA1 |
|------------+--------------------------+---------------------------|
| | Releases prior to 12.4 | |
| | (15)SW6 are vulnerable, | |
| 12.4SW | release 12.4(15)SW6 and | Vulnerable; first fixed |
| | later are not | in 12.4T |
| | vulnerable; first fixed | |
| | in 12.4T | |
|------------+--------------------------+---------------------------|
| | 12.4(24)T3 | |
| | | 12.4(15)T14 |
| | 12.4(22)T5 | |
| 12.4T | | 12.4(20)T6 |
| | 12.4(20)T5 | |
| | | 12.4(24)T4 |
| | 12.4(15)T14 | |
|------------+--------------------------+---------------------------|
| 12.4XA | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.4XB | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.4XC | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.4XD | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| | Releases prior to 12.4 | Releases prior to 12.4(6) |
| | (6)XE5 are vulnerable, | XE5 are vulnerable, |
| 12.4XE | release 12.4(6)XE5 and | release 12.4(6)XE5 and |
| | later are not | later are not vulnerable; |
| | vulnerable; first fixed | first fixed in 12.4T |
| | in 12.4T | |
|------------+--------------------------+---------------------------|
| 12.4XF | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.4XG | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.4XJ | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.4XK | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.4XL | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.4XM | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.4XN | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.4XP | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.4XQ | 12.4(15)XQ6; Available | 12.4(15)XQ6; Available on |
| | on 22-SEP-10 | 22-SEP-10 |
|------------+--------------------------+---------------------------|
| | 12.4(15)XR9 | 12.4(15)XR9 |
| 12.4XR | | |
| | 12.4(22)XR7 | 12.4(22)XR7 |
|------------+--------------------------+---------------------------|
| 12.4XT | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.4XV | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.4XW | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.4XY | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.4XZ | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.4YA | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.4YB | 12.4(22)YB6 | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.4YD | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| | 12.4(24)YE1 | |
| 12.4YE | | 12.4(24)YE1 |
| | 12.4(22)YE4 | |
|------------+--------------------------+---------------------------|
| 12.4YG | 12.4(24)YG3 | 12.4(24)YG3 |
|------------+--------------------------+---------------------------|
| Affected | | First Fixed Release for |
| 15.0-Based | First Fixed Release for | All Advisories in the |
| Releases | This Advisory | September 2010 Bundle |
| | | Publication |
|------------+--------------------------+---------------------------|
| 15.0M | 15.0(1)M2 | 15.0(1)M3 |
|------------+--------------------------+---------------------------|
| | Cisco 7600 and 10000 | Cisco 7600 and 10000 |
| | Series routers: Not | Series routers: 15.0(1)S1 |
| | vulnerable | (Available early October |
| | | 2010) |
| 15.0S | Cisco ASR 1000 Series | |
| | routes: Please see Cisco | Cisco ASR 1000 Series |
| | IOS-XE Software | routes: Please see Cisco |
| | Availability | IOS-XE Software |
| | | Availability |
|------------+--------------------------+---------------------------|
| 15.0XA | Vulnerable; migrate to | Vulnerable; first fixed |
| | any release in 15.1T | in 15.1T |
|------------+--------------------------+---------------------------|
| 15.0XO | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| Affected | | First Fixed Release for |
| 15.1-Based | First Fixed Release for | All Advisories in the |
| Releases | This Advisory | September 2010 Bundle |
| | | Publication |
|-------------------------------------------------------------------|
| There are no affected 15.1 based releases |
+-------------------------------------------------------------------+
Cisco IOS XE Software
+--------------------
+-------------------------------------------------------------------+
| Cisco IOS | First Fixed | First Fixed Release for All |
| XE | Release for This | Advisories in the September 2010 |
| Release | Advisory | Bundle Publication |
|-----------+------------------+------------------------------------|
| 2.1.x | Not Vulnerable | Not Vulnerable |
|-----------+------------------+------------------------------------|
| 2.2.x | Not Vulnerable | Not Vulnerable |
|-----------+------------------+------------------------------------|
| 2.3.x | Not Vulnerable | Not Vulnerable |
|-----------+------------------+------------------------------------|
| 2.4.x | Not Vulnerable | Not Vulnerable |
|-----------+------------------+------------------------------------|
| 2.5.x | 2.5.2 | Vulnerable; migrate to 2.6.2 or |
| | | later |
|-----------+------------------+------------------------------------|
| 2.6.x | Not Vulnerable | 2.6.2 |
|-----------+------------------+------------------------------------|
| 3.1.xS | Not Vulnerable | Not Vulnerable |
+-------------------------------------------------------------------+
To map Cisco IOS XE Software releases to Cisco IOS Software releases,
refer to the Cisco IOS XE 2 and Cisco IOS XE 3S Release Notes.
Cisco IOS XR Software Table
+--------------------------
Cisco IOS XR Software is not affected by the vulnerabilities
disclosed in the September 22, 2010, Cisco IOS Software Security
Advisory bundle publication.
Workarounds
===========
Additional mitigations that can be deployed on Cisco devices within
the network are available in the Cisco Applied Mitigation Bulletin
companion document for this advisory, which is available at the
following link:
http://www.cisco.com/warp/public/707/cisco-amb-20100922-igmp.shtml
IGMP version 2
+-------------
Customers who do not require the Source Specific Multicast (SSM)
functionality can use IGMP version 2 as a workaround.
interface GigabitEthernet0/0
ip address 192.168.0.1 255.255.255.0
ip pim sparse-mode
ip igmp version 2
Control Plane Policing
+---------------------
A partial mitigation of the vulnerability described in this document
is to block IGMP packets with an IP Time to Live (TTL) field value
that is not equal to 1.
CoPP may be configured on a device to protect the management and
control planes, and minimize the risk and effectiveness of direct
infrastructure attacks by explicitly permitting only authorized
traffic sent to infrastructure devices in accordance with existing
security policies and configurations. The following example can be
adapted to your network. Drop of IGMP packets with unicast IP
destination addresses can also be implemented with CoPP if the
network is using all multicast applications that utilize only
multicast group destination addresses for IGMP packets.
!
!-- The following access list is used
!-- to determine what traffic needs to be dropped by a control plane
!-- policy (the CoPP feature.) If the access list matches (permit),
!-- then traffic will be dropped. If the access list does not
!-- match (deny), then traffic will be processed by the router.
!-- all IGMP packets with ttl different from 1 will be selected
!-- by this acl and the "drop" action will be applied in the
!-- corresponding CoPP polisy
!
ip access-list extended IGMP-ACL
permit igmp any any ttl neq 1
!
!-- Permit (Police or Drop)/Deny (Allow) all other Layer3 and Layer4
!-- traffic in accordance with existing security policies and
!-- configurations for traffic that is authorized to be sent
!-- to infrastructure devices.
!-- Create a class map for traffic that will be policed by
!-- the CoPP feature.
!
class-map match-all drop-IGMP-class
match access-group name IGMP-ACL
!
!-- Create a policy map that will be applied to the
!-- Control Plane of the device, and add the "drop-tcp-traffic"
!-- class map.
!
policy-map CoPP-policy
class drop-IGMP-class
drop
!
!-- Apply the policy map to the control plane of the
!-- device.
!
control-plane
service-policy input CoPP-policy
Additional information on the configuration and use of the CoPP
feature is available in the Control Plane Policing Implementation
Best Practices.
Obtaining Fixed Software
========================
Cisco has released free software updates that address this
vulnerability. Prior to deploying software, customers should consult
their maintenance provider or check the software for feature set
compatibility and known issues specific to their environment.
Customers may only install and expect support for the feature sets
they have purchased. By installing, downloading, accessing or
otherwise using such software upgrades, customers agree to be bound
by the terms of Cisco's software license terms found at
http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html
or as otherwise set forth at Cisco.com Downloads at
http://www.cisco.com/public/sw-center/sw-usingswc.shtml
Do not contact psirt@cisco.com or security-alert@cisco.com for
software upgrades.
Customers with Service Contracts
+-------------------------------
Customers with contracts should obtain upgraded software through
their regular update channels. For most customers, this means that
upgrades should be obtained through the Software Center on Cisco's
worldwide website at http://www.cisco.com.
Customers using Third Party Support Organizations
+------------------------------------------------
Customers whose Cisco products are provided or maintained through
prior or existing agreements with third-party support organizations,
such as Cisco Partners, authorized resellers, or service providers
should contact that support organization for guidance and assistance
with the appropriate course of action in regards to this advisory.
The effectiveness of any workaround or fix is dependent on specific
customer situations, such as product mix, network topology, traffic
behavior, and organizational mission. Due to the variety of affected
products and releases, customers should consult with their service
provider or support organization to ensure any applied workaround or
fix is the most appropriate for use in the intended network before it
is deployed.
Customers without Service Contracts
+----------------------------------
Customers who purchase direct from Cisco but do not hold a Cisco
service contract, and customers who purchase through third-party
vendors but are unsuccessful in obtaining fixed software through
their point of sale should acquire upgrades by contacting the Cisco
Technical Assistance Center (TAC). TAC contacts are as follows.
* +1 800 553 2447 (toll free from within North America)
* +1 408 526 7209 (toll call from anywhere in the world)
* e-mail: tac@cisco.com
Customers should have their product serial number available and be
prepared to give the URL of this notice as evidence of entitlement to
a free upgrade. Free upgrades for non-contract customers must be
requested through the TAC.
Refer to
http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html
for additional TAC contact information, including localized telephone
numbers, and instructions and e-mail addresses for use in various
languages.
Exploitation and Public Announcements
=====================================
The Cisco PSIRT is not aware of any public announcements or malicious
use of the vulnerability described in this advisory.
This vulnerability was reported to Cisco by a customer.
Status of this Notice: FINAL
============================
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY
KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS
AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS
DOCUMENT AT ANY TIME.
A stand-alone copy or Paraphrase of the text of this document that
omits the distribution URL in the following section is an
uncontrolled copy, and may lack important information or contain
factual errors.
Distribution
============
This advisory is posted on Cisco's worldwide website at:
http://www.cisco.com/warp/public/707/cisco-sa-20100922-igmp.shtml
In addition to worldwide web posting, a text version of this notice
is clear-signed with the Cisco PSIRT PGP key and is posted to the
following e-mail and Usenet news recipients.
* cust-security-announce@cisco.com
* first-bulletins@lists.first.org
* bugtraq@securityfocus.com
* vulnwatch@vulnwatch.org
* cisco@spot.colorado.edu
* cisco-nsp@puck.nether.net
* full-disclosure@lists.grok.org.uk
* comp.dcom.sys.cisco@newsgate.cisco.com
Future updates of this advisory, if any, will be placed on Cisco's
worldwide website, but may or may not be actively announced on
mailing lists or newsgroups. Users concerned about this problem are
encouraged to check the above URL for any updates.
Revision History
================
+---------------------------------------+
| Revision | | Initial |
| 1.0 | 2010-Sep-22 | public |
| | | release. |
+---------------------------------------+
Cisco Security Procedures
=========================
Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and
registering to receive security information from Cisco, is available
on Cisco's worldwide website at
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
This includes instructions for press inquiries regarding Cisco
security notices. All Cisco security advisories are available at
http://www.cisco.com/go/psirt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (Darwin)
iEYEARECAAYFAkyZ/SsACgkQ86n/Gc8U/uCbNgCfXPOxAGWckAe7qNCH3ji+tE3n
tlcAniKclgzM+5lzNmRCpt3M7yJqDzcT
=MXP9
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
VAR-201009-0066 | CVE-2010-2835 |
plural Cisco Denial of service in products (DoS) Vulnerability
Related entries in the VARIoT exploits database: VAR-E-201009-0217 |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.0 before 7.0(2a)su3, 7.1su before 7.1(3b)su2, 7.1 before 7.1(5), and 8.0 before 8.0(1) allow remote attackers to cause a denial of service (device reload or voice-services outage) via a SIP REFER request with an invalid Refer-To header, aka Bug IDs CSCta20040 and CSCta31358. plural Cisco Products include SIP Service operation is interrupted due to inadequate processing of (DoS) There are vulnerabilities that cause a condition. The problem is Bug IDs CSCta20040 and CSCta31358 Problem.Invalid by a third party Refer-To Header is added SIP REFER Denial of service via request (DoS) May be in a state. Cisco Unified Communications Manager is a call processing component in the Cisco IP Telephony solution. When the UDP protocol is used, there is an error in the SIP registration implementation, and special SIP messages can be used to terminate important processes and disrupt voice services. Allow malicious users to conduct denial of service attacks.
An attacker can exploit this issue to cause an interruption in voice services or cause the affected device to reload, denying service to legitimate users.
This issue is tracked by Cisco Bug IDs CSCta31358 and CSCta20040. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Cisco IOS Software Session Initiation
Protocol Denial of Service Vulnerabilities
Advisory ID: cisco-sa-20100922-sip
http://www.cisco.com/warp/public/707/cisco-sa-20100922-sip.shtml
Revision 1.0
For Public Release 2010 September 22 1600 UTC (GMT)
- ---------------------------------------------------------------------
Summary
=======
Multiple vulnerabilities exist in the Session Initiation Protocol
(SIP) implementation in Cisco IOS^ Software that could allow an
unauthenticated, remote attacker to cause a reload of an affected
device when SIP operation is enabled.
Cisco has released free software updates that address these
vulnerabilities. There are no workarounds for devices that must run
SIP; however, mitigations are available to limit exposure to the
vulnerabilities.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20100922-sip.shtml
Note: The September 22, 2010, Cisco IOS Software Security Advisory
bundled publication includes six Cisco Security Advisories. Each advisory lists the releases that correct the
vulnerability or vulnerabilities detailed in the advisory. The table
at the following URL lists releases that correct all Cisco IOS
Software vulnerabilities that have been published on September 22,
2010, or earlier:
http://www.cisco.com/warp/public/707/cisco-sa-20100922-bundle.shtml
Individual publication links are in "Cisco Event Response: Semiannual
Cisco IOS Software Security Advisory Bundled Publication" at the
following link:
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep10.html
Cisco Unified Communications Manager (CUCM) is affected by the
vulnerabilities described in this advisory. Two separate Cisco
Security Advisories have been published to disclose the
vulnerabilities that affect the Cisco Unified Communications Manager
at the following locations:
http://www.cisco.com/warp/public/707/cisco-sa-20090826-cucm.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20100922-cucm.shtml
Affected Products
=================
These vulnerabilities only affect devices running Cisco IOS Software
with SIP voice services enabled.
Vulnerable Products
+------------------
Cisco devices are affected when they are running affected Cisco IOS
Software versions that are configured to process SIP messages.
Recent versions of Cisco IOS Software do not process SIP messages by
default. In addition, several features within Cisco Unified
Communications Manager Express, such as ePhones, will also
automatically start the SIP process when they are configured, causing
the device to start processing SIP messages. An example of an
affected configuration follows:
dial-peer voice <Voice dial-peer tag> voip
...
!
In addition to inspecting the Cisco IOS device configuration for a
dial-peer command that causes the device to process SIP messages,
administrators can also use the show processes | include SIP command
to determine whether Cisco IOS Software is running the processes that
handle SIP messages. In the following example, the presence of the
processes CCSIP_UDP_SOCKET or CCSIP_TCP_SOCKET indicates that the
Cisco IOS device will process SIP messages:
Router# show processes | include SIP
149 Mwe 40F48254 4 1 400023108/24000 0 CCSIP_UDP_SOCKET
150 Mwe 40F48034 4 1 400023388/24000 0 CCSIP_TCP_SOCKET
Note: Because there are several ways a device running Cisco IOS
Software can start processing SIP messages, it is recommended that
the show processes | include SIP command be used to determine whether
the device is processing SIP messages instead of relying on the
presence of specific configuration commands.
Cisco Unified Border Element images are also affected by two of these
vulnerabilities.
Note: The Cisco Unified Border Element feature (previously known as
the Cisco Multiservice IP-to-IP Gateway) is a special Cisco IOS
Software image that runs on Cisco multiservice gateway platforms. It
provides a network-to-network interface point for billing, security,
call admission control, quality of service, and signaling
interworking.
To determine the Cisco IOS Software release that is running on a
Cisco product, administrators can log in to the device and issue the
show version command to display the system banner. The system banner
confirms that the device is running Cisco IOS Software by displaying
text similar to "Cisco Internetwork Operating System Software" or
"Cisco IOS Software." The image name displays in parentheses,
followed by "Version" and the Cisco IOS Software release name. Other
Cisco devices do not have the show version command or may provide
different output.
The following example identifies a Cisco product that is running
Cisco IOS Software Release 12.3(26) with an installed image name of
C2500-IS-L:
Router# show version
Cisco Internetwork Operating System Software
IOS (tm) 2500 Software (C2500-IS-L), Version 12.3(26), RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2008 by cisco Systems, Inc.
Compiled Mon 17-Mar-08 14:39 by dchih
!--- output truncated
The following example identifies a Cisco product that is running
Cisco IOS Software Release 12.4(20)T with an installed image name of
C1841-ADVENTERPRISEK9-M:
Router# show version
Cisco IOS Software, 1841 Software (C1841-ADVENTERPRISEK9-M), Version 12.4(20)T,
RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2008 by Cisco Systems, Inc.
Compiled Thu 10-Jul-08 20:25 by prod_rel_team
!--- output truncated
Additional information about Cisco IOS Software release naming
conventions is available in "White Paper: Cisco IOS Reference Guide"
at the following link: http://www.cisco.com/warp/public/620/1.html
Note: CUCM is affected by the vulnerabilities described in this
advisory.
Cisco IOS XR Software is not affected by these vulnerabilities.
No other Cisco products are currently known to be affected by these
vulnerabilities.
Details
=======
SIP is a popular signaling protocol that is used to manage voice and
video calls across IP networks such as the Internet. SIP is
responsible for handling all aspects of call setup and termination.
Voice and video are the most popular types of sessions that SIP
handles, but the protocol has the flexibility to accommodate other
applications that require call setup and termination. SIP call
signaling can use UDP (port 5060), TCP (port 5060), or Transport
Layer Security (TLS; TCP port 5061) as the underlying transport
protocol. These vulnerabilities are triggered when the device
running Cisco IOS Software processes crafted SIP messages.
Note: In cases where SIP is running over TCP transport, a TCP
three-way handshake is necessary to exploit these vulnerabilities.
Vulnerability Scoring Details
=============================
Cisco has provided scores for the vulnerabilities in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of
the vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding
CVSS at
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html
Cisco has also provided a CVSS calculator to help compute the
environmental impact for individual networks at
http://intellishield.cisco.com/security/alertmanager/cvss
CSCta20040 - Device crashes when receiving crafted SIP message
CVSS Base Score - 7.8
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Complete
CVSS Temporal Score - 6.4
Exploitability Functional
Remediation Level Official Fix
Report Confidence Confirmed
CSCsz43987 - IOS coredump when sending crafted packets
CVSS Base Score - 7.8
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Complete
CVSS Temporal Score - 6.4
Exploitability Functional
Remediation Level Official Fix
Report Confidence Confirmed
CSCtf72678 - IOS Coredump Generated when sending crafted packets
CVSS Base Score - 7.8
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Complete
CVSS Temporal Score - 6.4
Exploitability Functional
Remediation Level Official Fix
Report Confidence Confirmed
Impact
======
Successful exploitation of the vulnerabilities in this advisory may
result in a reload of the device. Repeated exploitation could result
in a sustained denial of service condition.
Software Versions and Fixes
===========================
When considering software upgrades, also consult
http://www.cisco.com/go/psirt and any subsequent advisories to
determine exposure and a complete upgrade solution.
In all cases, customers should exercise caution to be certain the
devices to be upgraded contain sufficient memory and that current
hardware and software configurations will continue to be supported
properly by the new release. If the information is not clear, contact
the Cisco Technical Assistance Center (TAC) or your contracted
maintenance provider for assistance.
Each row of the following Cisco IOS Software table corresponds to a
Cisco IOS Software train. If a particular train is vulnerable, the
earliest releases that contain the fix are listed in the First Fixed
Release For This Advisory column. The First Fixed Release for All
Advisories in the September 2010 Bundle Publication column lists the
earliest possible releases that correct all the published
vulnerabilities in the Cisco IOS Software Security Advisory bundled
publication. Cisco recommends upgrading to the latest available
release, where possible.
