VARIoT IoT vulnerabilities database

Cisco Unified Communications Manager (aka CUCM, formerly CallManager) before 6.1(1) allows remote attackers to cause a denial of service (voice-services outage) via a malformed header in a SIP message, aka Bug ID CSCsi46466. Cisco Unified Communications Manager There is a service disruption (DoS) There is a vulnerability that becomes a condition. An attacker can exploit these issues to cause denial-of-service conditions in the affected application. These issues are documented by these Cisco bug IDs: CSCsi46466 CSCsz40392 CSCsq22534 CSCsx32236 CSCsx23689. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. SOLUTION: Contact the vendor for more information (see vendor advisory for details). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . The Session Initiation Protocol (SIP) and Skinny Client Control Protocol (SCCP) services are affected by these vulnerabilities. There are no workarounds for these vulnerabilities. No other Cisco products are currently known to be affected by these vulnerabilities. Details ======= Cisco Unified Communications Manager is the call processing component of the Cisco IP Telephony solution that extends enterprise telephony features and functions to packet telephony network devices, such as IP phones, media processing devices, VoIP gateways, and multimedia applications. Each vulnerability is triggered by a malformed SIP message that could cause a critical process to fail, resulting in the disruption of voice services. All SIP ports (TCP 5060 and 5061, UDP 5060 and 5061) are affected by these vulnerabilities. To mitigate against this vulnerability, administrators are advised to restrict access to TCP and UDP port 5060 on vulnerable Cisco Unified Communications Manager 4.x systems that are configured to use SIP trunks with screening devices to valid SIP trunk end points. The second SIP DoS vulnerability is documented in Cisco Bug ID CSCsz40392 and has been assigned the CVE identifier CVE-2009-2051. By establishing many TCP connections with a vulnerable system, an attacker could overwhelm the operating system table that is used to track network connections and prevent new connections from being established to system services. Any service that listens to a TCP port on a vulnerable system could be affected by this vulnerability, including SIP and SCCP. By flooding a vulnerable system with many TCP packets, an attacker could exhaust operating system file descriptors that cause the SIP port (TCP 5060 and 5061) and SCCP port (TCP 2000 and 2443) to close. This action could prevent new connections from being established to the SIP and SCCP services. SIP UDP (5060 and 5061) ports are not affected. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss CSCsi46466 - CM 6.1 SDL router services dead when receiving abnormal CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed CSCsz40392 - CCM: Coredump in sipSafeStrlen from malicious INVITE Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed CSCsq22534 - IP_Conntrack Fills Up During TCP Flood Attack Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed CSCsx32236 - SCCP Port Closed in Response to FD Resource Exhaustion Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed CSCsx23689 - SIP Port Closed in Response to FD Resource Exhaustion Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== Successful exploitation of the vulnerabilities described in this advisory could result in the interruption of voice services. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. Administrators can mitigate the SCCP- and SIP-related vulnerabilities by implementing filtering on screening devices to permit access to TCP ports 2000 and 2443, and TCP and UDP ports 5060 and 5061 only from networks that need SCCP and SIP access to Cisco Unified Communications Manager servers. Additional mitigation techniques that can be deployed on Cisco devices within the network are available in the Cisco Applied Mitigation Bulletin companion document for this advisory: http://www.cisco.com/warp/public/707/cisco-amb-20090826-cucm.shtml Obtaining Fixed Software ======================== Cisco has released free software updates for select Cisco Unified Communications Manager versions that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at: http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html or as otherwise set forth at Cisco.com Downloads at: http://www.cisco.com/public/sw-center/sw-usingswc.shtml Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers who are concerned about the availability of fixed software for this vulnerability in these releases should contact the following email address: cucm-august26-inquiry@cisco.com Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to: http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory. The vulnerabilities were discovered by Cisco. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20090826-cucm.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +---------------------------------------+ | Revision | | Initial | | 1.0 | 2009-August-26 | public | | | | release. | +---------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at: http://www.cisco.com/go/psirt -----BEGIN PGP SIGNATURE----- iD8DBQFKlVmL86n/Gc8U/uARAv5YAJ9Qo8XGM9LvJWJ6AvVGQ0DvQ1v1KQCgg8vf x3d5mwP1SWPEvIGzoXffuBc= =oqg/ -----END PGP SIGNATURE----- . For more information: SA36495 SA36498 SOLUTION: Update to version 6.1(4) or 7.1(2a)SU1

Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), and 7.x before 7.1(2) allow remote attackers to cause a denial of service (device reload or voice-services outage) via a malformed SIP INVITE message that triggers an improper call to the sipSafeStrlen function, aka Bug IDs CSCsz40392 and CSCsz43987. plural Cisco The product includes SIP Service operation is interrupted due to incomplete processing (DoS) There is a vulnerability that becomes a condition. The problem is Bug IDs CSCsz40392 and CSCsz43987 It is a problem.Unauthorized by a third party SIP INVITE Via message sipSafeStrlen Inappropriate call to function is triggered, causing service disruption (DoS) There is a possibility of being put into a state. Cisco Unified Communications Manager is prone to multiple denial-of-service vulnerabilities. An attacker can exploit these issues to cause denial-of-service conditions in the affected application. These issues are documented by these Cisco bug IDs: CSCsi46466 CSCsz40392 CSCsq22534 CSCsx32236 CSCsx23689. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. SOLUTION: Update to version 5.1(3g) (reportedly available in early September 2009). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities Advisory ID: cisco-sa-20100922-sip http://www.cisco.com/warp/public/707/cisco-sa-20100922-sip.shtml Revision 1.0 For Public Release 2010 September 22 1600 UTC (GMT) - --------------------------------------------------------------------- Summary ======= Multiple vulnerabilities exist in the Session Initiation Protocol (SIP) implementation in Cisco IOS^ Software that could allow an unauthenticated, remote attacker to cause a reload of an affected device when SIP operation is enabled. Cisco has released free software updates that address these vulnerabilities. There are no workarounds for devices that must run SIP; however, mitigations are available to limit exposure to the vulnerabilities. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20100922-sip.shtml Note: The September 22, 2010, Cisco IOS Software Security Advisory bundled publication includes six Cisco Security Advisories. Each advisory lists the releases that correct the vulnerability or vulnerabilities detailed in the advisory. The table at the following URL lists releases that correct all Cisco IOS Software vulnerabilities that have been published on September 22, 2010, or earlier: http://www.cisco.com/warp/public/707/cisco-sa-20100922-bundle.shtml Individual publication links are in "Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication" at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep10.html Cisco Unified Communications Manager (CUCM) is affected by the vulnerabilities described in this advisory. Vulnerable Products +------------------ Cisco devices are affected when they are running affected Cisco IOS Software versions that are configured to process SIP messages. Recent versions of Cisco IOS Software do not process SIP messages by default. Creating a dial peer by issuing the dial-peer voice command will start the SIP processes, causing the Cisco IOS device to process SIP messages. In addition, several features within Cisco Unified Communications Manager Express, such as ePhones, will also automatically start the SIP process when they are configured, causing the device to start processing SIP messages. An example of an affected configuration follows: dial-peer voice <Voice dial-peer tag> voip ... ! In addition to inspecting the Cisco IOS device configuration for a dial-peer command that causes the device to process SIP messages, administrators can also use the show processes | include SIP command to determine whether Cisco IOS Software is running the processes that handle SIP messages. In the following example, the presence of the processes CCSIP_UDP_SOCKET or CCSIP_TCP_SOCKET indicates that the Cisco IOS device will process SIP messages: Router# show processes | include SIP 149 Mwe 40F48254 4 1 400023108/24000 0 CCSIP_UDP_SOCKET 150 Mwe 40F48034 4 1 400023388/24000 0 CCSIP_TCP_SOCKET Note: Because there are several ways a device running Cisco IOS Software can start processing SIP messages, it is recommended that the show processes | include SIP command be used to determine whether the device is processing SIP messages instead of relying on the presence of specific configuration commands. Note: The Cisco Unified Border Element feature (previously known as the Cisco Multiservice IP-to-IP Gateway) is a special Cisco IOS Software image that runs on Cisco multiservice gateway platforms. It provides a network-to-network interface point for billing, security, call admission control, quality of service, and signaling interworking. To determine the Cisco IOS Software release that is running on a Cisco product, administrators can log in to the device and issue the show version command to display the system banner. The system banner confirms that the device is running Cisco IOS Software by displaying text similar to "Cisco Internetwork Operating System Software" or "Cisco IOS Software." The image name displays in parentheses, followed by "Version" and the Cisco IOS Software release name. Other Cisco devices do not have the show version command or may provide different output. The following example identifies a Cisco product that is running Cisco IOS Software Release 12.3(26) with an installed image name of C2500-IS-L: Router# show version Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-IS-L), Version 12.3(26), RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2008 by cisco Systems, Inc. Compiled Mon 17-Mar-08 14:39 by dchih !