+-------------------------------------------------------------------+
| Major | Availability of Repaired Releases |
| Release | |
|------------+------------------------------------------------------|
| Affected | | First Fixed Release for |
| 12.0-Based | First Fixed Release for | All Advisories in the |
| Releases | This Advisory | September 2010 Bundle |
| | | Publication |
|-------------------------------------------------------------------|
| There are no affected 12.0-based releases |
|-------------------------------------------------------------------|
| Affected | | First Fixed Release for |
| 12.1-Based | First Fixed Release for | All Advisories in the |
| Releases | This Advisory | September 2010 Bundle |
| | | Publication |
|-------------------------------------------------------------------|
| There are no affected 12.1-based releases |
|-------------------------------------------------------------------|
| Affected | | First Fixed Release for |
| 12.2-Based | First Fixed Release for | All Advisories in the |
| Releases | This Advisory | September 2010 Bundle |
| | | Publication |
|------------+--------------------------+---------------------------|
| 12.2 | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| | | Vulnerable; first fixed |
| | | in 12.4T |
| 12.2B | Not Vulnerable | |
| | | Releases up to and |
| | | including 12.2(2)B7 are |
| | | not vulnerable. |
|------------+--------------------------+---------------------------|
| 12.2BC | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2BW | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| | | Vulnerable; first fixed |
| | | in 12.2SB |
| 12.2BX | Not Vulnerable | |
| | | Releases up to and |
| | | including 12.2(15)BX are |
| | | not vulnerable. |
|------------+--------------------------+---------------------------|
| | | Vulnerable; first fixed |
| | | in 12.4T |
| 12.2BY | Not Vulnerable | |
| | | Releases up to and |
| | | including 12.2(2)BY3 are |
| | | not vulnerable. |
|------------+--------------------------+---------------------------|
| 12.2BZ | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2CX | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2CY | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2CZ | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.2DA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2DD | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2DX | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2EW | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2EWA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2EX | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2EY | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2EZ | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2FX | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2FY | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2FZ | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2IRA | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2IRB | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2IRC | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2IRD | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2IRE | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2IXA | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2IXB | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2IXC | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2IXD | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2IXE | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2IXF | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2IXG | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2IXH | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.2JA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2JK | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2MB | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| | | Releases up to and |
| | | including 12.2(15)MC1 are |
| 12.2MC | Not Vulnerable | not vulnerable. Releases |
| | | 12.2(15)MC2b and later |
| | | are not vulnerable; first |
| | | fixed in 12.4T |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2MRA | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.2MRB | Not Vulnerable | 12.2(33)MRB2 |
|------------+--------------------------+---------------------------|
| | | Releases prior to 12.2 |
| 12.2S | Not Vulnerable | (30)S are vulnerable, |
| | | release 12.2(30)S and |
| | | later are not vulnerable |
|------------+--------------------------+---------------------------|
| | | 12.2(31)SB19 |
| | | |
| 12.2SB | Not Vulnerable | Releases prior to 12.2 |
| | | (33)SB5 are vulnerable, |
| | | release 12.2(33)SB5 and |
| | | later are not vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SBC | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.2SB |
|------------+--------------------------+---------------------------|
| 12.2SCA | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.2SCB |
|------------+--------------------------+---------------------------|
| 12.2SCB | Not Vulnerable | 12.2(33)SCB9 |
|------------+--------------------------+---------------------------|
| 12.2SCC | Not Vulnerable | 12.2(33)SCC5 |
|------------+--------------------------+---------------------------|
| 12.2SCD | Not Vulnerable | 12.2(33)SCD3 |
|------------+--------------------------+---------------------------|
| 12.2SE | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SEA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SEB | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SEC | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SED | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SEE | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SEF | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SEG | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| | | Releases prior to 12.2 |
| | | (40)SG are vulnerable, |
| 12.2SG | Not Vulnerable | release 12.2(40)SG and |
| | | later are not vulnerable; |
| | | migrate to any release in |
| | | 12.2SGA |
|------------+--------------------------+---------------------------|
| 12.2SGA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SL | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SM | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SO | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SQ | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| | | Releases prior to 12.2 |
| 12.2SRA | Not Vulnerable | (33)SRA6 are vulnerable, |
| | | release 12.2(33)SRA6 and |
| | | later are not vulnerable |
|------------+--------------------------+---------------------------|
| | | Releases prior to 12.2 |
| 12.2SRB | Not Vulnerable | (33)SRB1 are vulnerable, |
| | | release 12.2(33)SRB1 and |
| | | later are not vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SRC | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SRD | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SRE | Not Vulnerable | 12.2(33)SRE1 |
|------------+--------------------------+---------------------------|
| 12.2STE | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SU | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| | | Releases prior to 12.2 |
| | | (29b)SV1 are vulnerable, |
| 12.2SV | Not Vulnerable | release 12.2(29b)SV1 and |
| | | later are not vulnerable; |
| | | migrate to any release in |
| | | 12.2SVD |
|------------+--------------------------+---------------------------|
| 12.2SVA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SVC | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SVD | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SVE | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| | | Releases up to and |
| | | including 12.2(21)SW1 are |
| 12.2SW | Not Vulnerable | not vulnerable. Releases |
| | | 12.2(25)SW12 and later |
| | | are not vulnerable; first |
| | | fixed in 12.4T |
|------------+--------------------------+---------------------------|
| | | Releases up to and |
| 12.2SX | Not Vulnerable | including 12.2(14)SX2 are |
| | | not vulnerable. |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2SXA | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2SXB | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2SXD | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2SXE | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Releases prior to 12.2 |
| 12.2SXF | Not Vulnerable | (18)SXF11 are vulnerable, |
| | | release 12.2(18)SXF11 and |
| | | later are not vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SXH | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SXI | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SY | Vulnerable; migrate to | Not Vulnerable |
| | any release in 12.2S | |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2SZ | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.2T | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2TPC | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.2XA | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2XB | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2XC | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2XD | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2XE | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2XF | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2XG | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2XH | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2XI | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2XJ | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2XK | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2XL | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2XM | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2XN | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.2SB |
|------------+--------------------------+---------------------------|
| 12.2XNA | Please see Cisco IOS-XE | Please see Cisco IOS-XE |
| | Software Availability | Software Availability |
|------------+--------------------------+---------------------------|
| 12.2XNB | Please see Cisco IOS-XE | Please see Cisco IOS-XE |
| | Software Availability | Software Availability |
|------------+--------------------------+---------------------------|
| 12.2XNC | Please see Cisco IOS-XE | Please see Cisco IOS-XE |
| | Software Availability | Software Availability |
|------------+--------------------------+---------------------------|
| 12.2XND | Please see Cisco IOS-XE | Please see Cisco IOS-XE |
| | Software Availability | Software Availability |
|------------+--------------------------+---------------------------|
| 12.2XNE | Please see Cisco IOS-XE | Please see Cisco IOS-XE |
| | Software Availability | Software Availability |
|------------+--------------------------+---------------------------|
| 12.2XNF | Please see Cisco IOS-XE | Please see Cisco IOS-XE |
| | Software Availability | Software Availability |
|------------+--------------------------+---------------------------|
| 12.2XO | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2XQ | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2XR | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2XS | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2XT | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2XU | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2XV | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2XW | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2YA | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YB | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YC | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YD | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YE | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YF | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.2YG | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YH | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YJ | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YK | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YL | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.2YM | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YN | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.2YO | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2YP | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2YQ | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2YR | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2YS | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YT | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YU | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Releases prior to 12.2 |
| 12.2YV | Not Vulnerable | (11)YV1 are vulnerable, |
| | | release 12.2(11)YV1 and |
| | | later are not vulnerable |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YW | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YX | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YY | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YZ | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.2ZA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| | | Releases up to and |
| 12.2ZB | Not Vulnerable | including 12.2(8)ZB are |
| | | not vulnerable. |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2ZC | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2ZD | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.2ZE | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2ZF | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2ZG | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2ZH | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2ZJ | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2ZL | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2ZP | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2ZU | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.2ZX | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2ZY | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2ZYA | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| Affected | | First Fixed Release for |
| 12.3-Based | First Fixed Release for | All Advisories in the |
| Releases | This Advisory | September 2010 Bundle |
| | | Publication |
|------------+--------------------------+---------------------------|
| 12.3 | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3B | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3BC | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.3BW | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.3EU | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.3JA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.3JEA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.3JEB | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.3JEC | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.3JED | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| | Releases up to and | |
| | including 12.3(2)JK3 are | Releases up to and |
| | not vulnerable. | including 12.3(2)JK3 are |
| 12.3JK | | not vulnerable. Releases |
| | Releases 12.3(8)JK1 and | 12.3(8)JK1 and later are |
| | later are not | not vulnerable; first |
| | vulnerable; first fixed | fixed in 12.4T |
| | in 12.4T | |
|------------+--------------------------+---------------------------|
| 12.3JL | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.3JX | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| | Vulnerable; first fixed | |
| | in 12.4T | |
| 12.3T | | Vulnerable; first fixed |
| | Releases up to and | in 12.4T |
| | including 12.3(4)T11 are | |
| | not vulnerable. | |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.3TPC | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.3VA | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3XA | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.3XB | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.3XC | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3XD | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3XE | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.3XF | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.3XG | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| | Releases prior to 12.3 | Releases prior to 12.3(7) |
| | (7)XI11 are vulnerable, | XI11 are vulnerable, |
| 12.3XI | release 12.3(7)XI11 and | release 12.3(7)XI11 and |
| | later are not vulnerable | later are not vulnerable; |
| | | first fixed in 12.2SB |
|------------+--------------------------+---------------------------|
| 12.3XJ | Vulnerable; migrate to | Vulnerable; first fixed |
| | any release in 12.4XN | in 12.4XR |
|------------+--------------------------+---------------------------|
| 12.3XK | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3XL | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3XQ | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3XR | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3XS | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| | Vulnerable; first fixed | |
| | in 12.4T | |
| 12.3XU | | Vulnerable; first fixed |
| | Releases up to and | in 12.4T |
| | including 12.3(8)XU1 are | |
| | not vulnerable. | |
|------------+--------------------------+---------------------------|
| 12.3XW | Vulnerable; migrate to | Vulnerable; first fixed |
| | any release in 12.4XN | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3XX | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3XY | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3XZ | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3YA | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3YD | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3YF | Vulnerable; migrate to | Vulnerable; first fixed |
| | any release in 12.4XN | in 12.4XR |
|------------+--------------------------+---------------------------|
| 12.3YG | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3YH | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3YI | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3YJ | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| | Releases prior to 12.3 | |
| | (11)YK3 are vulnerable, | |
| 12.3YK | release 12.3(11)YK3 and | Vulnerable; first fixed |
| | later are not | in 12.4T |
| | vulnerable; first fixed | |
| | in 12.4T | |
|------------+--------------------------+---------------------------|
| 12.3YM | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3YQ | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| | Vulnerable; first fixed | |
| | in 12.4T | |
| 12.3YS | | Vulnerable; first fixed |
| | Releases up to and | in 12.4T |
| | including 12.3(11)YS1 | |
| | are not vulnerable. | |
|------------+--------------------------+---------------------------|
| 12.3YT | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3YU | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3YX | Vulnerable; migrate to | Vulnerable; first fixed |
| | any release in 12.4XN | in 12.4XR |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.3YZ | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.3ZA | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| Affected | | First Fixed Release for |
| 12.4-Based | First Fixed Release for | All Advisories in the |
| Releases | This Advisory | September 2010 Bundle |
| | | Publication |
|------------+--------------------------+---------------------------|
| 12.4 | 12.4(25d) | 12.4(25d) |
|------------+--------------------------+---------------------------|
| 12.4GC | 12.4(24)GC2 | 12.4(24)GC2 |
|------------+--------------------------+---------------------------|
| 12.4JA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.4JDA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.4JDC | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.4JDD | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.4JHA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.4JHB | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.4JK | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.4JL | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.4JMA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.4JMB | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.4JX | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.4JY | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.4MD | Not Vulnerable | 12.4(24)MD2 |
|------------+--------------------------+---------------------------|
| 12.4MDA | Not Vulnerable | 12.4(22)MDA4 |
|------------+--------------------------+---------------------------|
| 12.4MR | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4MRA | in 12.4MRA |
|------------+--------------------------+---------------------------|
| 12.4MRA | 12.4(20)MRA1 | 12.4(20)MRA1 |
|------------+--------------------------+---------------------------|
| 12.4SW | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| | 12.4(15)T14 | 12.4(15)T14 |
| | | |
| 12.4T | 12.4(24)T4 | 12.4(24)T4 |
| | | |
| | 12.4(20)T6 | 12.4(20)T6 |
|------------+--------------------------+---------------------------|
| 12.4XA | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.4XB | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.4XC | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.4XD | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| | Releases prior to 12.4 | Releases prior to 12.4(6) |
| | (6)XE5 are vulnerable, | XE5 are vulnerable, |
| 12.4XE | release 12.4(6)XE5 and | release 12.4(6)XE5 and |
| | later are not | later are not vulnerable; |
| | vulnerable; first fixed | first fixed in 12.4T |
| | in 12.4T | |
|------------+--------------------------+---------------------------|
| 12.4XF | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.4XG | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.4XJ | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.4XK | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.4XL | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| | Releases up to and | |
| | including 12.4(15)XM are | |
| | not vulnerable. | |
| 12.4XM | | Vulnerable; first fixed |
| | Releases 12.4(15)XM3 and | in 12.4T |
| | later are not | |
| | vulnerable; first fixed | |
| | in 12.4T | |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.4XN | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.4XP | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.4XQ | Not Vulnerable | 12.4(15)XQ6; Available on |
| | | 22-SEP-10 |
|------------+--------------------------+---------------------------|
| | | 12.4(15)XR9 |
| 12.4XR | Not Vulnerable | |
| | | 12.4(22)XR7 |
|------------+--------------------------+---------------------------|
| 12.4XT | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.4XV | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.4XW | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.4XY | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.4XZ | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.4YA | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.4YB | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.4YD | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.4YE | Not Vulnerable | 12.4(24)YE1 |
|------------+--------------------------+---------------------------|
| 12.4YG | Not Vulnerable | 12.4(24)YG3 |
|------------+--------------------------+---------------------------|
| Affected | | First Fixed Release for |
| 15.0-Based | First Fixed Release for | All Advisories in the |
| Releases | This Advisory | September 2010 Bundle |
| | | Publication |
|------------+--------------------------+---------------------------|
| 15.0M | 15.0(1)M3 | 15.0(1)M3 |
|------------+--------------------------+---------------------------|
| | Cisco 7600 and 10000 | Cisco 7600 and 10000 |
| | Series routers: Not | Series routers: 15.0(1)S1 |
| | Vulnerable | (available early October |
| | | 2010). |
| 15.0S | Cisco ASR 1000 Series | |
| | routes: Please see Cisco | Cisco ASR 1000 Series |
| | IOS-XE Software | routes: Please see Cisco |
| | Availability | IOS-XE Software |
| | | Availability |
|------------+--------------------------+---------------------------|
| 15.0XA | 15.0(1)XA4 | Vulnerable; first fixed |
| | | in 15.1T |
|------------+--------------------------+---------------------------|
| 15.0XO | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| Affected | | First Fixed Release for |
| 15.1-Based | First Fixed Release for | All Advisories in the |
| Releases | This Advisory | September 2010 Bundle |
| | | Publication |
|------------+--------------------------+---------------------------|
| | 15.1(2)T0a | |
| 15.1T | | 15.1(2)T1 |
| | 15.1(1)T1 | |
|------------+--------------------------+---------------------------|
| 15.1XB | 15.1(1)XB | Vulnerable; first fixed |
| | | in 15.1T |
+-------------------------------------------------------------------+
Cisco IOS XE Software
+--------------------
+-------------------------------------------------------------------+
| Cisco IOS | First Fixed | First Fixed Release for All |
| XE | Release for This | Advisories in the September 2010 |
| Release | Advisory | Bundle Publication |
|-----------+------------------+------------------------------------|
| 2.1.x | Not Vulnerable | Not Vulnerable |
|-----------+------------------+------------------------------------|
| 2.2.x | Not Vulnerable | Not Vulnerable |
|-----------+------------------+------------------------------------|
| 2.3.x | Not Vulnerable | Not Vulnerable |
|-----------+------------------+------------------------------------|
| 2.4.x | Not Vulnerable | Not Vulnerable |
|-----------+------------------+------------------------------------|
| | Vulnerable; | Vulnerable; migrate to 2.6.2 or |
| 2.5.x | migrate to 2.6.2 | later |
| | or later | |
|-----------+------------------+------------------------------------|
| 2.6.x | 2.6.1 | 2.6.2 |
|-----------+------------------+------------------------------------|
| 3.1.xS | Not Vulnerable | Not Vulnerable |
+-------------------------------------------------------------------+
For mapping of Cisco IOS XE to Cisco IOS releases, please refer to
the Cisco IOS XE 2 and Cisco IOS XE 3S Release Notes.
Cisco IOS XR System Software
+---------------------------
Cisco IOS XR Software is not affected by the vulnerabilities
disclosed in the September 22, 2010, Cisco IOS Software Security
Advisory bundled publication.
Workarounds
===========
If the affected Cisco IOS device requires SIP for VoIP services, SIP
cannot be disabled, and no workarounds are available. Users are
advised to apply mitigation techniques to help limit exposure to the
vulnerabilities. Mitigation consists of allowing only legitimate
devices to connect to affected devices. To increase effectiveness,
the mitigation must be coupled with anti-spoofing measures on the
network edge. This action is required because SIP can use UDP as the
transport protocol.
Additional mitigations that can be deployed on Cisco devices within
the network are available in the companion document "Cisco Applied
Mitigation Bulletin:Identifying and Mitigating Exploitation of the
Multiple Vulnerabilities in Cisco Voice Products", which is available
at the following location:
http://www.cisco.com/warp/public/707/cisco-amb-20100922-voice.shtml
Disabling SIP Listening Ports
+----------------------------
For devices that do not require SIP to be enabled, the simplest and
most effective workaround is to disable SIP processing on the device.
Some versions of Cisco IOS Software allow administrators to disable
SIP with the following commands:
sip-ua
no transport udp
no transport tcp
no transport tcp tls
warning Warning: When applying this workaround to devices that are
processing Media Gateway Control Protocol (MGCP) or H.323 calls, the
device will not stop SIP processing while active calls are being
processed. Under these circumstances, this workaround should be
implemented during a maintenance window when active calls can be
briefly stopped.
The show udp connections, show tcp brief all, and show processes |
include SIP commands can be used to confirm that the SIP UDP and TCP
ports are closed after applying this workaround.
Depending on the Cisco IOS Software version in use, the output from
the show ip sockets command may still show the SIP ports open, but
sending traffic to them will cause the SIP process to emit the
following message:
*Jun 2 11:36:47.691: sip_udp_sock_process_read: SIP UDP Listener is DISABLED
Control Plane Policing
+---------------------
For devices that need to offer SIP services, it is possible to use
Control Plane Policing (CoPP) to block SIP traffic to the device from
untrusted sources. Cisco IOS Releases 12.0S, 12.2SX, 12.2S, 12.3T,
12.4, and 12.4T support the CoPP feature. CoPP may be configured on a
device to protect the management and control planes to minimize the
risk and effectiveness of direct infrastructure attacks by explicitly
permitting only authorized traffic sent to infrastructure devices in
accordance with existing security policies and configurations. The
following example can be adapted to specific network configurations:
!-- The 192.168.1.0/24 network and the 172.16.1.1 host are trusted.
!-- Everything else is not trusted. The following access list is used
!-- to determine what traffic needs to be dropped by a control plane
!-- policy (the CoPP feature.) If the access list matches (permit)
!-- then traffic will be dropped and if the access list does not
!-- match (deny) then traffic will be processed by the router.
access-list 100 deny udp 192.168.1.0 0.0.0.255 any eq 5060
access-list 100 deny tcp 192.168.1.0 0.0.0.255 any eq 5060
access-list 100 deny tcp 192.168.1.0 0.0.0.255 any eq 5061
access-list 100 deny udp host 172.16.1.1 any eq 5060
access-list 100 deny tcp host 172.16.1.1 any eq 5060
access-list 100 deny tcp host 172.16.1.1 any eq 5061
access-list 100 permit udp any any eq 5060
access-list 100 permit tcp any any eq 5060
access-list 100 permit tcp any any eq 5061
!-- Permit (Police or Drop)/Deny (Allow) all other Layer3 and Layer4
!-- traffic in accordance with existing security policies and
!-- configurations for traffic that is authorized to be sent
!-- to infrastructure devices.
!-- Create a Class-Map for traffic to be policed by
!-- the CoPP feature.
class-map match-all drop-sip-class
match access-group 100
!-- Create a Policy-Map that will be applied to the
!-- Control-Plane of the device.
policy-map control-plane-policy
class drop-sip-class
drop
!-- Apply the Policy-Map to the Control-Plane of the
!-- device.
control-plane
service-policy input control-plane-policy
Note: Because SIP can use UDP as a transport protocol, it is possible
to easily spoof the IP address of the sender, which may defeat access
control lists that permit communication to these ports from trusted
IP addresses.
In the above CoPP example, the access control entries (ACEs) that
match the potential exploit packets with the "permit" action result
in these packets being discarded by the policy-map "drop" function,
while packets that match the "deny" action (not shown) are not
affected by the policy-map drop function. Additional information on
the configuration and use of the CoPP feature can be found at
http://www.cisco.com/web/about/security/intelligence/coppwp_gs.html
and http://www.cisco.com/en/US/docs/ios/12_3t/12_3t4/feature/guide/gtrtlimt.html
Obtaining Fixed Software
========================
Cisco has released free software updates that address these
vulnerabilities. Prior to deploying software, customers should
consult their maintenance provider or check the software for feature
set compatibility and known issues specific to their environment.
Customers may only install and expect support for the feature sets
they have purchased. By installing, downloading, accessing or
otherwise using such software upgrades, customers agree to be bound
by the terms of Cisco's software license terms found at
http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html
or as otherwise set forth at Cisco.com Downloads at
http://www.cisco.com/public/sw-center/sw-usingswc.shtml
Do not contact psirt@cisco.com or security-alert@cisco.com for
software upgrades.
Customers with Service Contracts
+-------------------------------
Customers with contracts should obtain upgraded software through
their regular update channels. For most customers, this means that
upgrades should be obtained through the Software Center on Cisco's
worldwide website at http://www.cisco.com
Customers using Third Party Support Organizations
+------------------------------------------------
Customers whose Cisco products are provided or maintained through
prior or existing agreements with third-party support organizations,
such as Cisco Partners, authorized resellers, or service providers
should contact that support organization for guidance and assistance
with the appropriate course of action in regards to this advisory.
The effectiveness of any workaround or fix is dependent on specific
customer situations, such as product mix, network topology, traffic
behavior, and organizational mission. Due to the variety of affected
products and releases, customers should consult with their service
provider or support organization to ensure any applied workaround or
fix is the most appropriate for use in the intended network before it
is deployed.
Customers without Service Contracts
+----------------------------------
Customers who purchase direct from Cisco but do not hold a Cisco
service contract, and customers who purchase through third-party
vendors but are unsuccessful in obtaining fixed software through
their point of sale should acquire upgrades by contacting the Cisco
Technical Assistance Center (TAC). TAC contacts are as follows.
* +1 800 553 2447 (toll free from within North America)
* +1 408 526 7209 (toll call from anywhere in the world)
* e-mail: tac@cisco.com
Customers should have their product serial number available and be
prepared to give the URL of this notice as evidence of entitlement to
a free upgrade. Free upgrades for non-contract customers must be
requested through the TAC.
Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html
for additional TAC contact information, including localized telephone
numbers, and instructions and e-mail addresses for use in various
languages.
Exploitation and Public Announcements
=====================================
The Cisco PSIRT is not aware of any public announcements or malicious
use of the vulnerability described in this advisory.
These vulnerabilities were discovered by Cisco during internal
testing.
Status of this Notice: FINAL
============================
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY
KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS
AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS
DOCUMENT AT ANY TIME.
A stand-alone copy or Paraphrase of the text of this document that
omits the distribution URL in the following section is an
uncontrolled copy, and may lack important information or contain
factual errors.
Distribution
============
This advisory is posted on Cisco's worldwide website at :
http://www.cisco.com/warp/public/707/cisco-sa-20100922-sip.shtml
In addition to worldwide web posting, a text version of this notice
is clear-signed with the Cisco PSIRT PGP key and is posted to the
following e-mail and Usenet news recipients.
* cust-security-announce@cisco.com
* first-bulletins@lists.first.org
* bugtraq@securityfocus.com
* vulnwatch@vulnwatch.org
* cisco@spot.colorado.edu
* cisco-nsp@puck.nether.net
* full-disclosure@lists.grok.org.uk
* comp.dcom.sys.cisco@newsgate.cisco.com
Future updates of this advisory, if any, will be placed on Cisco's
worldwide website, but may or may not be actively announced on
mailing lists or newsgroups. Users concerned about this problem are
encouraged to check the above URL for any updates.
Revision History
================
+-----------------------------------------+
| Revision | | Initial |
| 1.0 | 2010-September-22 | public |
| | | release. |
+-----------------------------------------+
Cisco Security Procedures
=========================
Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and
registering to receive security information from Cisco, is available
on Cisco's worldwide website at
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
This includes instructions for press inquiries regarding Cisco
security notices. All Cisco security advisories are available at
http://www.cisco.com/go/psirt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (Darwin)
iEYEARECAAYFAkyZ/SsACgkQ86n/Gc8U/uAExQCePGMUBQypd2bPNr1CbH19j1h3
9WgAn0czHTv1JOH6pJl2Bz4MRrPzokRR
=6+8R
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
. There is a workaround for these vulnerabilities. The software version
can also be determined by running the show version active command via
the command-line interface. Each vulnerability is
triggered by a malformed SIP message that could cause a critical
process to fail, which could result in the disruption of voice
services.
The first SIP DoS vulnerability is documented in Cisco Bug ID
CSCta31358 ( registered customers only) and has been assigned the CVE
identifier CVE-2010-2835. The corresponding IOS defect is CSCta20040.
The second SIP DoS vulnerability is documented in Cisco Bug ID
CSCtf14987 ( registered customers only) and has been assigned the CVE
identifier CVE-2010-2834.
The corresponding IOS defect is CSCtf72678. SIP processing is enabled by default. Use the
following instructions to disable SIP processing:
Step 1: Log into the Cisco Unified CM Administration web interface.
Step 3: Change the "SIP Interoperability Enabled" parameter to False,
and click Save. For information on how to
restart the service, refer to the "Restarting the Cisco CallManager
Service" section of the document at:
http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/admin/7_1_2/ccmcfg/b03dpi.html#wp1075124
It is possible to mitigate these vulnerabilities by implementing
filtering on screening devices and permitting access to TCP ports
5060 and 5061 and UDP ports 5060 and 5061 only from networks that
require SIP access to Cisco Unified Communications Manager servers. ----------------------------------------------------------------------
Windows Applications Insecure Library Loading
The Official, Verified Secunia List:
http://secunia.com/advisories/windows_insecure_library_loading/
The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected.
----------------------------------------------------------------------
TITLE:
Cisco IOS SIP Multiple Denial of Service Vulnerabilities
SECUNIA ADVISORY ID:
SA41549
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/41549/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=41549
RELEASE DATE:
2010-09-24
DISCUSS ADVISORY:
http://secunia.com/advisories/41549/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/41549/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=41549
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Cisco IOS, which can
be exploited by malicious people to cause a DoS (Denial of Service).
3) An error when processing specially crafted Session Initiation
Protocol (SIP) packets can be exploited to cause a device to reload.
SOLUTION:
Apply updates (please see the vendor's advisory for details).
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
cisco-sa-20100922-sip:
http://www.cisco.com/warp/public/707/cisco-sa-20100922-sip.shtml
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
SOLUTION:
Update to the latest version
VAR-201009-0065 | CVE-2010-2834 |
plural Cisco Service disruption in products (DoS) Vulnerabilities
Related entries in the VARIoT exploits database: VAR-E-201009-0055 |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)SU1, 7.x before 7.1(5), and 8.0 before 8.0(2) allow remote attackers to cause a denial of service (device reload or voice-services outage) via crafted SIP registration traffic over UDP, aka Bug IDs CSCtf72678 and CSCtf14987. plural Cisco The product includes SIP Service operation is interrupted due to incomplete processing (DoS) There is a vulnerability that becomes a condition. The problem is Bug IDs CSCtf72678 and CSCtf14987 It is a problem.By a third party UDP Cleverly crafted via SIP Service disruption through registered traffic (DoS) There is a possibility of being put into a state. Cisco Unified Communications Manager is a call processing component in the Cisco IP Telephony solution. When dealing with an illegal \"Refer-To\" header, there is an error, and special SIP messages can be used to terminate important processes and disrupt voice services.
An attacker can exploit this issue to cause an interruption in voice services or cause the affected device to reload, denying service to legitimate users.
This issue is tracked by Cisco Bug IDs CSCtf14987 and CSCtf72678. Cisco IOS is an operating system developed by Cisco in the United States for its network equipment. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Unified Communications Manager Session Initiation Protocol
Denial of Service Vulnerabilities
Advisory ID: cisco-sa-20100922-cucmsip
http://www.cisco.com/warp/public/707/cisco-sa-20100922-cucmsip.shtml
Revision 1.0
For Public Release 2010 September 22 1600 UTC (GMT)
- ---------------------------------------------------------------------
Summary
=======
Cisco Unified Communications Manager contains two denial of service
(DoS) vulnerabilities that affect the processing of Session
Initiation Protocol (SIP) messages.
To address these vulnerabilities, Cisco has released free software
updates. There is a workaround for these vulnerabilities.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20100922-cucmsip.shtml
Note: Cisco IOS Software is also affected by the vulnerabilities
described in this advisory. A companion advisory for Cisco IOS
software is available at:
http://www.cisco.com/warp/public/707/cisco-sa-20100922-sip.shtml
Note: The September 22, 2010, Cisco IOS Software Security Advisory
bundled publication includes six Cisco Security Advisories. Each advisory lists the releases that correct the
vulnerability or vulnerabilities detailed in the advisory. The software version
can also be determined by running the show version active command via
the command-line interface. No other Cisco products are currently known to
be affected by these vulnerabilities. All SIP ports (TCP ports 5060 and 5061 and UDP ports 5060
and 5061) are affected.
The first SIP DoS vulnerability is documented in Cisco Bug ID
CSCta31358 ( registered customers only) and has been assigned the CVE
identifier CVE-2010-2835. The corresponding IOS defect is CSCta20040.
The second SIP DoS vulnerability is documented in Cisco Bug ID
CSCtf14987 ( registered customers only) and has been assigned the CVE
identifier CVE-2010-2834.
The corresponding IOS defect is CSCtf72678.
Vulnerability Scoring Details
=============================
Cisco has provided scores for the vulnerabilities in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of
the vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding
CVSS at:
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html
Cisco has also provided a CVSS calculator to help compute the
environmental impact for individual networks at:
http://intellishield.cisco.com/security/alertmanager/cvss
CSCta31358 - c3945 GW crashes while testing REFER method with invalid
Refer-To header
CVSS Base Score - 7.8
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Complete
CVSS Temporal Score - 6.4
Exploitability Functional
Remediation Level Official Fix
Report Confidence Confirmed
CSCtf14987 - CCM Coredump Generated During UDP SIP Registration Fuzzing
CVSS Base Score - 7.8
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Complete
CVSS Temporal Score - 6.4
Exploitability Functional
Remediation Level Official Fix
Report Confidence Confirmed
Impact
======
Successful exploitation of the vulnerabilities that are described in
this advisory could result in the interruption of voice services.
Software Versions and Fixes
===========================
When considering software upgrades, also consult
http://www.cisco.com/go/psirt and any subsequent advisories to
determine exposure and a complete upgrade solution.
In all cases, customers should exercise caution to be certain the
devices to be upgraded contain sufficient memory and that current
hardware and software configurations will continue to be supported
properly by the new release. If the information is not clear, contact
the Cisco Technical Assistance Center (TAC) or your contracted
maintenance provider for assistance.
+---------------------------------------+
| Cisco Unified | Recommended |
| Communication Manager | Release |
| Version | |
|-------------------------+-------------|
| 6.x | 6.1(5)SU1 |
|-------------------------+-------------|
| 7.x | 7.1(5b)SU2 |
|-------------------------+-------------|
| 8.x | 8.0(3a) |
+---------------------------------------+
Note: The recommended releases listed in the table above are the
latest Cisco Unified Communications Manager versions available at the
publication of this advisory, and each release includes software
fixes for all the vulnerabilities described in this advisory.
Cisco Unified Communications Manager software can be downloaded at
the following link:
http://tools.cisco.com/support/downloads/go/Redirect.x?mdfid=268439621
Workarounds
===========
For customers who do not use SIP in their environment, there is a
workaround for these vulnerabilities. SIP processing is enabled by default. Use the
following instructions to disable SIP processing:
Step 1: Log into the Cisco Unified CM Administration web interface.
Step 3: Change the "SIP Interoperability Enabled" parameter to False,
and click Save. For information on how to
restart the service, refer to the "Restarting the Cisco CallManager
Service" section of the document at:
http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/admin/7_1_2/ccmcfg/b03dpi.html#wp1075124
It is possible to mitigate these vulnerabilities by implementing
filtering on screening devices and permitting access to TCP ports
5060 and 5061 and UDP ports 5060 and 5061 only from networks that
require SIP access to Cisco Unified Communications Manager servers.
Additional mitigations that can be deployed on Cisco devices in the
network are available in the companion document "Cisco Applied
Mitigation Bulletin: Identifying and Mitigating Exploitation of the
Multiple Vulnerabilities in Cisco Voice Products", which is available
at the following location:
http://www.cisco.com/warp/public/707/cisco-amb-20100922-voice.shtml
Obtaining Fixed Software
========================
Cisco has released free software updates that address these
vulnerabilities. Prior to deploying software, customers should
consult their maintenance provider or check the software for feature
set compatibility and known issues specific to their environment.
Customers may only install and expect support for the feature sets
they have purchased. By installing, downloading, accessing or
otherwise using such software upgrades, customers agree to be bound
by the terms of Cisco's software license terms found at
http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html
or as otherwise set forth at Cisco.com Downloads at
http://www.cisco.com/public/sw-center/sw-usingswc.shtml
Do not contact psirt@cisco.com or security-alert@cisco.com for
software upgrades.
Customers with Service Contracts
+-------------------------------
Customers with contracts should obtain upgraded software through
their regular update channels. For most customers, this means that
upgrades should be obtained through the Software Center on Cisco's
worldwide website at http://www.cisco.com
Customers using Third Party Support Organizations
+------------------------------------------------
Customers whose Cisco products are provided or maintained through
prior or existing agreements with third-party support organizations,
such as Cisco Partners, authorized resellers, or service providers
should contact that support organization for guidance and assistance
with the appropriate course of action in regards to this advisory.
The effectiveness of any workaround or fix is dependent on specific
customer situations, such as product mix, network topology, traffic
behavior, and organizational mission. Due to the variety of affected
products and releases, customers should consult with their service
provider or support organization to ensure any applied workaround or
fix is the most appropriate for use in the intended network before it
is deployed.
Customers without Service Contracts
+----------------------------------
Customers who purchase direct from Cisco but do not hold a Cisco
service contract, and customers who purchase through third-party
vendors but are unsuccessful in obtaining fixed software through
their point of sale should acquire upgrades by contacting the Cisco
Technical Assistance Center (TAC). TAC contacts are as follows.
* +1 800 553 2447 (toll free from within North America)
* +1 408 526 7209 (toll call from anywhere in the world)
* e-mail: tac@cisco.com
Customers should have their product serial number available and be
prepared to give the URL of this notice as evidence of entitlement to
a free upgrade. Free upgrades for non-contract customers must be
requested through the TAC.
Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html
for additional TAC contact information, including localized telephone
numbers, and instructions and e-mail addresses for use in various
languages.
Exploitation and Public Announcements
=====================================
The Cisco PSIRT is not aware of any public announcements or malicious
use of the vulnerabilities described in this advisory.
All vulnerabilities described in this advisory were discovered as a
result of internal testing conducted by Cisco.
Status of this Notice: FINAL
============================
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY
KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS
AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS
DOCUMENT AT ANY TIME.
A stand-alone copy or Paraphrase of the text of this document that
omits the distribution URL in the following section is an
uncontrolled copy, and may lack important information or contain
factual errors.
Distribution
============
This advisory is posted on Cisco's worldwide website at :
http://www.cisco.com/warp/public/707/cisco-sa-20100922-cucmsip.shtml
In addition to worldwide web posting, a text version of this notice
is clear-signed with the Cisco PSIRT PGP key and is posted to the
following e-mail and Usenet news recipients.
* cust-security-announce@cisco.com
* first-bulletins@lists.first.org
* bugtraq@securityfocus.com
* vulnwatch@vulnwatch.org
* cisco@spot.colorado.edu
* cisco-nsp@puck.nether.net
* full-disclosure@lists.grok.org.uk
* comp.dcom.sys.cisco@newsgate.cisco.com
Future updates of this advisory, if any, will be placed on Cisco's
worldwide website, but may or may not be actively announced on
mailing lists or newsgroups. Users concerned about this problem are
encouraged to check the above URL for any updates.
Revision History
================
+----------------------------------------+
| Revision | | Initial |
| 1.0 | 2010-September-22 | public |
| | | release |
+----------------------------------------+
Cisco Security Procedures
=========================
Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and
registering to receive security information from Cisco, is available
on Cisco's worldwide website at
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
This includes instructions for press inquiries regarding Cisco
security notices. All Cisco security advisories are available at
http://www.cisco.com/go/psirt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (Darwin)
iEYEARECAAYFAkyaIp0ACgkQ86n/Gc8U/uCsDQCbBrZ7ciwiNVxErJOxLLICNgXv
dE0An3lej+RKwoUMMf+GKTm/BBOHmlQL
=dwdr
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
. ----------------------------------------------------------------------
Windows Applications Insecure Library Loading
The Official, Verified Secunia List:
http://secunia.com/advisories/windows_insecure_library_loading/
The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected.
----------------------------------------------------------------------
TITLE:
Cisco IOS SIP Multiple Denial of Service Vulnerabilities
SECUNIA ADVISORY ID:
SA41549
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/41549/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=41549
RELEASE DATE:
2010-09-24
DISCUSS ADVISORY:
http://secunia.com/advisories/41549/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/41549/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=41549
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Cisco IOS, which can
be exploited by malicious people to cause a DoS (Denial of Service).
For more information see vulnerability #1:
SA36498
2) An error when processing certain unspecified Session Initiation
Protocol (SIP) traffic can be exploited to cause a device to reload.
3) An error when processing specially crafted Session Initiation
Protocol (SIP) packets can be exploited to cause a device to reload.
SOLUTION:
Apply updates (please see the vendor's advisory for details).
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
cisco-sa-20100922-sip:
http://www.cisco.com/warp/public/707/cisco-sa-20100922-sip.shtml
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
SOLUTION:
Update to the latest version
VAR-201009-0067 | CVE-2010-2831 |
Cisco IOS of SIP Implementation NAT Service disruption in (DoS) Vulnerabilities
Related entries in the VARIoT exploits database: VAR-E-201009-0951 |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in the NAT for SIP implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1 allows remote attackers to cause a denial of service (device reload) via transit traffic on UDP port 5060, aka Bug ID CSCtf17624. The problem is Bug ID : CSCtf17624 It is a problem.By a third party UDP port 5060 Service disruption through traffic on (DoS) There is a possibility of being put into a state. Cisco IOS is prone to a remote denial-of-service vulnerability.
An attacker can exploit these issues to cause an affected device to crash, denying service to legitimate users.
This issue is being tracked by Cisco Bug ID CSCtf17624. Cisco IOS is an operating system developed by Cisco in the United States for its network equipment. ----------------------------------------------------------------------
Windows Applications Insecure Library Loading
The Official, Verified Secunia List:
http://secunia.com/advisories/windows_insecure_library_loading/
The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected.
----------------------------------------------------------------------
TITLE:
Cisco IOS NAT Implementation Three Denial of Service Vulnerabilities
SECUNIA ADVISORY ID:
SA41539
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/41539/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=41539
RELEASE DATE:
2010-09-24
DISCUSS ADVISORY:
http://secunia.com/advisories/41539/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/41539/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=41539
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Three vulnerabilities have been reported in Cisco IOS, which can be
exploited by malicious people to cause a DoS (Denial of Service).
SOLUTION:
Update to a fixed version.
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
cisco-sa-20100922-nat:
http://www.cisco.com/warp/public/707/cisco-sa-20100922-nat.shtml
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Cisco IOS Software Network Address
Translation Vulnerabilities
Advisory ID: cisco-sa-20100922-nat
http://www.cisco.com/warp/public/707/cisco-sa-20100922-nat.shtml
Revision 1.0
For Public Release 2010 September 22 1600 UTC (GMT)
- ---------------------------------------------------------------------
Summary
=======
The Cisco IOS Software Network Address Translation functionality
contains three denial of service (DoS) vulnerabilities. The first
vulnerability is in the translation of Session Initiation Protocol
(SIP) packets, the second vulnerability in the translation of H.323
packets and the third vulnerability is in the translation of H.225.0
call signaling for H.323 packets.
Cisco has released free software updates that address these
vulnerabilities.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20100922-nat.shtml
Note: The September 22, 2010, Cisco IOS Software Security Advisory
bundled publication includes six Cisco Security Advisories. Five of
the advisories address vulnerabilities in Cisco IOS Software, and one
advisory addresses vulnerabilities in Cisco Unified Communications
Manager. Each advisory lists the releases that correct the
vulnerability or vulnerabilities detailed in the advisory. The table
at the following URL lists releases that correct all Cisco IOS
Software vulnerabilities that have been published on September 22,
2010, or earlier:
http://www.cisco.com/warp/public/707/cisco-sa-20100922-bundle.shtml
Individual publication links are in "Cisco Event Response: Semiannual
Cisco IOS Software Security Advisory Bundled Publication" at the
following link:
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep10.html
Affected Products
=================
Vulnerable Products
+------------------
Cisco devices running Cisco IOS Software that are configured for NAT
and that support NAT for SIP, H.323, or H.225.0 call signaling for
H.323 packets are affected.
To verify whether NAT is enabled on a Cisco IOS device log in to the
device and issue the show ip nat statistics command. The following
example shows a device that is configured with NAT:
Router#show ip nat statistics
Total translations: 2 (0 static, 2 dynamic; 0 extended)
Outside interfaces: Serial0
Inside interfaces: Ethernet1
Hits: 135 Misses: 5
Expired translations: 2
Dynamic mappings:
-- Inside Source
access-list 1 pool mypool refcount 2
pool mypool: netmask 255.255.255.0
start 192.168.10.1 end 192.168.10.254
type generic, total addresses 14, allocated 2 (14%), misses 0
Alternatively, administrators can use the show running-config |
include ip nat command to verify if NAT has been enabled on the
router interfaces.
For NAT to be enabled in a router either the ip nat inside and ip nat
outside commands must be present in different interfaces or, in the
case of NAT Virtual Interface, if the ip nat enable interface command
is present.
In order to determine the software that runs on a Cisco IOS product,
log in to the device and issue the show version command to display
the system banner. Cisco IOS software identifies itself as
"Internetwork Operating System Software" or simply "IOS." On the next
line of output, the image name displays between parentheses, followed
by "Version" and the Cisco IOS release name. Other Cisco devices do
not have the show version command or give different output.
The following example shows output from a device that runs an IOS
image:
Router> show version
Cisco IOS Software, C3900 Software (C3900-UNIVERSALK9-M), Version 15.0(1)M1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Wed 02-Dec-09 17:17 by prod_rel_team
<More output removed for brevity>
Products Confirmed Not Vulnerable
+--------------------------------
Cisco IOS devices not explicitly configured for NAT are not
vulnerable.
No other Cisco products are currently known to be affected by these
vulnerabilities.
Details
=======
The three vulnerabilities are triggered by transit traffic that needs
to be processed by the NAT feature. Each vulnerability is independent
of each other.
NAT for SIP DoS Vulnerability
+----------------------------
SIP is a popular signaling protocol that is used to manage voice and
video calls across IP networks such as the Internet. SIP is
responsible for handling all aspects of call setup and termination.
Voice and video are the most popular types of sessions that SIP
handles, but the protocol has the flexibility to accommodate other
applications that require call setup and termination.
NAT for SIP translates packets using UDP (port 5060) or TCP (port
5060) as the underlying transport protocol.
NAT for H.323 DoS Vulnerability
+------------------------------
H.323 is the International Telecommunication Union (ITU) standard for
real-time multimedia communications and conferencing over
packet-based (IP) networks.
NAT for H.323 translates packets on TCP port 1720. There is a DoS
vulnerability in the NAT procession of H.323 packets. The
vulnerability does not require the completion of a TCP three-way
handshake.
NAT for H.225.0 DoS vulnerability
+--------------------------------
H.323 is the ITU standard for real-time multimedia communications and
conferencing over packet-based (IP) networks. A subset of the H.323
standard is H.225.0, a standard used for call signaling protocols and
media stream packetization over IP networks.
NAT for H.225.0 translates packets on TCP port 1720. There is a DoS
vulnerability in the NAT translation of H.225.0 call signaling for
H.323 packets.
Vulnerability Scoring Details
=============================
Cisco has provided scores for the vulnerabilities in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of
the vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding
CVSS at:
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html
Cisco has also provided a CVSS calculator to help compute the
environmental impact for individual networks at:
http://intellishield.cisco.com/security/alertmanager/cvss
CSCtf17624 - NAT SIP DoS Vulnerability
CVSS Base Score - 7.8
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Complete
CVSS Temporal Score - 6.4
Exploitability Functional
Remediation Level Official Fix
Report Confidence Confirmed
CSCtf91428 - NAT for H.323 DoS
CVSS Base Score - 7.8
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Complete
CVSS Temporal Score - 6.4
Exploitability Functional
Remediation Level Official Fix
Report Confidence Confirmed
CSCtd86472 - NAT for H.225.0 DoS
CVSS Base Score - 7.8
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Complete
CVSS Temporal Score - 6.4
Exploitability Functional
Remediation Level Official Fix
Report Confidence Confirmed
Impact
======
Successful exploitation of any of the vulnerabilities described in
this document may cause the affected device to reload. Repeated
exploitation will result in an extended denial of service (DoS)
condition.
Software Versions and Fixes
===========================
When considering software upgrades, also consult
http://www.cisco.com/go/psirt and any subsequent advisories to
determine exposure and a complete upgrade solution.
In all cases, customers should exercise caution to be certain the
devices to be upgraded contain sufficient memory and that current
hardware and software configurations will continue to be supported
properly by the new release. If the information is not clear, contact
the Cisco Technical Assistance Center (TAC) or your contracted
maintenance provider for assistance.
Each row of the following Cisco IOS Software table corresponds to a
Cisco IOS Software train. If a particular train is vulnerable, the
earliest releases that contain the fix are listed in the First Fixed
Release For This Advisory column. The First Fixed Release for All
Advisories in the September 2010 Bundle Publication column lists the
earliest possible releases that correct all the published
vulnerabilities in the Cisco IOS Software Security Advisory bundled
publication. Cisco recommends upgrading to the latest available
release, where possible.
+-------------------------------------------------------------------+
| Major | Availability of Repaired Releases |
| Release | |
|------------+------------------------------------------------------|
| Affected | | First Fixed Release for |
| 12.0-Based | First Fixed Release for | All Advisories in the |
| Releases | This Advisory | September 2010 Bundle |
| | | Publication |
|-------------------------------------------------------------------|
| There are no affected 12.0 based releases |
|-------------------------------------------------------------------|
| Affected | | First Fixed Release for |
| 12.1-Based | First Fixed Release for | All Advisories in the |
| Releases | This Advisory | September 2010 Bundle |
| | | Publication |
|------------+--------------------------+---------------------------|
| | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
| 12.1 | | |
| | Releases up to and | Releases up to and |
| | including 12.1(4b) are | including 12.1(4b) are |
| | not vulnerable. | not vulnerable. |
|------------+--------------------------+---------------------------|
| 12.1AA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1AX | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1AY | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1AZ | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1CX | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1DA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1DB | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1DC | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1E | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1EA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1EB | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1EC | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1EO | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1EU | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1EV | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1EW | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1EX | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1EY | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1EZ | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1GA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1GB | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| | | Vulnerable; first fixed |
| | | in 12.4T |
| 12.1T | Not Vulnerable | |
| | | Releases up to and |
| | | including 12.1(3a)T8 are |
| | | not vulnerable. |
|------------+--------------------------+---------------------------|
| 12.1XA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1XB | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1XC | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1XD | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1XE | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1XF | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1XG | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1XH | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1XI | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.1XJ | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.1XL | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.1XM | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.1XP | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.1XQ | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.1XR | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| | | Vulnerable; first fixed |
| | | in 12.4T |
| 12.1XS | Not Vulnerable | |
| | | Releases up to and |
| | | including 12.1(3)XS are |
| | | not vulnerable. |
|------------+--------------------------+---------------------------|
| | | Vulnerable; first fixed |
| | | in 12.4T |
| 12.1XT | Not Vulnerable | |
| | | Releases up to and |
| | | including 12.1(2)XT2 are |
| | | not vulnerable. |
|------------+--------------------------+---------------------------|
| 12.1XU | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.1XV | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.1XW | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1XX | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| | | Vulnerable; first fixed |
| | | in 12.4T |
| 12.1XY | Not Vulnerable | |
| | | Releases up to and |
| | | including 12.1(4)XY are |
| | | not vulnerable. |
|------------+--------------------------+---------------------------|
| 12.1XZ | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1YA | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.1YB | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.1YC | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.1YD | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| | | Releases prior to 12.1(5) |
| | | YE6 are vulnerable, |
| 12.1YE | Not Vulnerable | release 12.1(5)YE6 and |
| | | later are not vulnerable; |
| | | first fixed in 12.4T |
|------------+--------------------------+---------------------------|
| 12.1YF | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.1YH | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.1YI | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.1YJ | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| Affected | | First Fixed Release for |
| 12.2-Based | First Fixed Release for | All Advisories in the |
| Releases | This Advisory | September 2010 Bundle |
| | | Publication |
|------------+--------------------------+---------------------------|
| | Vulnerable; first fixed | |
| | in 12.4 | |
| 12.2 | | Vulnerable; first fixed |
| | Releases up to and | in 12.4T |
| | including 12.2(16f) are | |
| | not vulnerable. | |
|------------+--------------------------+---------------------------|
| | | Vulnerable; first fixed |
| | | in 12.4T |
| 12.2B | Not Vulnerable | |
| | | Releases up to and |
| | | including 12.2(2)B7 are |
| | | not vulnerable. |
|------------+--------------------------+---------------------------|
| 12.2BC | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2BW | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| | | Vulnerable; first fixed |
| | | in 12.2SB |
| 12.2BX | Not Vulnerable | |
| | | Releases up to and |
| | | including 12.2(15)BX are |
| | | not vulnerable. |
|------------+--------------------------+---------------------------|
| | | Vulnerable; first fixed |
| | | in 12.4T |
| 12.2BY | Not Vulnerable | |
| | | Releases up to and |
| | | including 12.2(2)BY3 are |
| | | not vulnerable. |
|------------+--------------------------+---------------------------|
| 12.2BZ | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2CX | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2CY | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2CZ | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.2DA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2DD | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2DX | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2EW | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2EWA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2EX | Vulnerable; migrate to | Not Vulnerable |
| | any release in 12.2SE | |
|------------+--------------------------+---------------------------|
| 12.2EY | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2EZ | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2FX | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2FY | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2FZ | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2IRA | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2IRB | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2IRC | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2IRD | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2IRE | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2IXA | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2IXB | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2IXC | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2IXD | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2IXE | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2IXF | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2IXG | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2IXH | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.2JA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2JK | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2MB | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| | | Releases up to and |
| | | including 12.2(15)MC1 are |
| 12.2MC | Not Vulnerable | not vulnerable. Releases |
| | | 12.2(15)MC2b and later |
| | | are not vulnerable; first |
| | | fixed in 12.4T |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2MRA | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.2MRB | 12.2(33)MRB2 | 12.2(33)MRB2 |
|------------+--------------------------+---------------------------|
| | Releases prior to 12.2 | Releases prior to 12.2 |
| 12.2S | (30)S are vulnerable, | (30)S are vulnerable, |
| | release 12.2(30)S and | release 12.2(30)S and |
| | later are not vulnerable | later are not vulnerable |
|------------+--------------------------+---------------------------|
| | | 12.2(31)SB19; Releases |
| | | prior to 12.2(33)SB5 are |
| 12.2SB | Not Vulnerable | vulnerable, release 12.2 |
| | | (33)SB5 and later are not |
| | | vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SBC | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.2SB | in 12.2SB |
|------------+--------------------------+---------------------------|
| 12.2SCA | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.2SCB |
|------------+--------------------------+---------------------------|
| | 12.2(33)SCB10 | |
| 12.2SCB | | 12.2(33)SCB9 |
| | 12.2(33)SCB9 | |
|------------+--------------------------+---------------------------|
| 12.2SCC | 12.2(33)SCC5 | 12.2(33)SCC5 |
|------------+--------------------------+---------------------------|
| | 12.2(33)SCD3 | |
| 12.2SCD | | 12.2(33)SCD3 |
| | 12.2(33)SCD4 | |
|------------+--------------------------+---------------------------|
| 12.2SE | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SEA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SEB | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SEC | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SED | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SEE | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SEF | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SEG | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| | Releases prior to 12.2 | Releases prior to 12.2 |
| | (40)SG are vulnerable, | (40)SG are vulnerable, |
| 12.2SG | release 12.2(40)SG and | release 12.2(40)SG and |
| | later are not | later are not vulnerable; |
| | vulnerable; migrate to | migrate to any release in |
| | any release in 12.2SGA | 12.2SGA |
|------------+--------------------------+---------------------------|
| 12.2SGA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SL | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SM | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SO | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SQ | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| | | Releases prior to 12.2 |
| 12.2SRA | Not Vulnerable | (33)SRA6 are vulnerable, |
| | | release 12.2(33)SRA6 and |
| | | later are not vulnerable |
|------------+--------------------------+---------------------------|
| | | Releases prior to 12.2 |
| 12.2SRB | Not Vulnerable | (33)SRB1 are vulnerable, |
| | | release 12.2(33)SRB1 and |
| | | later are not vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SRC | Not Vulnerable | Not vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SRD | Not Vulnerable | Not vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SRE | 12.2(33)SRE1 | 12.2(33)SRE1 |
|------------+--------------------------+---------------------------|
| 12.2STE | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SU | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| | Releases prior to 12.2 | Releases prior to 12.2 |
| | (29b)SV1 are vulnerable, | (29b)SV1 are vulnerable, |
| 12.2SV | release 12.2(29b)SV1 and | release 12.2(29b)SV1 and |
| | later are not | later are not vulnerable; |
| | vulnerable; migrate to | migrate to any release in |
| | any release in 12.2SVD | 12.2SVD |
|------------+--------------------------+---------------------------|
| 12.2SVA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SVC | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SVD | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SVE | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| | Releases up to and | |
| | including 12.2(25)SW3 | Releases up to and |
| | are not vulnerable. | including 12.2(21)SW1 are |
| 12.2SW | | not vulnerable. Releases |
| | Releases 12.2(25)SW12 | 12.2(25)SW12 and later |
| | and later are not | are not vulnerable; first |
| | vulnerable; first fixed | fixed in 12.4T |
| | in 12.4T | |
|------------+--------------------------+---------------------------|
| | Releases up to and | Releases up to and |
| 12.2SX | including 12.2(14)SX2 | including 12.2(14)SX2 are |
| | are not vulnerable. | not vulnerable. |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2SXA | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2SXB | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2SXD | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2SXE | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| | Releases prior to 12.2 | Releases prior to 12.2 |
| | (18)SXF11 are | (18)SXF11 are vulnerable, |
| 12.2SXF | vulnerable, releases | releases 12.2(18)SXF11 |
| | 12.2(18)SXF11 and later | and later are not |
| | are not vulnerable | vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SXH | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SXI | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | |
| | support organization per | |
| 12.2SY | the instructions in | Not Vulnerable |
| | Obtaining Fixed Software | |
| | section of this advisory | |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2SZ | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.2T | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2TPC | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.2XA | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2XB | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2XC | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2XD | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2XE | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2XF | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2XG | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2XH | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2XI | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2XJ | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2XK | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2XL | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2XM | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2XN | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.2SB | in 12.2SB |
|------------+--------------------------+---------------------------|
| 12.2XNA | Please see Cisco IOS-XE | Please see Cisco IOS-XE |
| | Software Availability | Software Availability |
|------------+--------------------------+---------------------------|
| 12.2XNB | Please see Cisco IOS-XE | Please see Cisco IOS-XE |
| | Software Availability | Software Availability |
|------------+--------------------------+---------------------------|
| 12.2XNC | Please see Cisco IOS-XE | Please see Cisco IOS-XE |
| | Software Availability | Software Availability |
|------------+--------------------------+---------------------------|
| 12.2XND | Please see Cisco IOS-XE | Please see Cisco IOS-XE |
| | Software Availability | Software Availability |
|------------+--------------------------+---------------------------|
| 12.2XNE | Please see Cisco IOS-XE | Please see Cisco IOS-XE |
| | Software Availability | Software Availability |
|------------+--------------------------+---------------------------|
| 12.2XNF | Please see Cisco IOS-XE | Please see Cisco IOS-XE |
| | Software Availability | Software Availability |
|------------+--------------------------+---------------------------|
| 12.2XO | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2XQ | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2XR | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2XS | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2XT | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2XU | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2XV | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2XW | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2YA | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YB | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YC | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YD | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YE | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YF | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.2YG | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YH | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YJ | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YK | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YL | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.2YM | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YN | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.2YO | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2YP | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2YQ | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2YR | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2YS | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YT | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YU | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Releases prior to 12.2 |
| 12.2YV | Not Vulnerable | (11)YV1 are vulnerable, |
| | | release 12.2(11)YV1 and |
| | | later are not vulnerable |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YW | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YX | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YY | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YZ | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.2ZA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| | | Releases up to and |
| 12.2ZB | Not Vulnerable | including 12.2(8)ZB are |
| | | not vulnerable. |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2ZC | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2ZD | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.2ZE | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2ZF | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2ZG | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2ZH | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2ZJ | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2ZL | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2ZP | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2ZU | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.2ZX | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2ZY | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2ZYA | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| Affected | | First Fixed Release for |
| 12.3-Based | First Fixed Release for | All Advisories in the |
| Releases | This Advisory | September 2010 Bundle |
| | | Publication |
|------------+--------------------------+---------------------------|
| 12.3 | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3B | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3BC | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.3BW | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.3EU | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.3JA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.3JEA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.3JEB | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.3JEC | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.3JED | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| | Releases up to and | |
| | including 12.3(2)JK3 are | Releases up to and |
| | not vulnerable. | including 12.3(2)JK3 are |
| 12.3JK | | not vulnerable. Releases |
| | Releases 12.3(8)JK1 and | 12.3(8)JK1 and later are |
| | later are not | not vulnerable; first |
| | vulnerable; first fixed | fixed in 12.4T |
| | in 12.4T | |
|------------+--------------------------+---------------------------|
| 12.3JL | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.3JX | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.3T | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.3TPC | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.3VA | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3XA | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.3XB | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.3XC | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3XD | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3XE | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.3XF | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.3XG | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| | Releases prior to 12.3 | Releases prior to 12.3(7) |
| | (7)XI11 are vulnerable, | XI11 are vulnerable, |
| 12.3XI | release 12.3(7)XI11 and | releases 12.3(7)XI11 and |
| | later are not | later are not vulnerable; |
| | vulnerable; first fixed | first fixed in 12.2SB |
| | in 12.2SB | |
|------------+--------------------------+---------------------------|
| 12.3XJ | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.3YX | in 12.4XR |
|------------+--------------------------+---------------------------|
| 12.3XK | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3XL | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3XQ | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3XR | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3XS | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3XU | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3XW | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3XX | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3XY | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3XZ | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3YA | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3YD | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3YF | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.3YX | in 12.4XR |
|------------+--------------------------+---------------------------|
| 12.3YG | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3YH | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3YI | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3YJ | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3YK | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3YM | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3YQ | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3YS | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3YT | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3YU | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3YX | 12.3(14)YX17 | Vulnerable; first fixed |
| | | in 12.4XR |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.3YZ | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.3ZA | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| Affected | | First Fixed Release for |
| 12.4-Based | First Fixed Release for | All Advisories in the |
| Releases | This Advisory | September 2010 Bundle |
| | | Publication |
|------------+--------------------------+---------------------------|
| 12.4 | 12.4(25d) | 12.4(25d) |
|------------+--------------------------+---------------------------|
| 12.4GC | 12.4(24)GC2 | 12.4(24)GC2 |
|------------+--------------------------+---------------------------|
| 12.4JA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.4JDA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.4JDC | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.4JDD | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.4JHA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.4JHB | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.4JK | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.4JL | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.4JMA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.4JMB | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.4JX | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.4JY | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.4MD | 12.4(22)MD2 | 12.4(24)MD2 |
|------------+--------------------------+---------------------------|
| 12.4MDA | 12.4(22)MDA4 | 12.4(22)MDA4 |
|------------+--------------------------+---------------------------|
| 12.4MR | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4MRA | in 12.4MRA |
|------------+--------------------------+---------------------------|
| 12.4MRA | 12.4(20)MRA1 | 12.4(20)MRA1 |
|------------+--------------------------+---------------------------|
| | Releases prior to 12.4 | |
| | (15)SW6 are vulnerable, | |
| 12.4SW | release 12.4(15)SW6 and | Vulnerable; first fixed |
| | later are not | in 12.4T |
| | vulnerable; first fixed | |
| | in 12.4T | |
|------------+--------------------------+---------------------------|
| | 12.4(15)T14 | 12.4(15)T14 |
| | | |
| 12.4T | 12.4(20)T6 | 12.4(20)T6 |
| | | |
| | 12.4(24)T4 | 12.4(24)T4 |
|------------+--------------------------+---------------------------|
| 12.4XA | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.4XB | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.4XC | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.4XD | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| | Releases prior to 12.4 | Releases prior to 12.4(6) |
| | (6)XE5 are vulnerable, | XE5 are vulnerable, |
| 12.4XE | release 12.4(6)XE5 and | release 12.4(6)XE5 and |
| | later are not | later are not vulnerable; |
| | vulnerable; first fixed | first fixed in 12.4T |
| | in 12.4T | |
|------------+--------------------------+---------------------------|
| 12.4XF | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.4XG | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.4XJ | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.4XK | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.4XL | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.4XM | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.4XN | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.4XP | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.4XQ | 12.4(15)XQ6; Available | 12.4(15)XQ6; Available on |
| | on 22-SEP-10 | 22-SEP-10 |
|------------+--------------------------+---------------------------|
| | 12.4(15)XR9 | 12.4(15)XR9 |
| 12.4XR | | |
| | 12.4(22)XR7 | 12.4(22)XR7 |
|------------+--------------------------+---------------------------|
| 12.4XT | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.4XV | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.4XW | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.4XY | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.4XZ | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.4YA | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.4YB | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.4YD | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.4YE | Vulnerable; first fixed | 12.4(24)YE1 |
| | in 12.4T | |
|------------+--------------------------+---------------------------|
| 12.4YG | 12.4(24)YG3 | 12.4(24)YG3 |
|------------+--------------------------+---------------------------|
| Affected | | First Fixed Release for |
| 15.0-Based | First Fixed Release for | All Advisories in the |
| Releases | This Advisory | September 2010 Bundle |
| | | Publication |
|------------+--------------------------+---------------------------|
| 15.0M | 15.0(1)M3 | 15.0(1)M3 |
|------------+--------------------------+---------------------------|
| | Cisco 7600 and 10000 | Cisco 7600 and 10000 |
| | Series routers: 15.0(1) | Series routers: 15.0(1)S1 |
| | S1 | |
| 15.0S | | Cisco ASR 1000 Series |
| | Cisco ASR 1000 Series | routers: Please see Cisco |
| | routers: Please see | IOS-XE Software |
| | Cisco IOS-XE Software | Availability |
| | Availability | |
|------------+--------------------------+---------------------------|
| 15.0XA | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 15.1T | in 15.1T |
|------------+--------------------------+---------------------------|
| 15.0XO | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| Affected | | First Fixed Release for |
| 15.1-Based | First Fixed Release for | All Advisories in the |
| Releases | This Advisory | September 2010 Bundle |
| | | Publication |
|------------+--------------------------+---------------------------|
| 15.1T | 15.1(1)T1 | 15.1(2)T1 |
|------------+--------------------------+---------------------------|
| 15.1XB | 15.1(1)XB2 | Vulnerable; first fixed |
| | | in 15.1T |
+-------------------------------------------------------------------+
Cisco IOS XE Software
+--------------------
+-------------------------------------------------------------------+
| Cisco IOS | First Fixed | First Fixed Release for All |
| XE | Release for This | Advisories in the September 2010 |
| Release | Advisory | Bundle Publication |
|-----------+------------------+------------------------------------|
| 2.1.x | Not Vulnerable | Not Vulnerable |
|-----------+------------------+------------------------------------|
| 2.2.x | Not Vulnerable | Not Vulnerable |
|-----------+------------------+------------------------------------|
| 2.3.x | Not Vulnerable | Not Vulnerable |
|-----------+------------------+------------------------------------|
| 2.4.x | Not Vulnerable | Not Vulnerable |
|-----------+------------------+------------------------------------|
| 2.5.x | Not Vulnerable | Vulnerable; migrate to 2.6.2 or |
| | | later |
|-----------+------------------+------------------------------------|
| 2.6.x | Not Vulnerable | 2.6.2 |
|-----------+------------------+------------------------------------|
| 3.1.xS | Not Vulnerable | Not Vulnerable |
+-------------------------------------------------------------------+
For mapping of Cisco IOS XE Software releases to Cisco IOS Software
releases, refer to the Cisco IOS XE 2 and Cisco IOS XE 3S Release
Notes.
Cisco IOS XR Software Table
+--------------------------
Cisco IOS XR Software is not affected by the vulnerabilities
disclosed in the September 22, 2010, Cisco IOS Software Security
Advisory bundle publication.
Workarounds
===========
The mitigations for the NAT vulnerabilities disable the respective
Application Layer Gateway NAT processing. That is, packets will
continue to be translated at the network and transport layers, but
the embedded IP addresses will not be translated.
Obtaining Fixed Software
========================
Cisco has released free software updates that address these
vulnerabilities. Prior to deploying software, customers should
consult their maintenance provider or check the software for feature
set compatibility and known issues specific to their environment.
Customers may only install and expect support for the feature sets
they have purchased. By installing, downloading, accessing or
otherwise using such software upgrades, customers agree to be bound
by the terms of Cisco's software license terms found at
http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html
or as otherwise set forth at Cisco.com Downloads at
http://www.cisco.com/public/sw-center/sw-usingswc.shtml
Do not contact psirt@cisco.com or security-alert@cisco.com for
software upgrades.
Customers with Service Contracts
+-------------------------------
Customers with contracts should obtain upgraded software through
their regular update channels. For most customers, this means that
upgrades should be obtained through the Software Center on Cisco's
worldwide website at http://www.cisco.com
Customers using Third Party Support Organizations
+------------------------------------------------
Customers whose Cisco products are provided or maintained through
prior or existing agreements with third-party support organizations,
such as Cisco Partners, authorized resellers, or service providers
should contact that support organization for guidance and assistance
with the appropriate course of action in regards to this advisory.
The effectiveness of any workaround or fix is dependent on specific
customer situations, such as product mix, network topology, traffic
behavior, and organizational mission. Due to the variety of affected
products and releases, customers should consult with their service
provider or support organization to ensure any applied workaround or
fix is the most appropriate for use in the intended network before it
is deployed.
Customers without Service Contracts
+----------------------------------
Customers who purchase direct from Cisco but do not hold a Cisco
service contract, and customers who purchase through third-party
vendors but are unsuccessful in obtaining fixed software through
their point of sale should acquire upgrades by contacting the Cisco
Technical Assistance Center (TAC). TAC contacts are as follows.
* +1 800 553 2447 (toll free from within North America)
* +1 408 526 7209 (toll call from anywhere in the world)
* e-mail: tac@cisco.com
Customers should have their product serial number available and be
prepared to give the URL of this notice as evidence of entitlement to
a free upgrade. Free upgrades for non-contract customers must be
requested through the TAC.
Refer to
http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html
for additional TAC contact information, including localized telephone
numbers, and instructions and e-mail addresses for use in various
languages.
Exploitation and Public Announcements
=====================================
The Cisco PSIRT is not aware of any public announcements or malicious
use of the vulnerabilities described in this advisory.
Status of this Notice: FINAL
============================
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY
KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS
AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS
DOCUMENT AT ANY TIME.
A stand-alone copy or Paraphrase of the text of this document that
omits the distribution URL in the following section is an
uncontrolled copy, and may lack important information or contain
factual errors.
Distribution
============
This advisory is posted on Cisco's worldwide website at:
http://www.cisco.com/warp/public/707/cisco-sa-20100922-nat.shtml
In addition to worldwide web posting, a text version of this notice
is clear-signed with the Cisco PSIRT PGP key and is posted to the
following e-mail and Usenet news recipients.
* cust-security-announce@cisco.com
* first-bulletins@lists.first.org
* bugtraq@securityfocus.com
* vulnwatch@vulnwatch.org
* cisco@spot.colorado.edu
* cisco-nsp@puck.nether.net
* full-disclosure@lists.grok.org.uk
* comp.dcom.sys.cisco@newsgate.cisco.com
Future updates of this advisory, if any, will be placed on Cisco's
worldwide website, but may or may not be actively announced on
mailing lists or newsgroups. Users concerned about this problem are
encouraged to check the above URL for any updates.
Revision History
================
+---------------------------------------+
| Revision | | Initial |
| 1.0 | 2010-Sep-22 | public |
| | | release. |
+---------------------------------------+
Cisco Security Procedures
=========================
Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and
registering to receive security information from Cisco, is available
on Cisco's worldwide website at
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
This includes instructions for press inquiries regarding Cisco
security notices. All Cisco security advisories are available at
http://www.cisco.com/go/psirt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (Darwin)
iEYEARECAAYFAkyZ/SkACgkQ86n/Gc8U/uAspwCcD7e0kd3Am/wQynOLnZ1j8RiE
SE8AnA447FqSKGuXC9tKS4PFdZpsRb8f
=fe0l
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
VAR-201009-0068 | CVE-2010-2832 |
Cisco IOS of H.323 Implementation NAT Service disruption in (DoS) Vulnerabilities
Related entries in the VARIoT exploits database: VAR-E-201009-0741 |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in the NAT for H.323 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1 allows remote attackers to cause a denial of service (device reload) via transit traffic, aka Bug ID CSCtf91428. The problem is Bug ID : CSCtf91428 It is a problem.Service disruption via traffic by a third party (DoS) There is a possibility of being put into a state.
An attacker can exploit this issue to cause the affected device to reload, denying service to legitimate users.
This issue is being tracked by Cisco Bug ID CSCtf91428. Cisco IOS is an operating system developed by Cisco in the United States for its network equipment. ----------------------------------------------------------------------
Windows Applications Insecure Library Loading
The Official, Verified Secunia List:
http://secunia.com/advisories/windows_insecure_library_loading/
The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected.
----------------------------------------------------------------------
TITLE:
Cisco IOS NAT Implementation Three Denial of Service Vulnerabilities
SECUNIA ADVISORY ID:
SA41539
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/41539/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=41539
RELEASE DATE:
2010-09-24
DISCUSS ADVISORY:
http://secunia.com/advisories/41539/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/41539/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=41539
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Three vulnerabilities have been reported in Cisco IOS, which can be
exploited by malicious people to cause a DoS (Denial of Service).
SOLUTION:
Update to a fixed version.
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
cisco-sa-20100922-nat:
http://www.cisco.com/warp/public/707/cisco-sa-20100922-nat.shtml
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Cisco IOS Software Network Address
Translation Vulnerabilities
Advisory ID: cisco-sa-20100922-nat
http://www.cisco.com/warp/public/707/cisco-sa-20100922-nat.shtml
Revision 1.0
For Public Release 2010 September 22 1600 UTC (GMT)
- ---------------------------------------------------------------------
Summary
=======
The Cisco IOS Software Network Address Translation functionality
contains three denial of service (DoS) vulnerabilities. The first
vulnerability is in the translation of Session Initiation Protocol
(SIP) packets, the second vulnerability in the translation of H.323
packets and the third vulnerability is in the translation of H.225.0
call signaling for H.323 packets.
Cisco has released free software updates that address these
vulnerabilities.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20100922-nat.shtml
Note: The September 22, 2010, Cisco IOS Software Security Advisory
bundled publication includes six Cisco Security Advisories. Five of
the advisories address vulnerabilities in Cisco IOS Software, and one
advisory addresses vulnerabilities in Cisco Unified Communications
Manager. Each advisory lists the releases that correct the
vulnerability or vulnerabilities detailed in the advisory. The table
at the following URL lists releases that correct all Cisco IOS
Software vulnerabilities that have been published on September 22,
2010, or earlier:
http://www.cisco.com/warp/public/707/cisco-sa-20100922-bundle.shtml
Individual publication links are in "Cisco Event Response: Semiannual
Cisco IOS Software Security Advisory Bundled Publication" at the
following link:
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep10.html
Affected Products
=================
Vulnerable Products
+------------------
Cisco devices running Cisco IOS Software that are configured for NAT
and that support NAT for SIP, H.323, or H.225.0 call signaling for
H.323 packets are affected.
To verify whether NAT is enabled on a Cisco IOS device log in to the
device and issue the show ip nat statistics command. The following
example shows a device that is configured with NAT:
Router#show ip nat statistics
Total translations: 2 (0 static, 2 dynamic; 0 extended)
Outside interfaces: Serial0
Inside interfaces: Ethernet1
Hits: 135 Misses: 5
Expired translations: 2
Dynamic mappings:
-- Inside Source
access-list 1 pool mypool refcount 2
pool mypool: netmask 255.255.255.0
start 192.168.10.1 end 192.168.10.254
type generic, total addresses 14, allocated 2 (14%), misses 0
Alternatively, administrators can use the show running-config |
include ip nat command to verify if NAT has been enabled on the
router interfaces.
For NAT to be enabled in a router either the ip nat inside and ip nat
outside commands must be present in different interfaces or, in the
case of NAT Virtual Interface, if the ip nat enable interface command
is present.
In order to determine the software that runs on a Cisco IOS product,
log in to the device and issue the show version command to display
the system banner. Cisco IOS software identifies itself as
"Internetwork Operating System Software" or simply "IOS." On the next
line of output, the image name displays between parentheses, followed
by "Version" and the Cisco IOS release name. Other Cisco devices do
not have the show version command or give different output.
The following example shows output from a device that runs an IOS
image:
Router> show version
Cisco IOS Software, C3900 Software (C3900-UNIVERSALK9-M), Version 15.0(1)M1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Wed 02-Dec-09 17:17 by prod_rel_team
<More output removed for brevity>
Products Confirmed Not Vulnerable
+--------------------------------
Cisco IOS devices not explicitly configured for NAT are not
vulnerable.
No other Cisco products are currently known to be affected by these
vulnerabilities.
Details
=======
The three vulnerabilities are triggered by transit traffic that needs
to be processed by the NAT feature. Each vulnerability is independent
of each other.
NAT for SIP DoS Vulnerability
+----------------------------
SIP is a popular signaling protocol that is used to manage voice and
video calls across IP networks such as the Internet. SIP is
responsible for handling all aspects of call setup and termination.
Voice and video are the most popular types of sessions that SIP
handles, but the protocol has the flexibility to accommodate other
applications that require call setup and termination.
NAT for SIP translates packets using UDP (port 5060) or TCP (port
5060) as the underlying transport protocol. The NAT for SIP DoS
vulnerability can be exploited only with the use of UDP port 5060
packets.
NAT for H.323 DoS Vulnerability
+------------------------------
H.323 is the International Telecommunication Union (ITU) standard for
real-time multimedia communications and conferencing over
packet-based (IP) networks.
NAT for H.323 translates packets on TCP port 1720. There is a DoS
vulnerability in the NAT procession of H.323 packets. The
vulnerability does not require the completion of a TCP three-way
handshake.
NAT for H.225.0 DoS vulnerability
+--------------------------------
H.323 is the ITU standard for real-time multimedia communications and
conferencing over packet-based (IP) networks. A subset of the H.323
standard is H.225.0, a standard used for call signaling protocols and
media stream packetization over IP networks.
NAT for H.225.0 translates packets on TCP port 1720.
Vulnerability Scoring Details
=============================
Cisco has provided scores for the vulnerabilities in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of
the vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding
CVSS at:
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html
Cisco has also provided a CVSS calculator to help compute the
environmental impact for individual networks at:
http://intellishield.cisco.com/security/alertmanager/cvss
CSCtf17624 - NAT SIP DoS Vulnerability
CVSS Base Score - 7.8
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Complete
CVSS Temporal Score - 6.4
Exploitability Functional
Remediation Level Official Fix
Report Confidence Confirmed
CSCtf91428 - NAT for H.323 DoS
CVSS Base Score - 7.8
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Complete
CVSS Temporal Score - 6.4
Exploitability Functional
Remediation Level Official Fix
Report Confidence Confirmed
CSCtd86472 - NAT for H.225.0 DoS
CVSS Base Score - 7.8
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Complete
CVSS Temporal Score - 6.4
Exploitability Functional
Remediation Level Official Fix
Report Confidence Confirmed
Impact
======
Successful exploitation of any of the vulnerabilities described in
this document may cause the affected device to reload. Repeated
exploitation will result in an extended denial of service (DoS)
condition.
Software Versions and Fixes
===========================
When considering software upgrades, also consult
http://www.cisco.com/go/psirt and any subsequent advisories to
determine exposure and a complete upgrade solution.
In all cases, customers should exercise caution to be certain the
devices to be upgraded contain sufficient memory and that current
hardware and software configurations will continue to be supported
properly by the new release. If the information is not clear, contact
the Cisco Technical Assistance Center (TAC) or your contracted
maintenance provider for assistance.
Each row of the following Cisco IOS Software table corresponds to a
Cisco IOS Software train. If a particular train is vulnerable, the
earliest releases that contain the fix are listed in the First Fixed
Release For This Advisory column. The First Fixed Release for All
Advisories in the September 2010 Bundle Publication column lists the
earliest possible releases that correct all the published
vulnerabilities in the Cisco IOS Software Security Advisory bundled
publication. Cisco recommends upgrading to the latest available
release, where possible.
+-------------------------------------------------------------------+
| Major | Availability of Repaired Releases |
| Release | |
|------------+------------------------------------------------------|
| Affected | | First Fixed Release for |
| 12.0-Based | First Fixed Release for | All Advisories in the |
| Releases | This Advisory | September 2010 Bundle |
| | | Publication |
|-------------------------------------------------------------------|
| There are no affected 12.0 based releases |
|-------------------------------------------------------------------|
| Affected | | First Fixed Release for |
| 12.1-Based | First Fixed Release for | All Advisories in the |
| Releases | This Advisory | September 2010 Bundle |
| | | Publication |
|------------+--------------------------+---------------------------|
| | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
| 12.1 | | |
| | Releases up to and | Releases up to and |
| | including 12.1(4b) are | including 12.1(4b) are |
| | not vulnerable. | not vulnerable. |
|------------+--------------------------+---------------------------|
| 12.1AA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1AX | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1AY | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1AZ | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1CX | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1DA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1DB | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1DC | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1E | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1EA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1EB | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1EC | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1EO | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1EU | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1EV | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1EW | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1EX | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1EY | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1EZ | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1GA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1GB | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| | | Vulnerable; first fixed |
| | | in 12.4T |
| 12.1T | Not Vulnerable | |
| | | Releases up to and |
| | | including 12.1(3a)T8 are |
| | | not vulnerable. |
|------------+--------------------------+---------------------------|
| 12.1XA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1XB | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1XC | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1XD | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1XE | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1XF | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1XG | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1XH | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1XI | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.1XJ | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.1XL | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.1XM | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.1XP | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.1XQ | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.1XR | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| | | Vulnerable; first fixed |
| | | in 12.4T |
| 12.1XS | Not Vulnerable | |
| | | Releases up to and |
| | | including 12.1(3)XS are |
| | | not vulnerable. |
|------------+--------------------------+---------------------------|
| | | Vulnerable; first fixed |
| | | in 12.4T |
| 12.1XT | Not Vulnerable | |
| | | Releases up to and |
| | | including 12.1(2)XT2 are |
| | | not vulnerable. |
|------------+--------------------------+---------------------------|
| 12.1XU | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.1XV | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.1XW | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1XX | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| | | Vulnerable; first fixed |
| | | in 12.4T |
| 12.1XY | Not Vulnerable | |
| | | Releases up to and |
| | | including 12.1(4)XY are |
| | | not vulnerable. |
|------------+--------------------------+---------------------------|
| 12.1XZ | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1YA | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.1YB | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.1YC | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.1YD | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| | | Releases prior to 12.1(5) |
| | | YE6 are vulnerable, |
| 12.1YE | Not Vulnerable | release 12.1(5)YE6 and |
| | | later are not vulnerable; |
| | | first fixed in 12.4T |
|------------+--------------------------+---------------------------|
| 12.1YF | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.1YH | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.1YI | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.1YJ | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| Affected | | First Fixed Release for |
| 12.2-Based | First Fixed Release for | All Advisories in the |
| Releases | This Advisory | September 2010 Bundle |
| | | Publication |
|------------+--------------------------+---------------------------|
| | Vulnerable; first fixed | |
| | in 12.4 | |
| 12.2 | | Vulnerable; first fixed |
| | Releases up to and | in 12.4T |
| | including 12.2(16f) are | |
| | not vulnerable. | |
|------------+--------------------------+---------------------------|
| | | Vulnerable; first fixed |
| | | in 12.4T |
| 12.2B | Not Vulnerable | |
| | | Releases up to and |
| | | including 12.2(2)B7 are |
| | | not vulnerable. |
|------------+--------------------------+---------------------------|
| 12.2BC | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2BW | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| | | Vulnerable; first fixed |
| | | in 12.2SB |
| 12.2BX | Not Vulnerable | |
| | | Releases up to and |
| | | including 12.2(15)BX are |
| | | not vulnerable. |
|------------+--------------------------+---------------------------|
| | | Vulnerable; first fixed |
| | | in 12.4T |
| 12.2BY | Not Vulnerable | |
| | | Releases up to and |
| | | including 12.2(2)BY3 are |
| | | not vulnerable. |
|------------+--------------------------+---------------------------|
| 12.2BZ | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2CX | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2CY | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2CZ | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.2DA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2DD | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2DX | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2EW | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2EWA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2EX | Vulnerable; migrate to | Not Vulnerable |
| | any release in 12.2SE | |
|------------+--------------------------+---------------------------|
| 12.2EY | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2EZ | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2FX | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2FY | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2FZ | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2IRA | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2IRB | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2IRC | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2IRD | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2IRE | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2IXA | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2IXB | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2IXC | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2IXD | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2IXE | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2IXF | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2IXG | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2IXH | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.2JA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2JK | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2MB | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| | | Releases up to and |
| | | including 12.2(15)MC1 are |
| 12.2MC | Not Vulnerable | not vulnerable. Releases |
| | | 12.2(15)MC2b and later |
| | | are not vulnerable; first |
| | | fixed in 12.4T |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2MRA | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.2MRB | 12.2(33)MRB2 | 12.2(33)MRB2 |
|------------+--------------------------+---------------------------|
| | Releases prior to 12.2 | Releases prior to 12.2 |
| 12.2S | (30)S are vulnerable, | (30)S are vulnerable, |
| | release 12.2(30)S and | release 12.2(30)S and |
| | later are not vulnerable | later are not vulnerable |
|------------+--------------------------+---------------------------|
| | | 12.2(31)SB19; Releases |
| | | prior to 12.2(33)SB5 are |
| 12.2SB | Not Vulnerable | vulnerable, release 12.2 |
| | | (33)SB5 and later are not |
| | | vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SBC | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.2SB | in 12.2SB |
|------------+--------------------------+---------------------------|
| 12.2SCA | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.2SCB |
|------------+--------------------------+---------------------------|
| | 12.2(33)SCB10 | |
| 12.2SCB | | 12.2(33)SCB9 |
| | 12.2(33)SCB9 | |
|------------+--------------------------+---------------------------|
| 12.2SCC | 12.2(33)SCC5 | 12.2(33)SCC5 |
|------------+--------------------------+---------------------------|
| | 12.2(33)SCD3 | |
| 12.2SCD | | 12.2(33)SCD3 |
| | 12.2(33)SCD4 | |
|------------+--------------------------+---------------------------|
| 12.2SE | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SEA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SEB | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SEC | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SED | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SEE | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SEF | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SEG | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| | Releases prior to 12.2 | Releases prior to 12.2 |
| | (40)SG are vulnerable, | (40)SG are vulnerable, |
| 12.2SG | release 12.2(40)SG and | release 12.2(40)SG and |
| | later are not | later are not vulnerable; |
| | vulnerable; migrate to | migrate to any release in |
| | any release in 12.2SGA | 12.2SGA |
|------------+--------------------------+---------------------------|
| 12.2SGA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SL | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SM | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SO | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SQ | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| | | Releases prior to 12.2 |
| 12.2SRA | Not Vulnerable | (33)SRA6 are vulnerable, |
| | | release 12.2(33)SRA6 and |
| | | later are not vulnerable |
|------------+--------------------------+---------------------------|
| | | Releases prior to 12.2 |
| 12.2SRB | Not Vulnerable | (33)SRB1 are vulnerable, |
| | | release 12.2(33)SRB1 and |
| | | later are not vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SRC | Not Vulnerable | Not vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SRD | Not Vulnerable | Not vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SRE | 12.2(33)SRE1 | 12.2(33)SRE1 |
|------------+--------------------------+---------------------------|
| 12.2STE | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SU | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| | Releases prior to 12.2 | Releases prior to 12.2 |
| | (29b)SV1 are vulnerable, | (29b)SV1 are vulnerable, |
| 12.2SV | release 12.2(29b)SV1 and | release 12.2(29b)SV1 and |
| | later are not | later are not vulnerable; |
| | vulnerable; migrate to | migrate to any release in |
| | any release in 12.2SVD | 12.2SVD |
|------------+--------------------------+---------------------------|
| 12.2SVA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SVC | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SVD | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SVE | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| | Releases up to and | |
| | including 12.2(25)SW3 | Releases up to and |
| | are not vulnerable. | including 12.2(21)SW1 are |
| 12.2SW | | not vulnerable. Releases |
| | Releases 12.2(25)SW12 | 12.2(25)SW12 and later |
| | and later are not | are not vulnerable; first |
| | vulnerable; first fixed | fixed in 12.4T |
| | in 12.4T | |
|------------+--------------------------+---------------------------|
| | Releases up to and | Releases up to and |
| 12.2SX | including 12.2(14)SX2 | including 12.2(14)SX2 are |
| | are not vulnerable. | not vulnerable. |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2SXA | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2SXB | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2SXD | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2SXE | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| | Releases prior to 12.2 | Releases prior to 12.2 |
| | (18)SXF11 are | (18)SXF11 are vulnerable, |
| 12.2SXF | vulnerable, releases | releases 12.2(18)SXF11 |
| | 12.2(18)SXF11 and later | and later are not |
| | are not vulnerable | vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SXH | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SXI | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | |
| | support organization per | |
| 12.2SY | the instructions in | Not Vulnerable |
| | Obtaining Fixed Software | |
| | section of this advisory | |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2SZ | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.2T | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2TPC | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.2XA | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2XB | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2XC | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2XD | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2XE | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2XF | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2XG | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2XH | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2XI | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2XJ | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2XK | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2XL | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2XM | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2XN | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.2SB | in 12.2SB |
|------------+--------------------------+---------------------------|
| 12.2XNA | Please see Cisco IOS-XE | Please see Cisco IOS-XE |
| | Software Availability | Software Availability |
|------------+--------------------------+---------------------------|
| 12.2XNB | Please see Cisco IOS-XE | Please see Cisco IOS-XE |
| | Software Availability | Software Availability |
|------------+--------------------------+---------------------------|
| 12.2XNC | Please see Cisco IOS-XE | Please see Cisco IOS-XE |
| | Software Availability | Software Availability |
|------------+--------------------------+---------------------------|
| 12.2XND | Please see Cisco IOS-XE | Please see Cisco IOS-XE |
| | Software Availability | Software Availability |
|------------+--------------------------+---------------------------|
| 12.2XNE | Please see Cisco IOS-XE | Please see Cisco IOS-XE |
| | Software Availability | Software Availability |
|------------+--------------------------+---------------------------|
| 12.2XNF | Please see Cisco IOS-XE | Please see Cisco IOS-XE |
| | Software Availability | Software Availability |
|------------+--------------------------+---------------------------|
| 12.2XO | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2XQ | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2XR | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2XS | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2XT | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2XU | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2XV | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2XW | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2YA | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YB | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YC | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YD | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YE | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YF | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.2YG | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YH | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YJ | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YK | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YL | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.2YM | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YN | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.2YO | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2YP | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2YQ | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2YR | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2YS | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YT | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YU | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Releases prior to 12.2 |
| 12.2YV | Not Vulnerable | (11)YV1 are vulnerable, |
| | | release 12.2(11)YV1 and |
| | | later are not vulnerable |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YW | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YX | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YY | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YZ | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.2ZA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| | | Releases up to and |
| 12.2ZB | Not Vulnerable | including 12.2(8)ZB are |
| | | not vulnerable. |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2ZC | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2ZD | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.2ZE | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2ZF | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2ZG | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2ZH | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2ZJ | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2ZL | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2ZP | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2ZU | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.2ZX | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2ZY | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2ZYA | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| Affected | | First Fixed Release for |
| 12.3-Based | First Fixed Release for | All Advisories in the |
| Releases | This Advisory | September 2010 Bundle |
| | | Publication |
|------------+--------------------------+---------------------------|
| 12.3 | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3B | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3BC | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.3BW | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.3EU | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.3JA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.3JEA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.3JEB | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.3JEC | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.3JED | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| | Releases up to and | |
| | including 12.3(2)JK3 are | Releases up to and |
| | not vulnerable. | including 12.3(2)JK3 are |
| 12.3JK | | not vulnerable. Releases |
| | Releases 12.3(8)JK1 and | 12.3(8)JK1 and later are |
| | later are not | not vulnerable; first |
| | vulnerable; first fixed | fixed in 12.4T |
| | in 12.4T | |
|------------+--------------------------+---------------------------|
| 12.3JL | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.3JX | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.3T | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.3TPC | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.3VA | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3XA | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.3XB | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.3XC | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3XD | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3XE | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.3XF | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.3XG | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| | Releases prior to 12.3 | Releases prior to 12.3(7) |
| | (7)XI11 are vulnerable, | XI11 are vulnerable, |
| 12.3XI | release 12.3(7)XI11 and | releases 12.3(7)XI11 and |
| | later are not | later are not vulnerable; |
| | vulnerable; first fixed | first fixed in 12.2SB |
| | in 12.2SB | |
|------------+--------------------------+---------------------------|
| 12.3XJ | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.3YX | in 12.4XR |
|------------+--------------------------+---------------------------|
| 12.3XK | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3XL | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3XQ | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3XR | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3XS | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3XU | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3XW | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3XX | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3XY | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3XZ | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3YA | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3YD | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3YF | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.3YX | in 12.4XR |
|------------+--------------------------+---------------------------|
| 12.3YG | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3YH | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3YI | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3YJ | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3YK | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3YM | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3YQ | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3YS | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3YT | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3YU | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3YX | 12.3(14)YX17 | Vulnerable; first fixed |
| | | in 12.4XR |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.3YZ | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.3ZA | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| Affected | | First Fixed Release for |
| 12.4-Based | First Fixed Release for | All Advisories in the |
| Releases | This Advisory | September 2010 Bundle |
| | | Publication |
|------------+--------------------------+---------------------------|
| 12.4 | 12.4(25d) | 12.4(25d) |
|------------+--------------------------+---------------------------|
| 12.4GC | 12.4(24)GC2 | 12.4(24)GC2 |
|------------+--------------------------+---------------------------|
| 12.4JA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.4JDA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.4JDC | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.4JDD | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.4JHA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.4JHB | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.4JK | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.4JL | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.4JMA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.4JMB | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.4JX | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.4JY | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.4MD | 12.4(22)MD2 | 12.4(24)MD2 |
|------------+--------------------------+---------------------------|
| 12.4MDA | 12.4(22)MDA4 | 12.4(22)MDA4 |
|------------+--------------------------+---------------------------|
| 12.4MR | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4MRA | in 12.4MRA |
|------------+--------------------------+---------------------------|
| 12.4MRA | 12.4(20)MRA1 | 12.4(20)MRA1 |
|------------+--------------------------+---------------------------|
| | Releases prior to 12.4 | |
| | (15)SW6 are vulnerable, | |
| 12.4SW | release 12.4(15)SW6 and | Vulnerable; first fixed |
| | later are not | in 12.4T |
| | vulnerable; first fixed | |
| | in 12.4T | |
|------------+--------------------------+---------------------------|
| | 12.4(15)T14 | 12.4(15)T14 |
| | | |
| 12.4T | 12.4(20)T6 | 12.4(20)T6 |
| | | |
| | 12.4(24)T4 | 12.4(24)T4 |
|------------+--------------------------+---------------------------|
| 12.4XA | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.4XB | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.4XC | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.4XD | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| | Releases prior to 12.4 | Releases prior to 12.4(6) |
| | (6)XE5 are vulnerable, | XE5 are vulnerable, |
| 12.4XE | release 12.4(6)XE5 and | release 12.4(6)XE5 and |
| | later are not | later are not vulnerable; |
| | vulnerable; first fixed | first fixed in 12.4T |
| | in 12.4T | |
|------------+--------------------------+---------------------------|
| 12.4XF | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.4XG | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.4XJ | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.4XK | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.4XL | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.4XM | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.4XN | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.4XP | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.4XQ | 12.4(15)XQ6; Available | 12.4(15)XQ6; Available on |
| | on 22-SEP-10 | 22-SEP-10 |
|------------+--------------------------+---------------------------|
| | 12.4(15)XR9 | 12.4(15)XR9 |
| 12.4XR | | |
| | 12.4(22)XR7 | 12.4(22)XR7 |
|------------+--------------------------+---------------------------|
| 12.4XT | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.4XV | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.4XW | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.4XY | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.4XZ | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.4YA | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.4YB | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.4YD | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.4YE | Vulnerable; first fixed | 12.4(24)YE1 |
| | in 12.4T | |
|------------+--------------------------+---------------------------|
| 12.4YG | 12.4(24)YG3 | 12.4(24)YG3 |
|------------+--------------------------+---------------------------|
| Affected | | First Fixed Release for |
| 15.0-Based | First Fixed Release for | All Advisories in the |
| Releases | This Advisory | September 2010 Bundle |
| | | Publication |
|------------+--------------------------+---------------------------|
| 15.0M | 15.0(1)M3 | 15.0(1)M3 |
|------------+--------------------------+---------------------------|
| | Cisco 7600 and 10000 | Cisco 7600 and 10000 |
| | Series routers: 15.0(1) | Series routers: 15.0(1)S1 |
| | S1 | |
| 15.0S | | Cisco ASR 1000 Series |
| | Cisco ASR 1000 Series | routers: Please see Cisco |
| | routers: Please see | IOS-XE Software |
| | Cisco IOS-XE Software | Availability |
| | Availability | |
|------------+--------------------------+---------------------------|
| 15.0XA | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 15.1T | in 15.1T |
|------------+--------------------------+---------------------------|
| 15.0XO | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| Affected | | First Fixed Release for |
| 15.1-Based | First Fixed Release for | All Advisories in the |
| Releases | This Advisory | September 2010 Bundle |
| | | Publication |
|------------+--------------------------+---------------------------|
| 15.1T | 15.1(1)T1 | 15.1(2)T1 |
|------------+--------------------------+---------------------------|
| 15.1XB | 15.1(1)XB2 | Vulnerable; first fixed |
| | | in 15.1T |
+-------------------------------------------------------------------+
Cisco IOS XE Software
+--------------------
+-------------------------------------------------------------------+
| Cisco IOS | First Fixed | First Fixed Release for All |
| XE | Release for This | Advisories in the September 2010 |
| Release | Advisory | Bundle Publication |
|-----------+------------------+------------------------------------|
| 2.1.x | Not Vulnerable | Not Vulnerable |
|-----------+------------------+------------------------------------|
| 2.2.x | Not Vulnerable | Not Vulnerable |
|-----------+------------------+------------------------------------|
| 2.3.x | Not Vulnerable | Not Vulnerable |
|-----------+------------------+------------------------------------|
| 2.4.x | Not Vulnerable | Not Vulnerable |
|-----------+------------------+------------------------------------|
| 2.5.x | Not Vulnerable | Vulnerable; migrate to 2.6.2 or |
| | | later |
|-----------+------------------+------------------------------------|
| 2.6.x | Not Vulnerable | 2.6.2 |
|-----------+------------------+------------------------------------|
| 3.1.xS | Not Vulnerable | Not Vulnerable |
+-------------------------------------------------------------------+
For mapping of Cisco IOS XE Software releases to Cisco IOS Software
releases, refer to the Cisco IOS XE 2 and Cisco IOS XE 3S Release
Notes.
Cisco IOS XR Software Table
+--------------------------
Cisco IOS XR Software is not affected by the vulnerabilities
disclosed in the September 22, 2010, Cisco IOS Software Security
Advisory bundle publication.
Workarounds
===========
The mitigations for the NAT vulnerabilities disable the respective
Application Layer Gateway NAT processing. That is, packets will
continue to be translated at the network and transport layers, but
the embedded IP addresses will not be translated.
NAT for Session Initiation Protocol DoS Vulnerability
+----------------------------------------------------
Mitigation for this vulnerability consists of disabling NAT for SIP
over the UDP transport by using the no ip nat service udp port 5060
global configuration command.
Obtaining Fixed Software
========================
Cisco has released free software updates that address these
vulnerabilities. Prior to deploying software, customers should
consult their maintenance provider or check the software for feature
set compatibility and known issues specific to their environment.
Customers may only install and expect support for the feature sets
they have purchased. By installing, downloading, accessing or
otherwise using such software upgrades, customers agree to be bound
by the terms of Cisco's software license terms found at
http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html
or as otherwise set forth at Cisco.com Downloads at
http://www.cisco.com/public/sw-center/sw-usingswc.shtml
Do not contact psirt@cisco.com or security-alert@cisco.com for
software upgrades.
Customers with Service Contracts
+-------------------------------
Customers with contracts should obtain upgraded software through
their regular update channels. For most customers, this means that
upgrades should be obtained through the Software Center on Cisco's
worldwide website at http://www.cisco.com
Customers using Third Party Support Organizations
+------------------------------------------------
Customers whose Cisco products are provided or maintained through
prior or existing agreements with third-party support organizations,
such as Cisco Partners, authorized resellers, or service providers
should contact that support organization for guidance and assistance
with the appropriate course of action in regards to this advisory.
The effectiveness of any workaround or fix is dependent on specific
customer situations, such as product mix, network topology, traffic
behavior, and organizational mission. Due to the variety of affected
products and releases, customers should consult with their service
provider or support organization to ensure any applied workaround or
fix is the most appropriate for use in the intended network before it
is deployed.
Customers without Service Contracts
+----------------------------------
Customers who purchase direct from Cisco but do not hold a Cisco
service contract, and customers who purchase through third-party
vendors but are unsuccessful in obtaining fixed software through
their point of sale should acquire upgrades by contacting the Cisco
Technical Assistance Center (TAC). TAC contacts are as follows.
* +1 800 553 2447 (toll free from within North America)
* +1 408 526 7209 (toll call from anywhere in the world)
* e-mail: tac@cisco.com
Customers should have their product serial number available and be
prepared to give the URL of this notice as evidence of entitlement to
a free upgrade. Free upgrades for non-contract customers must be
requested through the TAC.
Refer to
http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html
for additional TAC contact information, including localized telephone
numbers, and instructions and e-mail addresses for use in various
languages.
Exploitation and Public Announcements
=====================================
The Cisco PSIRT is not aware of any public announcements or malicious
use of the vulnerabilities described in this advisory.
Status of this Notice: FINAL
============================
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY
KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS
AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS
DOCUMENT AT ANY TIME.
A stand-alone copy or Paraphrase of the text of this document that
omits the distribution URL in the following section is an
uncontrolled copy, and may lack important information or contain
factual errors.
Distribution
============
This advisory is posted on Cisco's worldwide website at:
http://www.cisco.com/warp/public/707/cisco-sa-20100922-nat.shtml
In addition to worldwide web posting, a text version of this notice
is clear-signed with the Cisco PSIRT PGP key and is posted to the
following e-mail and Usenet news recipients.
* cust-security-announce@cisco.com
* first-bulletins@lists.first.org
* bugtraq@securityfocus.com
* vulnwatch@vulnwatch.org
* cisco@spot.colorado.edu
* cisco-nsp@puck.nether.net
* full-disclosure@lists.grok.org.uk
* comp.dcom.sys.cisco@newsgate.cisco.com
Future updates of this advisory, if any, will be placed on Cisco's
worldwide website, but may or may not be actively announced on
mailing lists or newsgroups. Users concerned about this problem are
encouraged to check the above URL for any updates.
Revision History
================
+---------------------------------------+
| Revision | | Initial |
| 1.0 | 2010-Sep-22 | public |
| | | release. |
+---------------------------------------+
Cisco Security Procedures
=========================
Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and
registering to receive security information from Cisco, is available
on Cisco's worldwide website at
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
This includes instructions for press inquiries regarding Cisco
security notices. All Cisco security advisories are available at
http://www.cisco.com/go/psirt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (Darwin)
iEYEARECAAYFAkyZ/SkACgkQ86n/Gc8U/uAspwCcD7e0kd3Am/wQynOLnZ1j8RiE
SE8AnA447FqSKGuXC9tKS4PFdZpsRb8f
=fe0l
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
VAR-201009-0069 | CVE-2010-2833 |
Cisco IOS of H.225.0 Implementation NAT Service disruption in (DoS) Vulnerabilities
Related entries in the VARIoT exploits database: VAR-E-201009-0486 |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in the NAT for H.225.0 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1 allows remote attackers to cause a denial of service (device reload) via transit traffic, aka Bug ID CSCtd86472. The problem is Bug ID : CSCtd86472 It is a problem.Service disruption via traffic by a third party (DoS) There is a possibility of being put into a state.
An attacker can exploit this issue to cause the affected device to reload, denying service to legitimate users.
This issue is being tracked by Cisco Bug ID CSCtd86472. Cisco IOS is an operating system developed by Cisco in the United States for its network equipment. ----------------------------------------------------------------------
Windows Applications Insecure Library Loading
The Official, Verified Secunia List:
http://secunia.com/advisories/windows_insecure_library_loading/
The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected.
----------------------------------------------------------------------
TITLE:
Cisco IOS NAT Implementation Three Denial of Service Vulnerabilities
SECUNIA ADVISORY ID:
SA41539
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/41539/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=41539
RELEASE DATE:
2010-09-24
DISCUSS ADVISORY:
http://secunia.com/advisories/41539/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/41539/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=41539
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Three vulnerabilities have been reported in Cisco IOS, which can be
exploited by malicious people to cause a DoS (Denial of Service).
SOLUTION:
Update to a fixed version.
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
cisco-sa-20100922-nat:
http://www.cisco.com/warp/public/707/cisco-sa-20100922-nat.shtml
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Cisco IOS Software Network Address
Translation Vulnerabilities
Advisory ID: cisco-sa-20100922-nat
http://www.cisco.com/warp/public/707/cisco-sa-20100922-nat.shtml
Revision 1.0
For Public Release 2010 September 22 1600 UTC (GMT)
- ---------------------------------------------------------------------
Summary
=======
The Cisco IOS Software Network Address Translation functionality
contains three denial of service (DoS) vulnerabilities. The first
vulnerability is in the translation of Session Initiation Protocol
(SIP) packets, the second vulnerability in the translation of H.323
packets and the third vulnerability is in the translation of H.225.0
call signaling for H.323 packets.
Cisco has released free software updates that address these
vulnerabilities.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20100922-nat.shtml
Note: The September 22, 2010, Cisco IOS Software Security Advisory
bundled publication includes six Cisco Security Advisories. Five of
the advisories address vulnerabilities in Cisco IOS Software, and one
advisory addresses vulnerabilities in Cisco Unified Communications
Manager. Each advisory lists the releases that correct the
vulnerability or vulnerabilities detailed in the advisory. The table
at the following URL lists releases that correct all Cisco IOS
Software vulnerabilities that have been published on September 22,
2010, or earlier:
http://www.cisco.com/warp/public/707/cisco-sa-20100922-bundle.shtml
Individual publication links are in "Cisco Event Response: Semiannual
Cisco IOS Software Security Advisory Bundled Publication" at the
following link:
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep10.html
Affected Products
=================
Vulnerable Products
+------------------
Cisco devices running Cisco IOS Software that are configured for NAT
and that support NAT for SIP, H.323, or H.225.0 call signaling for
H.323 packets are affected.
To verify whether NAT is enabled on a Cisco IOS device log in to the
device and issue the show ip nat statistics command. The following
example shows a device that is configured with NAT:
Router#show ip nat statistics
Total translations: 2 (0 static, 2 dynamic; 0 extended)
Outside interfaces: Serial0
Inside interfaces: Ethernet1
Hits: 135 Misses: 5
Expired translations: 2
Dynamic mappings:
-- Inside Source
access-list 1 pool mypool refcount 2
pool mypool: netmask 255.255.255.0
start 192.168.10.1 end 192.168.10.254
type generic, total addresses 14, allocated 2 (14%), misses 0
Alternatively, administrators can use the show running-config |
include ip nat command to verify if NAT has been enabled on the
router interfaces.
For NAT to be enabled in a router either the ip nat inside and ip nat
outside commands must be present in different interfaces or, in the
case of NAT Virtual Interface, if the ip nat enable interface command
is present.
In order to determine the software that runs on a Cisco IOS product,
log in to the device and issue the show version command to display
the system banner. Cisco IOS software identifies itself as
"Internetwork Operating System Software" or simply "IOS." On the next
line of output, the image name displays between parentheses, followed
by "Version" and the Cisco IOS release name. Other Cisco devices do
not have the show version command or give different output.
The following example shows output from a device that runs an IOS
image:
Router> show version
Cisco IOS Software, C3900 Software (C3900-UNIVERSALK9-M), Version 15.0(1)M1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Wed 02-Dec-09 17:17 by prod_rel_team
<More output removed for brevity>
Products Confirmed Not Vulnerable
+--------------------------------
Cisco IOS devices not explicitly configured for NAT are not
vulnerable.
No other Cisco products are currently known to be affected by these
vulnerabilities.
Details
=======
The three vulnerabilities are triggered by transit traffic that needs
to be processed by the NAT feature. Each vulnerability is independent
of each other.
NAT for SIP DoS Vulnerability
+----------------------------
SIP is a popular signaling protocol that is used to manage voice and
video calls across IP networks such as the Internet. SIP is
responsible for handling all aspects of call setup and termination.
Voice and video are the most popular types of sessions that SIP
handles, but the protocol has the flexibility to accommodate other
applications that require call setup and termination.
NAT for SIP translates packets using UDP (port 5060) or TCP (port
5060) as the underlying transport protocol. The NAT for SIP DoS
vulnerability can be exploited only with the use of UDP port 5060
packets.
NAT for H.323 DoS Vulnerability
+------------------------------
H.323 is the International Telecommunication Union (ITU) standard for
real-time multimedia communications and conferencing over
packet-based (IP) networks.
NAT for H.323 translates packets on TCP port 1720. There is a DoS
vulnerability in the NAT procession of H.323 packets. The
vulnerability does not require the completion of a TCP three-way
handshake.
NAT for H.225.0 DoS vulnerability
+--------------------------------
H.323 is the ITU standard for real-time multimedia communications and
conferencing over packet-based (IP) networks. A subset of the H.323
standard is H.225.0, a standard used for call signaling protocols and
media stream packetization over IP networks.
NAT for H.225.0 translates packets on TCP port 1720.
Vulnerability Scoring Details
=============================
Cisco has provided scores for the vulnerabilities in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of
the vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding
CVSS at:
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html
Cisco has also provided a CVSS calculator to help compute the
environmental impact for individual networks at:
http://intellishield.cisco.com/security/alertmanager/cvss
CSCtf17624 - NAT SIP DoS Vulnerability
CVSS Base Score - 7.8
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Complete
CVSS Temporal Score - 6.4
Exploitability Functional
Remediation Level Official Fix
Report Confidence Confirmed
CSCtf91428 - NAT for H.323 DoS
CVSS Base Score - 7.8
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Complete
CVSS Temporal Score - 6.4
Exploitability Functional
Remediation Level Official Fix
Report Confidence Confirmed
CSCtd86472 - NAT for H.225.0 DoS
CVSS Base Score - 7.8
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Complete
CVSS Temporal Score - 6.4
Exploitability Functional
Remediation Level Official Fix
Report Confidence Confirmed
Impact
======
Successful exploitation of any of the vulnerabilities described in
this document may cause the affected device to reload. Repeated
exploitation will result in an extended denial of service (DoS)
condition.
Software Versions and Fixes
===========================
When considering software upgrades, also consult
http://www.cisco.com/go/psirt and any subsequent advisories to
determine exposure and a complete upgrade solution.
In all cases, customers should exercise caution to be certain the
devices to be upgraded contain sufficient memory and that current
hardware and software configurations will continue to be supported
properly by the new release. If the information is not clear, contact
the Cisco Technical Assistance Center (TAC) or your contracted
maintenance provider for assistance.
Each row of the following Cisco IOS Software table corresponds to a
Cisco IOS Software train. If a particular train is vulnerable, the
earliest releases that contain the fix are listed in the First Fixed
Release For This Advisory column. The First Fixed Release for All
Advisories in the September 2010 Bundle Publication column lists the
earliest possible releases that correct all the published
vulnerabilities in the Cisco IOS Software Security Advisory bundled
publication. Cisco recommends upgrading to the latest available
release, where possible.
+-------------------------------------------------------------------+
| Major | Availability of Repaired Releases |
| Release | |
|------------+------------------------------------------------------|
| Affected | | First Fixed Release for |
| 12.0-Based | First Fixed Release for | All Advisories in the |
| Releases | This Advisory | September 2010 Bundle |
| | | Publication |
|-------------------------------------------------------------------|
| There are no affected 12.0 based releases |
|-------------------------------------------------------------------|
| Affected | | First Fixed Release for |
| 12.1-Based | First Fixed Release for | All Advisories in the |
| Releases | This Advisory | September 2010 Bundle |
| | | Publication |
|------------+--------------------------+---------------------------|
| | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
| 12.1 | | |
| | Releases up to and | Releases up to and |
| | including 12.1(4b) are | including 12.1(4b) are |
| | not vulnerable. | not vulnerable. |
|------------+--------------------------+---------------------------|
| 12.1AA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1AX | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1AY | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1AZ | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1CX | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1DA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1DB | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1DC | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1E | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1EA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1EB | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1EC | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1EO | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1EU | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1EV | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1EW | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1EX | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1EY | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1EZ | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1GA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1GB | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| | | Vulnerable; first fixed |
| | | in 12.4T |
| 12.1T | Not Vulnerable | |
| | | Releases up to and |
| | | including 12.1(3a)T8 are |
| | | not vulnerable. |
|------------+--------------------------+---------------------------|
| 12.1XA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1XB | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1XC | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1XD | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1XE | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1XF | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1XG | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1XH | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1XI | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.1XJ | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.1XL | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.1XM | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.1XP | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.1XQ | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.1XR | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| | | Vulnerable; first fixed |
| | | in 12.4T |
| 12.1XS | Not Vulnerable | |
| | | Releases up to and |
| | | including 12.1(3)XS are |
| | | not vulnerable. |
|------------+--------------------------+---------------------------|
| | | Vulnerable; first fixed |
| | | in 12.4T |
| 12.1XT | Not Vulnerable | |
| | | Releases up to and |
| | | including 12.1(2)XT2 are |
| | | not vulnerable. |
|------------+--------------------------+---------------------------|
| 12.1XU | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.1XV | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.1XW | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1XX | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| | | Vulnerable; first fixed |
| | | in 12.4T |
| 12.1XY | Not Vulnerable | |
| | | Releases up to and |
| | | including 12.1(4)XY are |
| | | not vulnerable. |
|------------+--------------------------+---------------------------|
| 12.1XZ | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.1YA | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.1YB | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.1YC | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.1YD | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| | | Releases prior to 12.1(5) |
| | | YE6 are vulnerable, |
| 12.1YE | Not Vulnerable | release 12.1(5)YE6 and |
| | | later are not vulnerable; |
| | | first fixed in 12.4T |
|------------+--------------------------+---------------------------|
| 12.1YF | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.1YH | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.1YI | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.1YJ | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| Affected | | First Fixed Release for |
| 12.2-Based | First Fixed Release for | All Advisories in the |
| Releases | This Advisory | September 2010 Bundle |
| | | Publication |
|------------+--------------------------+---------------------------|
| | Vulnerable; first fixed | |
| | in 12.4 | |
| 12.2 | | Vulnerable; first fixed |
| | Releases up to and | in 12.4T |
| | including 12.2(16f) are | |
| | not vulnerable. | |
|------------+--------------------------+---------------------------|
| | | Vulnerable; first fixed |
| | | in 12.4T |
| 12.2B | Not Vulnerable | |
| | | Releases up to and |
| | | including 12.2(2)B7 are |
| | | not vulnerable. |
|------------+--------------------------+---------------------------|
| 12.2BC | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2BW | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| | | Vulnerable; first fixed |
| | | in 12.2SB |
| 12.2BX | Not Vulnerable | |
| | | Releases up to and |
| | | including 12.2(15)BX are |
| | | not vulnerable. |
|------------+--------------------------+---------------------------|
| | | Vulnerable; first fixed |
| | | in 12.4T |
| 12.2BY | Not Vulnerable | |
| | | Releases up to and |
| | | including 12.2(2)BY3 are |
| | | not vulnerable. |
|------------+--------------------------+---------------------------|
| 12.2BZ | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2CX | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2CY | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2CZ | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.2DA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2DD | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2DX | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2EW | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2EWA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2EX | Vulnerable; migrate to | Not Vulnerable |
| | any release in 12.2SE | |
|------------+--------------------------+---------------------------|
| 12.2EY | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2EZ | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2FX | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2FY | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2FZ | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2IRA | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2IRB | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2IRC | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2IRD | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2IRE | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2IXA | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2IXB | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2IXC | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2IXD | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2IXE | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2IXF | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2IXG | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2IXH | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.2JA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2JK | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2MB | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| | | Releases up to and |
| | | including 12.2(15)MC1 are |
| 12.2MC | Not Vulnerable | not vulnerable. Releases |
| | | 12.2(15)MC2b and later |
| | | are not vulnerable; first |
| | | fixed in 12.4T |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2MRA | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.2MRB | 12.2(33)MRB2 | 12.2(33)MRB2 |
|------------+--------------------------+---------------------------|
| | Releases prior to 12.2 | Releases prior to 12.2 |
| 12.2S | (30)S are vulnerable, | (30)S are vulnerable, |
| | release 12.2(30)S and | release 12.2(30)S and |
| | later are not vulnerable | later are not vulnerable |
|------------+--------------------------+---------------------------|
| | | 12.2(31)SB19; Releases |
| | | prior to 12.2(33)SB5 are |
| 12.2SB | Not Vulnerable | vulnerable, release 12.2 |
| | | (33)SB5 and later are not |
| | | vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SBC | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.2SB | in 12.2SB |
|------------+--------------------------+---------------------------|
| 12.2SCA | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.2SCB |
|------------+--------------------------+---------------------------|
| | 12.2(33)SCB10 | |
| 12.2SCB | | 12.2(33)SCB9 |
| | 12.2(33)SCB9 | |
|------------+--------------------------+---------------------------|
| 12.2SCC | 12.2(33)SCC5 | 12.2(33)SCC5 |
|------------+--------------------------+---------------------------|
| | 12.2(33)SCD3 | |
| 12.2SCD | | 12.2(33)SCD3 |
| | 12.2(33)SCD4 | |
|------------+--------------------------+---------------------------|
| 12.2SE | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SEA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SEB | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SEC | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SED | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SEE | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SEF | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SEG | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| | Releases prior to 12.2 | Releases prior to 12.2 |
| | (40)SG are vulnerable, | (40)SG are vulnerable, |
| 12.2SG | release 12.2(40)SG and | release 12.2(40)SG and |
| | later are not | later are not vulnerable; |
| | vulnerable; migrate to | migrate to any release in |
| | any release in 12.2SGA | 12.2SGA |
|------------+--------------------------+---------------------------|
| 12.2SGA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SL | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SM | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SO | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SQ | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| | | Releases prior to 12.2 |
| 12.2SRA | Not Vulnerable | (33)SRA6 are vulnerable, |
| | | release 12.2(33)SRA6 and |
| | | later are not vulnerable |
|------------+--------------------------+---------------------------|
| | | Releases prior to 12.2 |
| 12.2SRB | Not Vulnerable | (33)SRB1 are vulnerable, |
| | | release 12.2(33)SRB1 and |
| | | later are not vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SRC | Not Vulnerable | Not vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SRD | Not Vulnerable | Not vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SRE | 12.2(33)SRE1 | 12.2(33)SRE1 |
|------------+--------------------------+---------------------------|
| 12.2STE | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SU | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| | Releases prior to 12.2 | Releases prior to 12.2 |
| | (29b)SV1 are vulnerable, | (29b)SV1 are vulnerable, |
| 12.2SV | release 12.2(29b)SV1 and | release 12.2(29b)SV1 and |
| | later are not | later are not vulnerable; |
| | vulnerable; migrate to | migrate to any release in |
| | any release in 12.2SVD | 12.2SVD |
|------------+--------------------------+---------------------------|
| 12.2SVA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SVC | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SVD | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SVE | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| | Releases up to and | |
| | including 12.2(25)SW3 | Releases up to and |
| | are not vulnerable. | including 12.2(21)SW1 are |
| 12.2SW | | not vulnerable. Releases |
| | Releases 12.2(25)SW12 | 12.2(25)SW12 and later |
| | and later are not | are not vulnerable; first |
| | vulnerable; first fixed | fixed in 12.4T |
| | in 12.4T | |
|------------+--------------------------+---------------------------|
| | Releases up to and | Releases up to and |
| 12.2SX | including 12.2(14)SX2 | including 12.2(14)SX2 are |
| | are not vulnerable. | not vulnerable. |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2SXA | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2SXB | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2SXD | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2SXE | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| | Releases prior to 12.2 | Releases prior to 12.2 |
| | (18)SXF11 are | (18)SXF11 are vulnerable, |
| 12.2SXF | vulnerable, releases | releases 12.2(18)SXF11 |
| | 12.2(18)SXF11 and later | and later are not |
| | are not vulnerable | vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SXH | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2SXI | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | |
| | support organization per | |
| 12.2SY | the instructions in | Not Vulnerable |
| | Obtaining Fixed Software | |
| | section of this advisory | |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2SZ | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.2T | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2TPC | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.2XA | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2XB | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2XC | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2XD | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2XE | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2XF | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2XG | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2XH | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2XI | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2XJ | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2XK | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2XL | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2XM | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2XN | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.2SB | in 12.2SB |
|------------+--------------------------+---------------------------|
| 12.2XNA | Please see Cisco IOS-XE | Please see Cisco IOS-XE |
| | Software Availability | Software Availability |
|------------+--------------------------+---------------------------|
| 12.2XNB | Please see Cisco IOS-XE | Please see Cisco IOS-XE |
| | Software Availability | Software Availability |
|------------+--------------------------+---------------------------|
| 12.2XNC | Please see Cisco IOS-XE | Please see Cisco IOS-XE |
| | Software Availability | Software Availability |
|------------+--------------------------+---------------------------|
| 12.2XND | Please see Cisco IOS-XE | Please see Cisco IOS-XE |
| | Software Availability | Software Availability |
|------------+--------------------------+---------------------------|
| 12.2XNE | Please see Cisco IOS-XE | Please see Cisco IOS-XE |
| | Software Availability | Software Availability |
|------------+--------------------------+---------------------------|
| 12.2XNF | Please see Cisco IOS-XE | Please see Cisco IOS-XE |
| | Software Availability | Software Availability |
|------------+--------------------------+---------------------------|
| 12.2XO | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2XQ | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2XR | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2XS | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2XT | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2XU | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2XV | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2XW | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2YA | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YB | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YC | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YD | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YE | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YF | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.2YG | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YH | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YJ | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YK | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YL | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.2YM | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YN | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.2YO | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2YP | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2YQ | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2YR | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2YS | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YT | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YU | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Releases prior to 12.2 |
| 12.2YV | Not Vulnerable | (11)YV1 are vulnerable, |
| | | release 12.2(11)YV1 and |
| | | later are not vulnerable |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YW | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YX | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YY | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YZ | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.2ZA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| | | Releases up to and |
| 12.2ZB | Not Vulnerable | including 12.2(8)ZB are |
| | | not vulnerable. |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2ZC | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2ZD | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.2ZE | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2ZF | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.2ZG | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.2ZH | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2ZJ | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2ZL | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2ZP | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2ZU | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.2ZX | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2ZY | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2ZYA | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| Affected | | First Fixed Release for |
| 12.3-Based | First Fixed Release for | All Advisories in the |
| Releases | This Advisory | September 2010 Bundle |
| | | Publication |
|------------+--------------------------+---------------------------|
| 12.3 | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3B | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3BC | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.3BW | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.3EU | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.3JA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.3JEA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.3JEB | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.3JEC | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.3JED | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| | Releases up to and | |
| | including 12.3(2)JK3 are | Releases up to and |
| | not vulnerable. | including 12.3(2)JK3 are |
| 12.3JK | | not vulnerable. Releases |
| | Releases 12.3(8)JK1 and | 12.3(8)JK1 and later are |
| | later are not | not vulnerable; first |
| | vulnerable; first fixed | fixed in 12.4T |
| | in 12.4T | |
|------------+--------------------------+---------------------------|
| 12.3JL | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.3JX | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.3T | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.3TPC | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.3VA | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3XA | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.3XB | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.3XC | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3XD | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3XE | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.3XF | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.3XG | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| | Releases prior to 12.3 | Releases prior to 12.3(7) |
| | (7)XI11 are vulnerable, | XI11 are vulnerable, |
| 12.3XI | release 12.3(7)XI11 and | releases 12.3(7)XI11 and |
| | later are not | later are not vulnerable; |
| | vulnerable; first fixed | first fixed in 12.2SB |
| | in 12.2SB | |
|------------+--------------------------+---------------------------|
| 12.3XJ | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.3YX | in 12.4XR |
|------------+--------------------------+---------------------------|
| 12.3XK | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3XL | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3XQ | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3XR | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3XS | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3XU | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3XW | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3XX | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3XY | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3XZ | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3YA | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3YD | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3YF | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.3YX | in 12.4XR |
|------------+--------------------------+---------------------------|
| 12.3YG | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3YH | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3YI | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3YJ | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3YK | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3YM | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3YQ | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3YS | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3YT | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3YU | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.3YX | 12.3(14)YX17 | Vulnerable; first fixed |
| | | in 12.4XR |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.3YZ | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.3ZA | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| Affected | | First Fixed Release for |
| 12.4-Based | First Fixed Release for | All Advisories in the |
| Releases | This Advisory | September 2010 Bundle |
| | | Publication |
|------------+--------------------------+---------------------------|
| 12.4 | 12.4(25d) | 12.4(25d) |
|------------+--------------------------+---------------------------|
| 12.4GC | 12.4(24)GC2 | 12.4(24)GC2 |
|------------+--------------------------+---------------------------|
| 12.4JA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.4JDA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.4JDC | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.4JDD | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.4JHA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.4JHB | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.4JK | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.4JL | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.4JMA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.4JMB | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.4JX | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.4JY | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| 12.4MD | 12.4(22)MD2 | 12.4(24)MD2 |
|------------+--------------------------+---------------------------|
| 12.4MDA | 12.4(22)MDA4 | 12.4(22)MDA4 |
|------------+--------------------------+---------------------------|
| 12.4MR | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4MRA | in 12.4MRA |
|------------+--------------------------+---------------------------|
| 12.4MRA | 12.4(20)MRA1 | 12.4(20)MRA1 |
|------------+--------------------------+---------------------------|
| | Releases prior to 12.4 | |
| | (15)SW6 are vulnerable, | |
| 12.4SW | release 12.4(15)SW6 and | Vulnerable; first fixed |
| | later are not | in 12.4T |
| | vulnerable; first fixed | |
| | in 12.4T | |
|------------+--------------------------+---------------------------|
| | 12.4(15)T14 | 12.4(15)T14 |
| | | |
| 12.4T | 12.4(20)T6 | 12.4(20)T6 |
| | | |
| | 12.4(24)T4 | 12.4(24)T4 |
|------------+--------------------------+---------------------------|
| 12.4XA | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.4XB | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.4XC | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.4XD | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| | Releases prior to 12.4 | Releases prior to 12.4(6) |
| | (6)XE5 are vulnerable, | XE5 are vulnerable, |
| 12.4XE | release 12.4(6)XE5 and | release 12.4(6)XE5 and |
| | later are not | later are not vulnerable; |
| | vulnerable; first fixed | first fixed in 12.4T |
| | in 12.4T | |
|------------+--------------------------+---------------------------|
| 12.4XF | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.4XG | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.4XJ | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.4XK | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.4XL | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.4XM | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.4XN | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.4XP | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.4XQ | 12.4(15)XQ6; Available | 12.4(15)XQ6; Available on |
| | on 22-SEP-10 | 22-SEP-10 |
|------------+--------------------------+---------------------------|
| | 12.4(15)XR9 | 12.4(15)XR9 |
| 12.4XR | | |
| | 12.4(22)XR7 | 12.4(22)XR7 |
|------------+--------------------------+---------------------------|
| 12.4XT | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.4XV | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.4XW | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.4XY | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.4XZ | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| 12.4YA | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.4YB | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.4YD | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.4YE | Vulnerable; first fixed | 12.4(24)YE1 |
| | in 12.4T | |
|------------+--------------------------+---------------------------|
| 12.4YG | 12.4(24)YG3 | 12.4(24)YG3 |
|------------+--------------------------+---------------------------|
| Affected | | First Fixed Release for |
| 15.0-Based | First Fixed Release for | All Advisories in the |
| Releases | This Advisory | September 2010 Bundle |
| | | Publication |
|------------+--------------------------+---------------------------|
| 15.0M | 15.0(1)M3 | 15.0(1)M3 |
|------------+--------------------------+---------------------------|
| | Cisco 7600 and 10000 | Cisco 7600 and 10000 |
| | Series routers: 15.0(1) | Series routers: 15.0(1)S1 |
| | S1 | |
| 15.0S | | Cisco ASR 1000 Series |
| | Cisco ASR 1000 Series | routers: Please see Cisco |
| | routers: Please see | IOS-XE Software |
| | Cisco IOS-XE Software | Availability |
| | Availability | |
|------------+--------------------------+---------------------------|
| 15.0XA | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 15.1T | in 15.1T |
|------------+--------------------------+---------------------------|
| 15.0XO | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| Affected | | First Fixed Release for |
| 15.1-Based | First Fixed Release for | All Advisories in the |
| Releases | This Advisory | September 2010 Bundle |
| | | Publication |
|------------+--------------------------+---------------------------|
| 15.1T | 15.1(1)T1 | 15.1(2)T1 |
|------------+--------------------------+---------------------------|
| 15.1XB | 15.1(1)XB2 | Vulnerable; first fixed |
| | | in 15.1T |
+-------------------------------------------------------------------+
Cisco IOS XE Software
+--------------------
+-------------------------------------------------------------------+
| Cisco IOS | First Fixed | First Fixed Release for All |
| XE | Release for This | Advisories in the September 2010 |
| Release | Advisory | Bundle Publication |
|-----------+------------------+------------------------------------|
| 2.1.x | Not Vulnerable | Not Vulnerable |
|-----------+------------------+------------------------------------|
| 2.2.x | Not Vulnerable | Not Vulnerable |
|-----------+------------------+------------------------------------|
| 2.3.x | Not Vulnerable | Not Vulnerable |
|-----------+------------------+------------------------------------|
| 2.4.x | Not Vulnerable | Not Vulnerable |
|-----------+------------------+------------------------------------|
| 2.5.x | Not Vulnerable | Vulnerable; migrate to 2.6.2 or |
| | | later |
|-----------+------------------+------------------------------------|
| 2.6.x | Not Vulnerable | 2.6.2 |
|-----------+------------------+------------------------------------|
| 3.1.xS | Not Vulnerable | Not Vulnerable |
+-------------------------------------------------------------------+
For mapping of Cisco IOS XE Software releases to Cisco IOS Software
releases, refer to the Cisco IOS XE 2 and Cisco IOS XE 3S Release
Notes.
Cisco IOS XR Software Table
+--------------------------
Cisco IOS XR Software is not affected by the vulnerabilities
disclosed in the September 22, 2010, Cisco IOS Software Security
Advisory bundle publication.
Workarounds
===========
The mitigations for the NAT vulnerabilities disable the respective
Application Layer Gateway NAT processing. That is, packets will
continue to be translated at the network and transport layers, but
the embedded IP addresses will not be translated.
NAT for Session Initiation Protocol DoS Vulnerability
+----------------------------------------------------
Mitigation for this vulnerability consists of disabling NAT for SIP
over the UDP transport by using the no ip nat service udp port 5060
global configuration command.
Obtaining Fixed Software
========================
Cisco has released free software updates that address these
vulnerabilities. Prior to deploying software, customers should
consult their maintenance provider or check the software for feature
set compatibility and known issues specific to their environment.
Customers may only install and expect support for the feature sets
they have purchased. By installing, downloading, accessing or
otherwise using such software upgrades, customers agree to be bound
by the terms of Cisco's software license terms found at
http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html
or as otherwise set forth at Cisco.com Downloads at
http://www.cisco.com/public/sw-center/sw-usingswc.shtml
Do not contact psirt@cisco.com or security-alert@cisco.com for
software upgrades.
Customers with Service Contracts
+-------------------------------
Customers with contracts should obtain upgraded software through
their regular update channels. For most customers, this means that
upgrades should be obtained through the Software Center on Cisco's
worldwide website at http://www.cisco.com
Customers using Third Party Support Organizations
+------------------------------------------------
Customers whose Cisco products are provided or maintained through
prior or existing agreements with third-party support organizations,
such as Cisco Partners, authorized resellers, or service providers
should contact that support organization for guidance and assistance
with the appropriate course of action in regards to this advisory.
The effectiveness of any workaround or fix is dependent on specific
customer situations, such as product mix, network topology, traffic
behavior, and organizational mission. Due to the variety of affected
products and releases, customers should consult with their service
provider or support organization to ensure any applied workaround or
fix is the most appropriate for use in the intended network before it
is deployed.
Customers without Service Contracts
+----------------------------------
Customers who purchase direct from Cisco but do not hold a Cisco
service contract, and customers who purchase through third-party
vendors but are unsuccessful in obtaining fixed software through
their point of sale should acquire upgrades by contacting the Cisco
Technical Assistance Center (TAC). TAC contacts are as follows.
* +1 800 553 2447 (toll free from within North America)
* +1 408 526 7209 (toll call from anywhere in the world)
* e-mail: tac@cisco.com
Customers should have their product serial number available and be
prepared to give the URL of this notice as evidence of entitlement to
a free upgrade. Free upgrades for non-contract customers must be
requested through the TAC.
Refer to
http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html
for additional TAC contact information, including localized telephone
numbers, and instructions and e-mail addresses for use in various
languages.
Exploitation and Public Announcements
=====================================
The Cisco PSIRT is not aware of any public announcements or malicious
use of the vulnerabilities described in this advisory.
Status of this Notice: FINAL
============================
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY
KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS
AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS
DOCUMENT AT ANY TIME.
A stand-alone copy or Paraphrase of the text of this document that
omits the distribution URL in the following section is an
uncontrolled copy, and may lack important information or contain
factual errors.
Distribution
============
This advisory is posted on Cisco's worldwide website at:
http://www.cisco.com/warp/public/707/cisco-sa-20100922-nat.shtml
In addition to worldwide web posting, a text version of this notice
is clear-signed with the Cisco PSIRT PGP key and is posted to the
following e-mail and Usenet news recipients.
* cust-security-announce@cisco.com
* first-bulletins@lists.first.org
* bugtraq@securityfocus.com
* vulnwatch@vulnwatch.org
* cisco@spot.colorado.edu
* cisco-nsp@puck.nether.net
* full-disclosure@lists.grok.org.uk
* comp.dcom.sys.cisco@newsgate.cisco.com
Future updates of this advisory, if any, will be placed on Cisco's
worldwide website, but may or may not be actively announced on
mailing lists or newsgroups. Users concerned about this problem are
encouraged to check the above URL for any updates.
Revision History
================
+---------------------------------------+
| Revision | | Initial |
| 1.0 | 2010-Sep-22 | public |
| | | release. |
+---------------------------------------+
Cisco Security Procedures
=========================
Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and
registering to receive security information from Cisco, is available
on Cisco's worldwide website at
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
This includes instructions for press inquiries regarding Cisco
security notices. All Cisco security advisories are available at
http://www.cisco.com/go/psirt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (Darwin)
iEYEARECAAYFAkyZ/SkACgkQ86n/Gc8U/uAspwCcD7e0kd3Am/wQynOLnZ1j8RiE
SE8AnA447FqSKGuXC9tKS4PFdZpsRb8f
=fe0l
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
VAR-201009-0063 | CVE-2010-2836 | Cisco IOS of SSL VPN Service disruption in functionality (DoS) Vulnerabilities |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Memory leak in the SSL VPN feature in Cisco IOS 12.4, 15.0, and 15.1, when HTTP port redirection is enabled, allows remote attackers to cause a denial of service (memory consumption) by improperly disconnecting SSL sessions, leading to connections that remain in the CLOSE-WAIT state, aka Bug ID CSCtg21685. Cisco IOS is prone to a remote denial-of-service vulnerability.
An attacker can exploit this issue to cause an affected device to reload or to stop accepting new TCP connections, denying service to legitimate users.
This issue is tracked by Cisco Bug ID CSCtg21685. This vulnerability causes the connection to remain in the CLOSE-WAIT state. ----------------------------------------------------------------------
Windows Applications Insecure Library Loading
The Official, Verified Secunia List:
http://secunia.com/advisories/windows_insecure_library_loading/
The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected.
----------------------------------------------------------------------
TITLE:
Cisco IOS SSL VPN Memory Leak Denial of Service Vulnerability
SECUNIA ADVISORY ID:
SA41552
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/41552/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=41552
RELEASE DATE:
2010-09-24
DISCUSS ADVISORY:
http://secunia.com/advisories/41552/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/41552/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=41552
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been reported in Cisco IOS, which can be
exploited by malicious people to cause a DoS (Denial of Service). This can be
exploited to exhaust available memory resources and e.g.
SOLUTION:
Update to a fixed version.
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
cisco-sa-20100922-sslvpn:
http://www.cisco.com/warp/public/707/cisco-sa-20100922-sslvpn.shtml
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco IOS SSL VPN Vulnerability
Advisory ID: cisco-sa-20100922-sslvpn
http://www.cisco.com/warp/public/707/cisco-sa-20100922-sslvpn.shtml
Revision 1.0
For Public Release 2010 September 22 1600 UTC (GMT)
- ---------------------------------------------------------------------
Summary
=======
Cisco IOS Software contains a vulnerability when the Cisco IOS SSL
VPN feature is configured with an HTTP redirect.
Cisco has released free software updates that address this
vulnerability. There is a workaround to mitigate this vulnerability.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20100922-sslvpn.shtml
Note: The September 22, 2010, Cisco IOS Software Security Advisory
bundled publication includes six Cisco Security Advisories. Five of
the advisories address vulnerabilities in Cisco IOS Software, and one
advisory addresses vulnerabilities in Cisco Unified Communications
Manager. Each advisory lists the releases that correct the
vulnerability or vulnerabilities detailed in the advisory. The table
at the following URL lists releases that correct all Cisco IOS
Software vulnerabilities that have been published on September 22,
2010, or earlier:
http://www.cisco.com/warp/public/707/cisco-sa-20100922-bundle.shtml
Individual publication links are in "Cisco Event Response: Semiannual
Cisco IOS Software Security Advisory Bundled Publication" at the
following link:
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep10.html
Affected Products
=================
Vulnerable Products
+------------------
Devices running affected versions of Cisco IOS Software are
vulnerable if configured with SSL VPN and HTTP port redirection.
The following methods may be used to confirm if the device is
configured for Cisco IOS SSL VPNs and is vulnerable:
If the output from show running-config | include webvpn contains
"webvpn gateway <word>" then the device is supporting the Cisco IOS
SSL VPN feature. A device is vulnerable if it has the inservice
command in at least one of the "webvpn gateway" sections and is
configured for HTTP port redirection. The following example shows a
vulnerable device configured with Cisco IOS SSL VPN:
Router#show running | section webvpn
webvpn gateway Gateway
ip address 10.1.1.1 port 443
http-redirect port 80
ssl trustpoint Gateway-TP
inservice
!
Router#
A device that supports the Cisco IOS SSL VPN is not vulnerable if
"webvpn gateway" is not configured.
To determine the Cisco IOS Software release that is running on a
Cisco product, administrators can log in to the device and issue the
show version command to display the system banner. The system banner
confirms that the device is running Cisco IOS Software by displaying
text similar to "Cisco Internetwork Operating System Software" or
"Cisco IOS Software." The image name displays in parentheses,
followed by "Version" and the Cisco IOS Software release name. Other
Cisco devices do not have the show version command or may provide
different output.
The following example identifies a Cisco product that is running
Cisco IOS Software Release 12.4(20)T with an installed image name of
C2800NM-ADVSECURITYK9-M:
Router#show version
Cisco IOS Software, 2800 Software (C2800NM-ADVSECURITYK9-M), Version 12.4(20)T, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2008 by Cisco Systems, Inc.
Compiled Thu 10-Jul-08 22:00 by prod_rel_team
! --- output truncated
Additional information about Cisco IOS Software release naming
conventions is available in "White Paper: Cisco IOS Reference Guide"
at the following link: http://www.cisco.com/warp/public/620/1.html
Products Confirmed Not Vulnerable
+--------------------------------
The following products are not affected by this vulnerability:
* Cisco ASA 5500 Series Adaptive Security Appliances
* Cisco IOS XR Software
* Cisco IOS XE Software
No other Cisco products are currently known to be affected by this
vulnerability.
Details
=======
The Cisco IOS SSL VPN feature provides remote access to enterprise
sites to users anywhere on the Internet. The SSL VPN provides users
with secure access to specific enterprise applications, such as
e-mail and web browsing, without requiring them to have VPN client
software installed on their end-user devices. Authentication is not required to exploit this
vulnerability.
A complete TCP 3-way handshake is required to exploit this
vulnerability. The memory leak can be detected by running the command
show tcp brief as shown in the following example:
Router#show tcp brief
TCB Local Address Foreign Address (state)
468BBDC0 192.168.0.22.80 192.168.0.33.19794 CLOSEWAIT
482D4730 192.168.0.22.80 192.168.0.33.22092 CLOSEWAIT
482779A4 192.168.0.22.80 192.168.0.33.16978 CLOSEWAIT
4693DEBC 192.168.0.22.80 192.168.0.33.21580 CLOSEWAIT
482D3418 192.168.0.22.80 192.168.0.33.17244 CLOSEWAIT
482B8ACC 192.168.0.22.80 192.168.0.33.16564 CLOSEWAIT
46954EB0 192.168.0.22.80 192.168.0.33.19532 CLOSEWAIT
468BA9B8 192.168.0.22.80 192.168.0.33.15781 CLOSEWAIT
482908C4 192.168.0.22.80 192.168.0.33.19275 CLOSEWAIT
4829D66C 192.168.0.22.80 192.168.0.33.19314 CLOSEWAIT
468A2D94 192.168.0.22.80 192.168.0.33.14736 CLOSEWAIT
4688F590 192.168.0.22.80 192.168.0.33.18786 CLOSEWAIT
4693CBA4 192.168.0.22.80 192.168.0.33.12176 CLOSEWAIT
4829ABC4 192.168.0.22.80 192.168.0.33.39629 CLOSEWAIT
4691206C 192.168.0.22.80 192.168.0.33.17818 CLOSEWAIT
46868224 192.168.0.22.80 192.168.0.33.16774 CLOSEWAIT
4832BFAC 192.168.0.22.80 192.168.0.33.39883 CLOSEWAIT
482D10CC 192.168.0.22.80 192.168.0.33.13677 CLOSEWAIT
4829B120 192.168.0.22.80 192.168.0.33.20870 CLOSEWAIT
482862FC 192.168.0.22.80 192.168.0.33.17035 CLOSEWAIT
482EC13C 192.168.0.22.80 192.168.0.33.16053 CLOSEWAIT
482901D8 192.168.0.22.80 192.168.0.33.16200 CLOSEWAIT
In the output above, the Transmission Control Blocks (TCBs) in the
state CLOSEWAIT will not transition and represent a memory leak. Note
that only TCP connections with a local TCP port of 80 (the well-known
port for HTTP), as evidenced in the above example by a Local Address
of 192.168.0.22.80, are relevant.
This vulnerability is documented in Cisco bug ID CSCtg21685
and Common Vulnerabilities and Exposures (CVE) identifier
CVE-2010-2836 has been assigned to this vulnerability.
Vulnerability Scoring Details
=============================
Cisco has provided scores for the vulnerability in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of
the vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding
CVSS at
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html
Cisco has also provided a CVSS calculator to help compute the
environmental impact for individual networks at
http://intellishield.cisco.com/security/alertmanager/cvss
CSCtg21685 - SSLVPN : TCP remains stuck in closewait state
CVSS Base Score - 7.8
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Complete
CVSS Temporal Score - 6.4
Exploitability Functional
Remediation Level Official Fix
Report Confidence Confirmed
Impact
======
Successful exploitation of the vulnerability may result in a lack of
available memory resources on the affected device, which could affect
new connections to the device such as SSH and Telnet connections.
Depletion of memory resources may also result in failing of routing
protocols and other services.
Software Versions and Fixes
===========================
When considering software upgrades, also consult
http://www.cisco.com/go/psirt and any subsequent advisories to
determine exposure and a complete upgrade solution.
In all cases, customers should exercise caution to be certain the
devices to be upgraded contain sufficient memory and that current
hardware and software configurations will continue to be supported
properly by the new release. If the information is not clear, contact
the Cisco Technical Assistance Center (TAC) or your contracted
maintenance provider for assistance.
Each row of the following Cisco IOS Software table corresponds to a
Cisco IOS Software train. If a particular train is vulnerable, the
earliest releases that contain the fix are listed in the First Fixed
Release For This Advisory column. The First Fixed Release for All
Advisories in the September 2010 Bundle Publication column lists the
earliest possible releases that correct all the published
vulnerabilities in the Cisco IOS Software Security Advisory bundled
publication. Cisco recommends upgrading to the latest available
release, where possible.
+-------------------------------------------------------------------+
| Major | Availability of Repaired Releases |
| Release | |
|------------+------------------------------------------------------|
| Affected | First Fixed Release | First Fixed Release for All |
| 12.0-Based | for This Advisory | Advisories in the September |
| Releases | | 2010 Bundle Publication |
|-------------------------------------------------------------------|
| There are no affected 12.0 based releases |
|-------------------------------------------------------------------|
| Affected | First Fixed Release | First Fixed Release for All |
| 12.1-Based | for This Advisory | Advisories in the September |
| Releases | | 2010 Bundle Publication |
|-------------------------------------------------------------------|
| There are no affected 12.1 based releases |
|-------------------------------------------------------------------|
| Affected | First Fixed Release | First Fixed Release for All |
| 12.2-Based | for This Advisory | Advisories in the September |
| Releases | | 2010 Bundle Publication |
|-------------------------------------------------------------------|
| There are no affected 12.2 based releases |
|-------------------------------------------------------------------|
| Affected | First Fixed Release | First Fixed Release for All |
| 12.3-Based | for This Advisory | Advisories in the September |
| Releases | | 2010 Bundle Publication |
|-------------------------------------------------------------------|
| There are no affected 12.3 based releases |
|-------------------------------------------------------------------|
| Affected | First Fixed Release | First Fixed Release for All |
| 12.4-Based | for This Advisory | Advisories in the September |
| Releases | | 2010 Bundle Publication |
|------------+----------------------+-------------------------------|
| 12.4 | Not Vulnerable | 12.4(25d) |
|------------+----------------------+-------------------------------|
| 12.4GC | Not Vulnerable | 12.4(24)GC2 |
|------------+----------------------+-------------------------------|
| 12.4JA | Not Vulnerable | Not Vulnerable |
|------------+----------------------+-------------------------------|
| 12.4JDA | Not Vulnerable | Not Vulnerable |
|------------+----------------------+-------------------------------|
| 12.4JDC | Not Vulnerable | Not Vulnerable |
|------------+----------------------+-------------------------------|
| 12.4JDD | Not Vulnerable | Not Vulnerable |
|------------+----------------------+-------------------------------|
| 12.4JHA | Not Vulnerable | Not Vulnerable |
|------------+----------------------+-------------------------------|
| 12.4JHB | Not Vulnerable | Not Vulnerable |
|------------+----------------------+-------------------------------|
| 12.4JK | Not Vulnerable | Not Vulnerable |
|------------+----------------------+-------------------------------|
| 12.4JL | Not Vulnerable | Not Vulnerable |
|------------+----------------------+-------------------------------|
| 12.4JMA | Not Vulnerable | Not Vulnerable |
|------------+----------------------+-------------------------------|
| 12.4JMB | Not Vulnerable | Not Vulnerable |
|------------+----------------------+-------------------------------|
| 12.4JX | Not Vulnerable | Not Vulnerable |
|------------+----------------------+-------------------------------|
| 12.4JY | Not Vulnerable | Not Vulnerable |
|------------+----------------------+-------------------------------|
| 12.4MD | Not Vulnerable | 12.4(24)MD2 |
|------------+----------------------+-------------------------------|
| | | 12.4(22)MDA4 |
| 12.4MDA | Not Vulnerable | |
| | | 12.4(24)MDA1 |
|------------+----------------------+-------------------------------|
| 12.4MR | Not Vulnerable | Vulnerable; first fixed in |
| | | 12.4MRA |
|------------+----------------------+-------------------------------|
| 12.4MRA | Not Vulnerable | 12.4(20)MRA1 |
|------------+----------------------+-------------------------------|
| 12.4SW | Not Vulnerable | Vulnerable; first fixed in |
| | | 12.4T |
|------------+----------------------+-------------------------------|
| | Releases Prior to | |
| | 12.4(15)T13 are not | |
| | vulnerable. First | |
| | fixed 12.4(15)T14 | |
| | | 12.4(15)T14 |
| | Releases Prior to | |
| 12.4T | 12.4(20)T5 are not | 12.4(20)T6 |
| | vulnerable. First | |
| | fixed 12.4(20)T6 | 12.4(24)T4 |
| | | |
| | Releases Prior to | |
| | 12.4(24)T2 are not | |
| | vulnerable. First | |
| | fixed 12.4(24)T4 | |
|------------+----------------------+-------------------------------|
| 12.4XA | Not Vulnerable | Vulnerable; first fixed in |
| | | 12.4T |
|------------+----------------------+-------------------------------|
| 12.4XB | Not Vulnerable | Vulnerable; first fixed in |
| | | 12.4T |
|------------+----------------------+-------------------------------|
| 12.4XC | Not Vulnerable | Vulnerable; first fixed in |
| | | 12.4T |
|------------+----------------------+-------------------------------|
| 12.4XD | Not Vulnerable | Vulnerable; first fixed in |
| | | 12.4T |
|------------+----------------------+-------------------------------|
| | | Releases prior to 12.4(6)XE5 |
| | | are vulnerable, release 12.4 |
| 12.4XE | Not Vulnerable | (6)XE5 and later are not |
| | | vulnerable; first fixed in |
| | | 12.4T |
|------------+----------------------+-------------------------------|
| 12.4XF | Not Vulnerable | Vulnerable; first fixed in |
| | | 12.4T |
|------------+----------------------+-------------------------------|
| 12.4XG | Not Vulnerable | Vulnerable; first fixed in |
| | | 12.4T |
|------------+----------------------+-------------------------------|
| 12.4XJ | Not Vulnerable | Vulnerable; first fixed in |
| | | 12.4T |
|------------+----------------------+-------------------------------|
| 12.4XK | Not Vulnerable | Vulnerable; first fixed in |
| | | 12.4T |
|------------+----------------------+-------------------------------|
| | | Vulnerable; Contact your |
| | | support organization per the |
| 12.4XL | Not Vulnerable | instructions in Obtaining |
| | | Fixed Software section of |
| | | this advisory |
|------------+----------------------+-------------------------------|
| 12.4XM | Not Vulnerable | Vulnerable; first fixed in |
| | | 12.4T |
|------------+----------------------+-------------------------------|
| | | Vulnerable; Contact your |
| | | support organization per the |
| 12.4XN | Not Vulnerable | instructions in Obtaining |
| | | Fixed Software section of |
| | | this advisory |
|------------+----------------------+-------------------------------|
| | | Vulnerable; Contact your |
| | | support organization per the |
| 12.4XP | Not Vulnerable | instructions in Obtaining |
| | | Fixed Software section of |
| | | this advisory |
|------------+----------------------+-------------------------------|
| 12.4XQ | Not Vulnerable | 12.4(15)XQ6; Available on |
| | | 22-SEP-10 |
|------------+----------------------+-------------------------------|
| | | 12.4(15)XR9 |
| 12.4XR | Not Vulnerable | |
| | | 12.4(22)XR7 |
|------------+----------------------+-------------------------------|
| 12.4XT | Not Vulnerable | Vulnerable; first fixed in |
| | | 12.4T |
|------------+----------------------+-------------------------------|
| | | Vulnerable; Contact your |
| | | support organization per the |
| 12.4XV | Not Vulnerable | instructions in Obtaining |
| | | Fixed Software section of |
| | | this advisory |
|------------+----------------------+-------------------------------|
| 12.4XW | Not Vulnerable | Vulnerable; first fixed in |
| | | 12.4T |
|------------+----------------------+-------------------------------|
| 12.4XY | Not Vulnerable | Vulnerable; first fixed in |
| | | 12.4T |
|------------+----------------------+-------------------------------|
| 12.4XZ | Not Vulnerable | Vulnerable; first fixed in |
| | | 12.4T |
|------------+----------------------+-------------------------------|
| 12.4YA | Not Vulnerable | Vulnerable; first fixed in |
| | | 12.4T |
|------------+----------------------+-------------------------------|
| | | Vulnerable; Contact your |
| | | support organization per the |
| 12.4YB | Not Vulnerable | instructions in Obtaining |
| | | Fixed Software section of |
| | | this advisory |
|------------+----------------------+-------------------------------|
| | | Vulnerable; Contact your |
| | | support organization per the |
| 12.4YD | Not Vulnerable | instructions in Obtaining |
| | | Fixed Software section of |
| | | this advisory |
|------------+----------------------+-------------------------------|
| 12.4YE | Not Vulnerable | 12.4(24)YE1 |
|------------+----------------------+-------------------------------|
| 12.4YG | Not Vulnerable | 12.4(24)YG3 |
|------------+----------------------+-------------------------------|
| Affected | First Fixed Release | First Fixed Release for All |
| 15.0-Based | for This Advisory | Advisories in the September |
| Releases | | 2010 Bundle Publication |
|------------+----------------------+-------------------------------|
| 15.0M | 15.0(1)M3 | 15.0(1)M3 |
|------------+----------------------+-------------------------------|
| | Cisco 7600 and 10000 | Cisco 7600 and 10000 Series |
| | Series routers: Not | routers: 15.0(1)S1 (available |
| | vulnerable | early October 2010) |
| 15.0S | | |
| | Please see Cisco | Please see Cisco IOS-XE |
| | IOS-XE Software | Software Availability |
| | Availability | |
|------------+----------------------+-------------------------------|
| 15.0XA | Not Vulnerable | Vulnerable; first fixed in |
| | | 15.1T |
|------------+----------------------+-------------------------------|
| 15.0XO | Not Vulnerable | Not Vulnerable |
|------------+----------------------+-------------------------------|
| Affected | First Fixed Release | First Fixed Release for All |
| 15.1-Based | for This Advisory | Advisories in the September |
| Releases | | 2010 Bundle Publication |
|------------+----------------------+-------------------------------|
| | 15.1(1)T1 | |
| 15.1T | | 15.1(2)T1 |
| | 15.1(2)T0a | |
|------------+----------------------+-------------------------------|
| | Vulnerability | Vulnerable; first fixed in |
| 15.1XB | limited to 15.1(1) | 15.1T |
| | XB1. | |
+-------------------------------------------------------------------+
Cisco IOS XE Software
+--------------------
+-------------------------------------------------------------------+
| Cisco IOS | First Fixed | First Fixed Release for All |
| XE | Release for This | Advisories in the September 2010 |
| Release | Advisory | Bundle Publication |
|-----------+------------------+------------------------------------|
| 2.1.x | Not Vulnerable | Not Vulnerable |
|-----------+------------------+------------------------------------|
| 2.2.x | Not Vulnerable | Not Vulnerable |
|-----------+------------------+------------------------------------|
| 2.3.x | Not Vulnerable | Not Vulnerable |
|-----------+------------------+------------------------------------|
| 2.4.x | Not Vulnerable | Not Vulnerable |
|-----------+------------------+------------------------------------|
| 2.5.x | Not Vulnerable | Vulnerable; migrate to 2.6.2 or |
| | | later |
|-----------+------------------+------------------------------------|
| 2.6.x | Not Vulnerable | 2.6.2 |
|-----------+------------------+------------------------------------|
| 3.1.xS | Not Vulnerable | Not Vulnerable |
+-------------------------------------------------------------------+
For mapping of Cisco IOS XE Software to Cisco IOS Software releases,
please refer to the Cisco IOS XE 2 and Cisco IOS XE 3S Release Notes.
Cisco IOS XR System Software
+---------------------------
Cisco IOS XR Software is not affected by the vulnerabilities
disclosed in the September 22, 2010, Cisco IOS Software Security
Advisory bundled publication.
Workarounds
===========
Disabling HTTP redirection for SSL VPN connections can be used as a
workaround for this vulnerability. HTTP redirection for SSL VPN
connections is disabled by executing the command no http-redirect
port in webvpn gateway configuration mode.
In addition, manually clearing the hung TCBs with the command clear
tcp tcb * will transition the TCBs into a CLOSED state. After a time
they will clear the CLOSED state and the memory will be released.
Note: Clearing the TCB will clear both legitimate and hung
connections, including remote connections to the device such as
Telnet and SSH connections.
The Cisco Applied Mitigation Bulletin (AMB) "Identifying and
Mitigating Exploitation of the TCP State Manipulation Denial of
Service Vulnerabilities in Multiple Cisco Products", available at
http://www.cisco.com/warp/public/707/cisco-amb-20090908-tcp24.shtml,
contains two mitigations (EEM scripts and SNMP) that can be used to
detect and clear hung TCP connections.
Embedded Event Manager (EEM)
+---------------------------
A Cisco IOS Embedded Event Manager (EEM) policy that is based on Tool
Command Language (Tcl) can be used on vulnerable Cisco IOS devices to
identify and detect a hung, extended, or indefinite TCP connection
that is caused by this vulnerability. The policy allows
administrators to monitor TCP connections on a Cisco IOS device. When
Cisco IOS EEM detects potential exploitation of this vulnerability,
the policy can trigger a response by sending a syslog message or a
Simple Network Management Protocol (SNMP) trap to clear the TCP
connection. The example policy provided in this document is based on
a Tcl script that monitors and parses the output from two commands at
defined intervals, produces a syslog message when the monitor
threshold reaches its configured value, and can reset the TCP
connection.
The Tcl script is available for download at the "Cisco Beyond:
Embedded Event Manager (EEM) Scripting Community" at the following
link: http://forums.cisco.com/eforum/servlet/EEM?page=eem&fn=script&scriptId=2041
A sample device configuration is provided below.
!
!-- Location where the Tcl script will be stored
!
event manager directory user policy disk0:/eem
!
!-- Define variable and set the monitoring interval
!-- as an integer (expressed in seconds)
!
event manager environment EEM_MONITOR_INTERVAL 60
!
!-- Define variable and set the threshold value as
!-- an integer for the number of retransmissions
!-- that determine if the TCP connection is hung
!-- (a recommended value to use is 15)
!
event manager environment EEM_MONITOR_THRESHOLD 15
!
!-- Define variable and set the value to "yes" to
!-- enable the clearing of hung TCP connections
!
event manager environment EEM_MONITOR_CLEAR yes
!
!-- Define variable and set to the TCP connection
!-- state or states that script will monitor, which
!-- can be a single state or a space-separated list
!-- of states
!
event manager environment EEM_MONITOR_STATES CLOSEWAIT
!
!-- Register the script as a Cisco EEM policy
!
event manager policy monitor-sockets.tcl
!
For more details, refer to the sections "EEM Detecting And Clearing
Hung TCP Connection" and "Identification: Detecting and Clearing Hung
TCP Connection Using SNMP" of this AMB at the following link:
http://www.cisco.com/warp/public/707/cisco-amb-20090908-tcp24.shtml
Obtaining Fixed Software
========================
Cisco has released free software updates that address these
vulnerabilities. Prior to deploying software, customers should
consult their maintenance provider or check the software for feature
set compatibility and known issues specific to their environment.
Customers may only install and expect support for the feature sets
they have purchased. By installing, downloading, accessing or
otherwise using such software upgrades, customers agree to be bound
by the terms of Cisco's software license terms found at
http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html
or as otherwise set forth at Cisco.com Downloads at
http://www.cisco.com/public/sw-center/sw-usingswc.shtml
Do not contact psirt@cisco.com or security-alert@cisco.com for
software upgrades.
Customers with Service Contracts
+-------------------------------
Customers with contracts should obtain upgraded software through
their regular update channels. For most customers, this means that
upgrades should be obtained through the Software Center on Cisco's
worldwide website at http://www.cisco.com
Customers using Third Party Support Organizations
+------------------------------------------------
Customers whose Cisco products are provided or maintained through
prior or existing agreements with third-party support organizations,
such as Cisco Partners, authorized resellers, or service providers
should contact that support organization for guidance and assistance
with the appropriate course of action in regards to this advisory.
The effectiveness of any workaround or fix is dependent on specific
customer situations, such as product mix, network topology, traffic
behavior, and organizational mission. Due to the variety of affected
products and releases, customers should consult with their service
provider or support organization to ensure any applied workaround or
fix is the most appropriate for use in the intended network before it
is deployed.
Customers without Service Contracts
+----------------------------------
Customers who purchase direct from Cisco but do not hold a Cisco
service contract, and customers who purchase through third-party
vendors but are unsuccessful in obtaining fixed software through
their point of sale should acquire upgrades by contacting the Cisco
Technical Assistance Center (TAC). TAC contacts are as follows.
* +1 800 553 2447 (toll free from within North America)
* +1 408 526 7209 (toll call from anywhere in the world)
* e-mail: tac@cisco.com
Customers should have their product serial number available and be
prepared to give the URL of this notice as evidence of entitlement to
a free upgrade. Free upgrades for non-contract customers must be
requested through the TAC.
Refer to
http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html
for additional TAC contact information, including localized telephone
numbers, and instructions and e-mail addresses for use in various
languages.
Exploitation and Public Announcements
=====================================
The Cisco PSIRT is not aware of any public announcements or malicious
use of the vulnerability described in this advisory.
This vulnerability was found during the troubleshooting of a customer
service request.
Status of this Notice: FINAL
============================
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY
KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS
AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS
DOCUMENT AT ANY TIME.
A stand-alone copy or Paraphrase of the text of this document that
omits the distribution URL in the following section is an
uncontrolled copy, and may lack important information or contain
factual errors.
Distribution
============
This advisory is posted on Cisco's worldwide website at :
http://www.cisco.com/warp/public/707/cisco-sa-20100922-sslvpn.shtml
In addition to worldwide web posting, a text version of this notice
is clear-signed with the Cisco PSIRT PGP key and is posted to the
following e-mail and Usenet news recipients.
* cust-security-announce@cisco.com
* first-bulletins@lists.first.org
* bugtraq@securityfocus.com
* vulnwatch@vulnwatch.org
* cisco@spot.colorado.edu
* cisco-nsp@puck.nether.net
* full-disclosure@lists.grok.org.uk
* comp.dcom.sys.cisco@newsgate.cisco.com
Future updates of this advisory, if any, will be placed on Cisco's
worldwide website, but may or may not be actively announced on
mailing lists or newsgroups. Users concerned about this problem are
encouraged to check the above URL for any updates.
Revision History
================
+-----------------------------------------+
| Revision | | Initial |
| 1.0 | 2010-September-22 | public |
| | | release. |
+-----------------------------------------+
Cisco Security Procedures
=========================
Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and
registering to receive security information from Cisco, is available
on Cisco's worldwide website at
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
This includes instructions for press inquiries regarding Cisco
security notices. All Cisco security advisories are available at
http://www.cisco.com/go/psirt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (Darwin)
iEYEARECAAYFAkyZ/SwACgkQ86n/Gc8U/uBPYgCeOBY4HQKl1sgyp7mu9zl98VNK
w84AoIVgVbW4s5KylgyKFiRAxFVUkiSZ
=eC+N
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
VAR-201009-0125 | CVE-2010-2828 |
Cisco IOS of H.323 Service disruption in implementation (DoS) Vulnerabilities
Related entries in the VARIoT exploits database: VAR-E-201009-0366 |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in the H.323 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 2.5.x before 2.5.2 and 2.6.x before 2.6.1, allows remote attackers to cause a denial of service (device reload) via crafted H.323 packets, aka Bug ID CSCtc73759. Cisco IOS of H.323 For implementation, H.323 Service operation disruption due to incomplete packet processing (DoS) There is a vulnerability that becomes a condition. The problem is Bug ID : CSCtc73759 It is a problem.Skillfully crafted by a third party H.323 Service disruption via packets (DoS) There is a possibility of being put into a state. Cisco IOS is prone to an unspecified remote denial-of-service vulnerability.
An attacker can exploit this issue to cause the affected device to reload, denying service to legitimate users.
This issue is being tracked by Cisco Bug ID CSCtc73759. ----------------------------------------------------------------------
Windows Applications Insecure Library Loading
The Official, Verified Secunia List:
http://secunia.com/advisories/windows_insecure_library_loading/
The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected.
SOLUTION:
Apply updates (please see the vendor's advisory for details).
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
cisco-sa-20100922-h323:
http://www.cisco.com/warp/public/707/cisco-sa-20100922-h323.shtml
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
Cisco has released free software updates that address these
vulnerabilities. There are no workarounds to mitigate these
vulnerabilities other than disabling H.323 on the vulnerable device.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20100922-h323.shtml
Note: The September 22, 2010, Cisco IOS Software Security Advisory
bundled publication includes six Cisco Security Advisories. Five of
the advisories address vulnerabilities in Cisco IOS Software, and one
advisory addresses vulnerabilities in Cisco Unified Communications
Manager. Each advisory lists the releases that correct the
vulnerability or vulnerabilities detailed in the advisory. The table
at the following URL lists releases that correct all Cisco IOS
Software vulnerabilities that have been published on September 22,
2010, or earlier:
http://www.cisco.com/warp/public/707/cisco-sa-20100922-bundle.shtml
Individual publication links are in "Cisco Event Response: Semiannual
Cisco IOS Software Security Advisory Bundled Publication" at the
following link:
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep10.html
Affected Products
=================
These vulnerabilities only affect devices that are running Cisco IOS
Software with H.323 voice services enabled.
Vulnerable Products
+------------------
Cisco devices that are running affected Cisco IOS Software versions
that are configured to process H.323 messages are affected by these
vulnerabilities. H.323 is not enabled by default.
To determine if the Cisco IOS Software device is running H.323
services, issue the show process cpu | include H323 command, as shown
in this example:
Router# show process cpu | include H323
249 16000 3 5333 0.00% 0.00% 0.00% 0 CCH323_CT
250 0 1 0 0.00% 0.00% 0.00% 0 CCH323_DNS
Router#
In the previous example the processes CCH323_CT and CCH323_DNS are
running on the device; therefore, the device is listening to H.323
messages. The device is vulnerable if any of these processes (or
similar) are active.
Note: Creating a dial peer by issuing the dial-peer voice command
will start the H.323 processes, which causes the Cisco IOS device to
process H.323 messages.
To determine the Cisco IOS Software release that is running on a
Cisco product, administrators can log in to the device and issue the
show version command to display the system banner. The system banner
confirms that the device is running Cisco IOS Software by displaying
text similar to "Cisco Internetwork Operating System Software" or
"Cisco IOS Software." The image name displays in parentheses,
followed by "Version" and the Cisco IOS Software release name. Other
Cisco devices do not have the show version command or may provide
different output.
The following example identifies a Cisco product that is running
Cisco IOS Software Release 12.3(26) with an installed image name of
C2500-IS-L:
Router# show version
Cisco Internetwork Operating System Software
IOS (tm) 2500 Software (C2500-IS-L), Version 12.3(26), RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2008 by cisco Systems, Inc.
Compiled Mon 17-Mar-08 14:39 by dchih
!--- output truncated
The following example identifies a Cisco product that is running
Cisco IOS Software Release 12.4(20)T with an installed image name of
C1841-ADVENTERPRISEK9-M:
Router# show version
Cisco IOS Software, 1841 Software (C1841-ADVENTERPRISEK9-M), Version 12.4(20)T,
RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2008 by Cisco Systems, Inc.
Compiled Thu 10-Jul-08 20:25 by prod_rel_team
!--- output truncated
Additional information about Cisco IOS Software release naming
conventions is available in "White Paper: Cisco IOS Reference Guide"
at the following link:
http://www.cisco.com/web/about/security/intelligence/ios-ref.html
Products Confirmed Not Vulnerable
+--------------------------------
Cisco IOS XR Software is not affected by these vulnerabilities.
No other Cisco products are currently known to be affected by these
vulnerabilities.
Details
=======
H.323 is the International Telecommunication Union (ITU) standard for
real-time multimedia communications and conferencing over
packet-based (IP) networks. A subset of the H.323 standard is
H.225.0, a standard that is used for call signaling protocols and
media stream packetization over IP networks. An attacker can exploit these vulnerabilities
remotely by sending crafted H.323 packets to an affected device that
is running Cisco IOS Software. A TCP three-way handshake is required
to exploit these vulnerabilities.
These vulnerabilities are documented in Cisco Bug IDs CSCtc73759 (
registered customers only) and CSCtd33567 ( registered customers
only) , and have been assigned Common Vulnerabilities and Exposures
(CVE) IDs CVE-2010-2828 and CVE-2010-2829, respectively.
Vulnerability Scoring Details
=============================
Cisco has provided scores for the vulnerabilities in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of
the vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding
CVSS at
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html
Cisco has also provided a CVSS calculator to help compute the
environmental impact for individual networks at
http://intellishield.cisco.com/security/alertmanager/cvss
CSCtc73759 - Device crashing upon receipt of specific traffic
CVSS Base Score - 7.8
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Complete
CVSS Temporal Score - 6.4
Exploitability Functional
Remediation Level Official Fix
Report Confidence Confirmed
CSCtd33567 - Traceback seen when receiving crafted H.323 packets
CVSS Base Score - 7.8
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Complete
CVSS Temporal Score - 6.4
Exploitability Functional
Remediation Level Official Fix
Report Confidence Confirmed
Impact
======
Successful exploitation of the vulnerabilities described in this
advisory may cause the affected device to reload. Theses
vulnerabilities could be exploited repeatedly to cause an extended
DoS condition.
Software Versions and Fixes
===========================
When considering software upgrades, also consult
http://www.cisco.com/go/psirt and any subsequent advisories to
determine exposure and a complete upgrade solution.
In all cases, customers should exercise caution to be certain the
devices to be upgraded contain sufficient memory and that current
hardware and software configurations will continue to be supported
properly by the new release. If the information is not clear, contact
the Cisco Technical Assistance Center (TAC) or your contracted
maintenance provider for assistance.
Each row of the following Cisco IOS Software table corresponds to a
Cisco IOS Software train. If a particular train is vulnerable, the
earliest releases that contain the fix are listed in the First Fixed
Release For This Advisory column. The First Fixed Release for All
Advisories in the September 2010 Bundle Publication column lists the
earliest possible releases that correct all the published
vulnerabilities in the Cisco IOS Software Security Advisory bundled
publication. Cisco recommends upgrading to the latest available
release, where possible.
+--------------------------------------------------------------------+
| Major | Availability of Repaired Releases |
| Release | |
|------------+-------------------------------------------------------|
| Affected | | First Fixed Release for |
| 12.0-Based | First Fixed Release for | All Advisories in the |
| Releases | This Advisory | September 2010 Bundle |
| | | Publication |
|--------------------------------------------------------------------|
| There are no affected 12.0-based releases |
|--------------------------------------------------------------------|
| Affected | | First Fixed Release for |
| 12.1-Based | First Fixed Release for | All Advisories in the |
| Releases | This Advisory | September 2010 Bundle |
| | | Publication |
|------------+---------------------------+---------------------------|
| | | Vulnerable; first fixed |
| | | in 12.4T |
| 12.1 | Not Vulnerable | |
| | | Releases up to and |
| | | including 12.1(4b) are |
| | | not vulnerable. |
|------------+---------------------------+---------------------------|
| 12.1AA | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.1AX | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.1AY | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.1AZ | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.1CX | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.1DA | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.1DB | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.1DC | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.1E | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.1EA | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.1EB | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.1EC | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.1EO | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.1EU | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.1EV | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.1EW | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.1EX | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.1EY | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.1EZ | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.1GA | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.1GB | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
| 12.1T | | |
| | Releases up to and | Releases up to and |
| | including 12.1(3a)T8 are | including 12.1(3a)T8 are |
| | not vulnerable. | not vulnerable. |
|------------+---------------------------+---------------------------|
| 12.1XA | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.1XB | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.1XC | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.1XD | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.1XE | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.1XF | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.1XG | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.1XH | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.1XI | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.1XJ | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.1XL | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.1XM | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.1XP | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.1XQ | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.1XR | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
| 12.1XS | | |
| | Releases up to and | Releases up to and |
| | including 12.1(3)XS are | including 12.1(3)XS are |
| | not vulnerable. | not vulnerable. |
|------------+---------------------------+---------------------------|
| | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
| 12.1XT | | |
| | Releases up to and | Releases up to and |
| | including 12.1(2)XT2 are | including 12.1(2)XT2 are |
| | not vulnerable. | not vulnerable. |
|------------+---------------------------+---------------------------|
| 12.1XU | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.1XV | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.1XW | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.1XX | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
| 12.1XY | | |
| | Releases up to and | Releases up to and |
| | including 12.1(4)XY are | including 12.1(4)XY are |
| | not vulnerable. | not vulnerable. |
|------------+---------------------------+---------------------------|
| 12.1XZ | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.1YA | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.1YB | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.1YC | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.1YD | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| | Releases prior to 12.1(5) | Releases prior to 12.1(5) |
| | YE6 are vulnerable, | YE6 are vulnerable, |
| 12.1YE | release 12.1(5)YE6 and | release 12.1(5)YE6 and |
| | later are not vulnerable; | later are not vulnerable; |
| | first fixed in 12.4 | first fixed in 12.4T |
|------------+---------------------------+---------------------------|
| 12.1YF | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.1YH | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.1YI | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+---------------------------|
| 12.1YJ | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| Affected | | First Fixed Release for |
| 12.2-Based | First Fixed Release for | All Advisories in the |
| Releases | This Advisory | September 2010 Bundle |
| | | Publication |
|------------+---------------------------+---------------------------|
| 12.2 | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
| 12.2B | | |
| | Releases up to and | Releases up to and |
| | including 12.2(2)B7 are | including 12.2(2)B7 are |
| | not vulnerable. | not vulnerable. |
|------------+---------------------------+---------------------------|
| 12.2BC | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.2BW | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.2SB | in 12.2SB |
| 12.2BX | | |
| | Releases up to and | Releases up to and |
| | including 12.2(15)BX are | including 12.2(15)BX are |
| | not vulnerable. | not vulnerable. |
|------------+---------------------------+---------------------------|
| | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
| 12.2BY | | |
| | Releases up to and | Releases up to and |
| | including 12.2(2)BY3 are | including 12.2(2)BY3 are |
| | not vulnerable. | not vulnerable. |
|------------+---------------------------+---------------------------|
| 12.2BZ | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.2CX | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.2CY | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2CZ | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+---------------------------|
| 12.2DA | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.2DD | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.2DX | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.2EW | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.2EWA | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.2EX | Vulnerable; migrate to | Not Vulnerable |
| | any release in 12.2SE | |
|------------+---------------------------+---------------------------|
| 12.2EY | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.2EZ | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.2FX | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.2FY | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.2FZ | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2IRA | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+---------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2IRB | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+---------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2IRC | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+---------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2IRD | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+---------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2IRE | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+---------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2IXA | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+---------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2IXB | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+---------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2IXC | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+---------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2IXD | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+---------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2IXE | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+---------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2IXF | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+---------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2IXG | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+---------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2IXH | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+---------------------------+---------------------------|
| 12.2JA | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.2JK | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.2MB | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| | Releases up to and | Releases up to and |
| | including 12.2(15)MC1 are | including 12.2(15)MC1 are |
| | not vulnerable. | not vulnerable. Releases |
| 12.2MC | | 12.2(15)MC2b and later |
| | Releases 12.2(15)MC2b and | are not vulnerable; first |
| | later are not vulnerable; | fixed in 12.4T |
| | first fixed in 12.4 | |
|------------+---------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2MRA | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+---------------------------+---------------------------|
| 12.2MRB | Not Vulnerable | 12.2(33)MRB2 |
|------------+---------------------------+---------------------------|
| | Releases prior to 12.2 | Releases prior to 12.2 |
| 12.2S | (30)S are vulnerable, | (30)S are vulnerable, |
| | release 12.2(30)S and | release 12.2(30)S and |
| | later are not vulnerable | later are not vulnerable |
|------------+---------------------------+---------------------------|
| | 12.2(31)SB19 | 12.2(31)SB19 |
| | | |
| 12.2SB | Releases prior to 12.2 | Releases prior to 12.2 |
| | (33)SB5 are vulnerable, | (33)SB5 are vulnerable, |
| | release 12.2(33)SB5 and | release 12.2(33)SB5 and |
| | later are not vulnerable | later are not vulnerable |
|------------+---------------------------+---------------------------|
| 12.2SBC | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.2SB | in 12.2SB |
|------------+---------------------------+---------------------------|
| 12.2SCA | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.2SCB | in 12.2SCB |
|------------+---------------------------+---------------------------|
| | 12.2(33)SCB10 | |
| | | |
| 12.2SCB | 12.2(33)SCB9 | 12.2(33)SCB9 |
| | | |
| | 12.2(33)SCB8 | |
|------------+---------------------------+---------------------------|
| | 12.2(33)SCC5 | |
| 12.2SCC | | 12.2(33)SCC5 |
| | 12.2(33)SCC4 | |
|------------+---------------------------+---------------------------|
| | 12.2(33)SCD3 | |
| 12.2SCD | | 12.2(33)SCD3 |
| | 12.2(33)SCD4 | |
|------------+---------------------------+---------------------------|
| 12.2SE | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.2SEA | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.2SEB | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.2SEC | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.2SED | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.2SEE | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.2SEF | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.2SEG | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| | Releases prior to 12.2 | Releases prior to 12.2 |
| | (40)SG are vulnerable, | (40)SG are vulnerable, |
| 12.2SG | release 12.2(40)SG and | release 12.2(40)SG and |
| | later are not vulnerable; | later are not vulnerable; |
| | migrate to any release in | migrate to any release in |
| | 12.2SGA | 12.2SGA |
|------------+---------------------------+---------------------------|
| 12.2SGA | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.2SL | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.2SM | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.2SO | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.2SQ | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| | Releases prior to 12.2 | Releases prior to 12.2 |
| 12.2SRA | (33)SRA6 are vulnerable, | (33)SRA6 are vulnerable, |
| | release 12.2(33)SRA6 and | release 12.2(33)SRA6 and |
| | later are not vulnerable | later are not vulnerable |
|------------+---------------------------+---------------------------|
| | Releases prior to 12.2 | Releases prior to 12.2 |
| 12.2SRB | (33)SRB1 are vulnerable, | (33)SRB1 are vulnerable, |
| | release 12.2(33)SRB1 and | release 12.2(33)SRB1 and |
| | later are not vulnerable | later are not vulnerable |
|------------+---------------------------+---------------------------|
| 12.2SRC | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.2SRD | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.2SRE | Not Vulnerable | 12.2(33)SRE1 |
|------------+---------------------------+---------------------------|
| 12.2STE | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.2SU | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| | Releases prior to 12.2 | Releases prior to 12.2 |
| | (29b)SV1 are vulnerable, | (29b)SV1 are vulnerable, |
| 12.2SV | release 12.2(29b)SV1 and | release 12.2(29b)SV1 and |
| | later are not vulnerable; | later are not vulnerable; |
| | migrate to any release in | migrate to any release in |
| | 12.2SVD | 12.2SVD |
|------------+---------------------------+---------------------------|
| 12.2SVA | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.2SVC | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.2SVD | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.2SVE | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| | Releases up to and | Releases up to and |
| | including 12.2(21)SW1 are | including 12.2(21)SW1 are |
| | not vulnerable. | not vulnerable. Releases |
| 12.2SW | | 12.2(25)SW12 and later |
| | Releases 12.2(25)SW12 and | are not vulnerable; first |
| | later are not vulnerable; | fixed in 12.4T |
| | first fixed in 12.4T | |
|------------+---------------------------+---------------------------|
| | | Releases up to and |
| 12.2SX | Not Vulnerable | including 12.2(14)SX2 are |
| | | not vulnerable. |
|------------+---------------------------+---------------------------|
| | Releases prior to 12.2 | Vulnerable; Contact your |
| | (17b)SXA2 are vulnerable, | support organization per |
| 12.2SXA | release 12.2(17b)SXA2 and | the instructions in |
| | later are not vulnerable | Obtaining Fixed Software |
| | | section of this advisory |
|------------+---------------------------+---------------------------|
| | Releases prior to 12.2 | Vulnerable; Contact your |
| | (17d)SXB7 are vulnerable, | support organization per |
| 12.2SXB | release 12.2(17d)SXB7 and | the instructions in |
| | later are not vulnerable; | Obtaining Fixed Software |
| | migrate to any release in | section of this advisory |
| | 12.2SXE | |
|------------+---------------------------+---------------------------|
| | Releases prior to 12.2 | Vulnerable; Contact your |
| | (18)SXD2 are vulnerable, | support organization per |
| 12.2SXD | release 12.2(18)SXD2 and | the instructions in |
| | later are not vulnerable | Obtaining Fixed Software |
| | | section of this advisory |
|------------+---------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2SXE | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+---------------------------+---------------------------|
| | Only 12.2(18)SXF7 and | Releases prior to 12.2 |
| 12.2SXF | 12.2(18)SXF8 are | (18)SXF11 are vulnerable, |
| | vulnerable | release 12.2(18)SXF11 and |
| | | later are not vulnerable |
|------------+---------------------------+---------------------------|
| 12.2SXH | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.2SXI | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| | Vulnerable; Contact your | |
| | support organization per | |
| 12.2SY | the instructions in | Not Vulnerable |
| | Obtaining Fixed Software | |
| | section of this advisory | |
|------------+---------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2SZ | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+---------------------------|
| 12.2T | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2TPC | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+---------------------------|
| | Vulnerable; first fixed | |
| | in 12.4 | |
| 12.2XA | | Vulnerable; first fixed |
| | Releases up to and | in 12.4T |
| | including 12.2(1)XA are | |
| | not vulnerable. | |
|------------+---------------------------+---------------------------|
| 12.2XB | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.2XC | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.2XD | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.2XE | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.2XF | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.2XG | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.2XH | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.2XI | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.2XJ | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.2XK | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.2XL | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.2XM | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| | Releases prior to 12.2 | |
| | (33)XN1 are vulnerable, | Vulnerable; first fixed |
| 12.2XN | release 12.2(33)XN1 and | in 12.2SB |
| | later are not vulnerable; | |
| | first fixed in 12.2SB | |
|------------+---------------------------+---------------------------|
| 12.2XNA | Please see Cisco IOS-XE | Please see Cisco IOS-XE |
| | Software Availability | Software Availability |
|------------+---------------------------+---------------------------|
| 12.2XNB | Please see Cisco IOS-XE | Please see Cisco IOS-XE |
| | Software Availability | Software Availability |
|------------+---------------------------+---------------------------|
| 12.2XNC | Please see Cisco IOS-XE | Please see Cisco IOS-XE |
| | Software Availability | Software Availability |
|------------+---------------------------+---------------------------|
| 12.2XND | Please see Cisco IOS-XE | Please see Cisco IOS-XE |
| | Software Availability | Software Availability |
|------------+---------------------------+---------------------------|
| 12.2XNE | Please see Cisco IOS-XE | Please see Cisco IOS-XE |
| | Software Availability | Software Availability |
|------------+---------------------------+---------------------------|
| 12.2XNF | Please see Cisco IOS-XE | Please see Cisco IOS-XE |
| | Software Availability | Software Availability |
|------------+---------------------------+---------------------------|
| 12.2XO | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.2XQ | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.2XR | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.2XS | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.2XT | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.2XU | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.2XV | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.2XW | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.2YA | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2YB | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2YC | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2YD | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2YE | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2YF | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+---------------------------|
| 12.2YG | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2YH | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2YJ | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2YK | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2YL | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+---------------------------|
| 12.2YM | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2YN | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+---------------------------|
| | Vulnerable; Contact your | |
| | support organization per | |
| 12.2YO | the instructions in | Not Vulnerable |
| | Obtaining Fixed Software | |
| | section of this advisory | |
|------------+---------------------------+---------------------------|
| 12.2YP | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.2YQ | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.2YR | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.2YS | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2YT | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2YU | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+---------------------------|
| | Releases prior to 12.2 | Releases prior to 12.2 |
| 12.2YV | (11)YV1 are vulnerable, | (11)YV1 are vulnerable, |
| | release 12.2(11)YV1 and | release 12.2(11)YV1 and |
| | later are not vulnerable | later are not vulnerable |
|------------+---------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2YW | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2YX | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2YY | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2YZ | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+---------------------------|
| 12.2ZA | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| | Releases up to and | Releases up to and |
| 12.2ZB | including 12.2(8)ZB are | including 12.2(8)ZB are |
| | not vulnerable. | not vulnerable. |
|------------+---------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2ZC | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2ZD | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+---------------------------|
| 12.2ZE | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.2ZF | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.2ZG | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.2ZH | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2ZJ | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2ZL | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2ZP | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+---------------------------|
| | Vulnerable; migrate to | Vulnerable; Contact your |
| | any release in 12.2SXH | support organization per |
| 12.2ZU | | the instructions in |
| | Releases up to and | Obtaining Fixed Software |
| | including 12.2(18)ZU are | section of this advisory |
| | not vulnerable. | |
|------------+---------------------------+---------------------------|
| 12.2ZX | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2ZY | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+---------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2ZYA | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+---------------------------+---------------------------|
| Affected | | First Fixed Release for |
| 12.3-Based | First Fixed Release for | All Advisories in the |
| Releases | This Advisory | September 2010 Bundle |
| | | Publication |
|------------+---------------------------+---------------------------|
| 12.3 | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.3B | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.3BC | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.3BW | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.3EU | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.3JA | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.3JEA | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.3JEB | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.3JEC | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.3JED | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| | Releases up to and | Releases up to and |
| | including 12.3(2)JK3 are | including 12.3(2)JK3 are |
| | not vulnerable. | not vulnerable. Releases |
| 12.3JK | | 12.3(8)JK1 and later are |
| | Releases 12.3(8)JK1 and | not vulnerable; first |
| | later are not vulnerable; | fixed in 12.4T |
| | first fixed in 12.4 | |
|------------+---------------------------+---------------------------|
| 12.3JL | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.3JX | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.3T | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | Releases up to and | support organization per |
| 12.3TPC | including 12.3(4)TPC11a | the instructions in |
| | are not vulnerable. | Obtaining Fixed Software |
| | | section of this advisory |
|------------+---------------------------+---------------------------|
| 12.3VA | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+---------------------------+---------------------------|
| | Releases prior to 12.3(2) | |
| | XA7 are vulnerable, | Vulnerable; first fixed |
| 12.3XA | release 12.3(2)XA7 and | in 12.4T |
| | later are not vulnerable; | |
| | first fixed in 12.4 | |
|------------+---------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.3XB | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+---------------------------|
| 12.3XC | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.3XD | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.3XE | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.3XF | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+---------------------------|
| 12.3XG | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| | Releases prior to 12.3(7) | Releases prior to 12.3(7) |
| | XI11 are vulnerable, | XI11 are vulnerable, |
| 12.3XI | release 12.3(7)XI11 and | release 12.3(7)XI11 and |
| | later are not vulnerable; | later are not vulnerable; |
| | first fixed in 12.2SB | first fixed in 12.2SB |
|------------+---------------------------+---------------------------|
| 12.3XJ | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.3YX | in 12.4XR |
|------------+---------------------------+---------------------------|
| 12.3XK | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.3XL | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.3XQ | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.3XR | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.3XS | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+---------------------------+---------------------------|
| | Vulnerable; first fixed | |
| | in 12.4T | |
| 12.3XU | | Vulnerable; first fixed |
| | Releases up to and | in 12.4T |
| | including 12.3(8)XU1 are | |
| | not vulnerable. | |
|------------+---------------------------+---------------------------|
| 12.3XW | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.3YX | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.3XX | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.3XY | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.3XZ | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4 | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.3YA | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.3YD | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.3YF | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.3YX | in 12.4XR |
|------------+---------------------------+---------------------------|
| 12.3YG | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.3YH | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.3YI | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.3YJ | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+---------------------------+---------------------------|
| | Releases prior to 12.3 | |
| | (11)YK3 are vulnerable, | Vulnerable; first fixed |
| 12.3YK | release 12.3(11)YK3 and | in 12.4T |
| | later are not vulnerable; | |
| | first fixed in 12.4T | |
|------------+---------------------------+---------------------------|
| 12.3YM | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.3YQ | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+---------------------------+---------------------------|
| | Vulnerable; first fixed | |
| | in 12.4T | |
| 12.3YS | | Vulnerable; first fixed |
| | Releases up to and | in 12.4T |
| | including 12.3(11)YS1 are | |
| | not vulnerable. | |
|------------+---------------------------+---------------------------|
| 12.3YT | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.3YU | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.3YX | 12.3(14)YX17 | Vulnerable; first fixed |
| | | in 12.4XR |
|------------+---------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.3YZ | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+---------------------------|
| 12.3ZA | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+---------------------------+---------------------------|
| Affected | | First Fixed Release for |
| 12.4-Based | First Fixed Release for | All Advisories in the |
| Releases | This Advisory | September 2010 Bundle |
| | | Publication |
|------------+---------------------------+---------------------------|
| 12.4 | 12.4(25d) | 12.4(25d) |
|------------+---------------------------+---------------------------|
| 12.4GC | 12.4(24)GC2 | 12.4(24)GC2 |
|------------+---------------------------+---------------------------|
| 12.4JA | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.4JDA | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.4JDC | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.4JDD | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.4JHA | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.4JHB | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.4JK | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.4JL | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.4JMA | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.4JMB | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.4JX | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.4JY | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| 12.4MD | Not Vulnerable | 12.4(24)MD2 |
|------------+---------------------------+---------------------------|
| 12.4MDA | 12.4(22)MDA4 | 12.4(22)MDA4 |
|------------+---------------------------+---------------------------|
| 12.4MR | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4MRA | in 12.4MRA |
|------------+---------------------------+---------------------------|
| 12.4MRA | 12.4(20)MRA1 | 12.4(20)MRA1 |
|------------+---------------------------+---------------------------|
| | Releases prior to 12.4 | |
| | (15)SW6 are vulnerable, | Vulnerable; first fixed |
| 12.4SW | release 12.4(15)SW6 and | in 12.4T |
| | later are not vulnerable; | |
| | first fixed in 12.4T | |
|------------+---------------------------+---------------------------|
| | 12.4(15)T14 | 12.4(15)T14 |
| | | |
| 12.4T | 12.4(20)T6 | 12.4(20)T6 |
| | | |
| | 12.4(24)T4 | 12.4(24)T4 |
|------------+---------------------------+---------------------------|
| 12.4XA | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.4XB | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.4XC | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.4XD | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+---------------------------+---------------------------|
| | Releases prior to 12.4(6) | Releases prior to 12.4(6) |
| | XE5 are vulnerable, | XE5 are vulnerable, |
| 12.4XE | release 12.4(6)XE5 and | release 12.4(6)XE5 and |
| | later are not vulnerable; | later are not vulnerable; |
| | first fixed in 12.4T | first fixed in 12.4T |
|------------+---------------------------+---------------------------|
| 12.4XF | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+---------------------------+---------------------------|
| | Releases prior to 12.4(9) | |
| | XG5 are vulnerable, | Vulnerable; first fixed |
| 12.4XG | release 12.4(9)XG5 and | in 12.4T |
| | later are not vulnerable; | |
| | first fixed in 12.4T | |
|------------+---------------------------+---------------------------|
| 12.4XJ | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.4XK | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+---------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.4XL | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+---------------------------|
| | Releases prior to 12.4 | |
| | (15)XM3 are vulnerable, | Vulnerable; first fixed |
| 12.4XM | release 12.4(15)XM3 and | in 12.4T |
| | later are not vulnerable; | |
| | first fixed in 12.4T | |
|------------+---------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.4XN | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.4XP | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+---------------------------|
| | Releases up to and | |
| | including 12.4(15)XQ are | |
| | not vulnerable. | 12.4(15)XQ6; Available on |
| 12.4XQ | | 22-SEP-10 |
| | Releases 12.4(15)XQ6 and | |
| | later are not vulnerable; | |
| | first fixed in 12.4T | |
|------------+---------------------------+---------------------------|
| | | 12.4(15)XR9 |
| 12.4XR | Not Vulnerable | |
| | | 12.4(22)XR7 |
|------------+---------------------------+---------------------------|
| 12.4XT | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+---------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.4XV | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+---------------------------|
| 12.4XW | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.4XY | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.4XZ | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+---------------------------+---------------------------|
| 12.4YA | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 12.4T | in 12.4T |
|------------+---------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.4YB | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.4YD | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+---------------------------|
| | Releases prior to 12.4 | |
| | (24)YE1 are vulnerable, | |
| 12.4YE | release 12.4(24)YE1 and | 12.4(24)YE1 |
| | later are not vulnerable; | |
| | first fixed in 12.4T | |
|------------+---------------------------+---------------------------|
| 12.4YG | 12.4(24)YG3 | 12.4(24)YG3 |
|------------+---------------------------+---------------------------|
| Affected | | First Fixed Release for |
| 15.0-Based | First Fixed Release for | All Advisories in the |
| Releases | This Advisory | September 2010 Bundle |
| | | Publication |
|------------+---------------------------+---------------------------|
| 15.0M | 15.0(1)M3 | 15.0(1)M3 |
|------------+---------------------------+---------------------------|
| | Cisco 7600 and 10000 | Cisco 7600 and 10000 |
| | Series routers: Not | Series routers: 15.0(1)S1 |
| | Vulnerable | (available early October |
| | | 2010) |
| 15.0S | Cisco ASR 1000 Series | |
| | routes: Please see Cisco | Cisco ASR 1000 Series |
| | IOS-XE Software | routes: Please see Cisco |
| | Availability | IOS-XE Software |
| | | Availability |
|------------+---------------------------+---------------------------|
| 15.0XA | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 15.1T | in 15.1T |
|------------+---------------------------+---------------------------|
| 15.0XO | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+---------------------------|
| Affected | | First Fixed Release for |
| 15.1-Based | First Fixed Release for | All Advisories in the |
| Releases | This Advisory | September 2010 Bundle |
| | | Publication |
|------------+---------------------------+---------------------------|
| | 15.1(1)T1 | |
| 15.1T | | 15.1(2)T1 |
| | 15.1(2)T0a | |
|------------+---------------------------+---------------------------|
| 15.1XB | Vulnerable; first fixed | Vulnerable; first fixed |
| | in 15.1T | in 15.1T |
+--------------------------------------------------------------------+
Cisco IOS XE Software
+--------------------
+-------------------------------------------------------------------+
| Cisco IOS | First Fixed | First Fixed Release for All |
| XE | Release for This | Advisories in the September 2010 |
| Release | Advisory | Bundle Publication |
|-----------+------------------+------------------------------------|
| 2.1.x | Not Vulnerable | Not Vulnerable |
|-----------+------------------+------------------------------------|
| 2.2.x | Not Vulnerable | Not Vulnerable |
|-----------+------------------+------------------------------------|
| 2.3.x | Not Vulnerable | Not Vulnerable |
|-----------+------------------+------------------------------------|
| 2.4.x | Not Vulnerable | Not Vulnerable |
|-----------+------------------+------------------------------------|
| 2.5.x | 2.5.2 | Vulnerable; migrate to 2.6.2 or |
| | | later |
|-----------+------------------+------------------------------------|
| 2.6.x | 2.6.1 | 2.6.2 |
|-----------+------------------+------------------------------------|
| 3.1.xS | Not Vulnerable | Not Vulnerable |
+-------------------------------------------------------------------+
For mapping of Cisco IOS XE to Cisco IOS releases, please refer to
the Cisco IOS XE 2 and Cisco IOS XE 3S Release Notes.
Workarounds
===========
There are no workarounds to mitigate these vulnerabilities apart from
disabling H.323 if the Cisco IOS device does not require it. Applying
access lists on interfaces that should not accept H.323 traffic and
placing firewalls in strategic locations may greatly reduce exposure
until an upgrade can be performed.
Cisco provides Solution Reference Network Design (SRND) guides to
help design and deploy networking solutions, which can be found at
http://www.cisco.com/go/srnd Voice Security best practices are
covered in the Cisco Unified Communications SRND Based on Cisco
Unified Communications Manager 6.x at
http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/srnd/6x/security.html
To disable all H.323 call processing, administrators can issue the
call service stop forced command under the voice service voip mode,
as shown in this example:
voice service voip
h323
call service stop forced
Note: The call service stop forced command disables all H.323 call
processing.
Additional mitigations that can be deployed on Cisco devices within
the network are available in the companion document "Cisco Applied
Mitigation Bulletin: Identifying and Mitigating Exploitation of the
Multiple Vulnerabilities in Cisco Voice Products", which is available
at the following location:
http://www.cisco.com/warp/public/707/cisco-amb-20100922-voice.shtml
Obtaining Fixed Software
========================
Cisco has released free software updates that address these
vulnerabilities. Prior to deploying software, customers should
consult their maintenance provider or check the software for feature
set compatibility and known issues specific to their environment.
Customers may only install and expect support for the feature sets
they have purchased. By installing, downloading, accessing or
otherwise using such software upgrades, customers agree to be bound
by the terms of Cisco's software license terms found at
http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html
or as otherwise set forth at Cisco.com Downloads at
http://www.cisco.com/public/sw-center/sw-usingswc.shtml
Do not contact psirt@cisco.com or security-alert@cisco.com for
software upgrades.
Customers with Service Contracts
+-------------------------------
Customers with contracts should obtain upgraded software through
their regular update channels. For most customers, this means that
upgrades should be obtained through the Software Center on Cisco's
worldwide website at http://www.cisco.com
Customers using Third Party Support Organizations
+------------------------------------------------
Customers whose Cisco products are provided or maintained through
prior or existing agreements with third-party support organizations,
such as Cisco Partners, authorized resellers, or service providers
should contact that support organization for guidance and assistance
with the appropriate course of action in regards to this advisory.
The effectiveness of any workaround or fix is dependent on specific
customer situations, such as product mix, network topology, traffic
behavior, and organizational mission. Due to the variety of affected
products and releases, customers should consult with their service
provider or support organization to ensure any applied workaround or
fix is the most appropriate for use in the intended network before it
is deployed.
Customers without Service Contracts
+----------------------------------
Customers who purchase direct from Cisco but do not hold a Cisco
service contract, and customers who purchase through third-party
vendors but are unsuccessful in obtaining fixed software through
their point of sale should acquire upgrades by contacting the Cisco
Technical Assistance Center (TAC). TAC contacts are as follows.
* +1 800 553 2447 (toll free from within North America)
* +1 408 526 7209 (toll call from anywhere in the world)
* e-mail: tac@cisco.com
Customers should have their product serial number available and be
prepared to give the URL of this notice as evidence of entitlement to
a free upgrade. Free upgrades for non-contract customers must be
requested through the TAC.
Refer to
http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html
for additional TAC contact information, including localized telephone
numbers, and instructions and e-mail addresses for use in various
languages.
Exploitation and Public Announcements
=====================================
The Cisco PSIRT is not aware of any public announcements or malicious
use of the vulnerabilities described in this advisory.
These vulnerabilities were found during Cisco internal testing.
Status of this Notice: FINAL
============================
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY
KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS
AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS
DOCUMENT AT ANY TIME.
A stand-alone copy or Paraphrase of the text of this document that
omits the distribution URL in the following section is an
uncontrolled copy, and may lack important information or contain
factual errors.
Distribution
============
This advisory is posted on Cisco's worldwide website at :
http://www.cisco.com/warp/public/707/cisco-sa-2010922-h323.shtml
In addition to worldwide web posting, a text version of this notice
is clear-signed with the Cisco PSIRT PGP key and is posted to the
following e-mail and Usenet news recipients.
* cust-security-announce@cisco.com
* first-bulletins@lists.first.org
* bugtraq@securityfocus.com
* vulnwatch@vulnwatch.org
* cisco@spot.colorado.edu
* cisco-nsp@puck.nether.net
* full-disclosure@lists.grok.org.uk
* comp.dcom.sys.cisco@newsgate.cisco.com
Future updates of this advisory, if any, will be placed on Cisco's
worldwide website, but may or may not be actively announced on
mailing lists or newsgroups. Users concerned about this problem are
encouraged to check the above URL for any updates.
Revision History
================
+-----------------------------------------+
| Revision | | Initial |
| 1.0 | 2010-September-22 | public |
| | | release. |
+-----------------------------------------+
Cisco Security Procedures
=========================
Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and
registering to receive security information from Cisco, is available
on Cisco's worldwide website at
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
This includes instructions for press inquiries regarding Cisco
security notices. All Cisco security advisories are available at
http://www.cisco.com/go/psirt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (Darwin)
iEYEARECAAYFAkyZ/SoACgkQ86n/Gc8U/uCR8ACfbSQwX1PMeEwUVJWTSeGDtyrW
jTMAnRuYshIzCis7CHMiORtLxeSKi80b
=B67E
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/