--- output truncated The following example identifies a Cisco product that is running Cisco IOS Software Release 12.4(20)T with an installed image name of C1841-ADVENTERPRISEK9-M: Router# show version Cisco IOS Software, 1841 Software (C1841-ADVENTERPRISEK9-M), Version 12.4(20)T, RELEASE SOFTWARE (fc3) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2008 by Cisco Systems, Inc. Compiled Thu 10-Jul-08 20:25 by prod_rel_team !--- output truncated Additional information about Cisco IOS Software release naming conventions is available in "White Paper: Cisco IOS Reference Guide" at the following link: http://www.cisco.com/warp/public/620/1.html Note: CUCM is affected by the vulnerabilities described in this advisory. Two separate Cisco Security Advisories have been published to disclose the vulnerabilities that affect the Cisco Unified Communications Manager at the following locations: http://www.cisco.com/warp/public/707/cisco-sa-20090826-cucm.shtml http://www.cisco.com/warp/public/707/cisco-sa-20100922-cucm.shtml Products Confirmed Not Vulnerable +-------------------------------- The SIP Application Layer Gateway (ALG), which is used by the Cisco IOS NAT and firewall features of Cisco IOS Software, is not affected by these vulnerabilities. Cisco IOS XR Software is not affected by these vulnerabilities. No other Cisco products are currently known to be affected by these vulnerabilities. Details ======= SIP is a popular signaling protocol that is used to manage voice and video calls across IP networks such as the Internet. SIP is responsible for handling all aspects of call setup and termination. Voice and video are the most popular types of sessions that SIP handles, but the protocol has the flexibility to accommodate other applications that require call setup and termination. SIP call signaling can use UDP (port 5060), TCP (port 5060), or Transport Layer Security (TLS; TCP port 5061) as the underlying transport protocol. Three vulnerabilities exist in the SIP implementation in Cisco IOS Software that may allow a remote attacker to cause an affected device to reload. These vulnerabilities are triggered when the device running Cisco IOS Software processes crafted SIP messages. Note: In cases where SIP is running over TCP transport, a TCP three-way handshake is necessary to exploit these vulnerabilities. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at http://intellishield.cisco.com/security/alertmanager/cvss CSCta20040 - Device crashes when receiving crafted SIP message CVSS Base Score - 7.8 Access Vector Network Access Complexity Low Authentication None Confidentiality Impact None Integrity Impact None Availability Impact Complete CVSS Temporal Score - 6.4 Exploitability Functional Remediation Level Official Fix Report Confidence Confirmed CSCsz43987 - IOS coredump when sending crafted packets CVSS Base Score - 7.8 Access Vector Network Access Complexity Low Authentication None Confidentiality Impact None Integrity Impact None Availability Impact Complete CVSS Temporal Score - 6.4 Exploitability Functional Remediation Level Official Fix Report Confidence Confirmed CSCtf72678 - IOS Coredump Generated when sending crafted packets CVSS Base Score - 7.8 Access Vector Network Access Complexity Low Authentication None Confidentiality Impact None Integrity Impact None Availability Impact Complete CVSS Temporal Score - 6.4 Exploitability Functional Remediation Level Official Fix Report Confidence Confirmed Impact ====== Successful exploitation of the vulnerabilities in this advisory may result in a reload of the device. Repeated exploitation could result in a sustained denial of service condition. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. Each row of the following Cisco IOS Software table corresponds to a Cisco IOS Software train. If a particular train is vulnerable, the earliest releases that contain the fix are listed in the First Fixed Release For This Advisory column. The First Fixed Release for All Advisories in the September 2010 Bundle Publication column lists the earliest possible releases that correct all the published vulnerabilities in the Cisco IOS Software Security Advisory bundled publication. Cisco recommends upgrading to the latest available release, where possible. +-------------------------------------------------------------------+ | Major | Availability of Repaired Releases | | Release | | |------------+------------------------------------------------------| | Affected | | First Fixed Release for | | 12.0-Based | First Fixed Release for | All Advisories in the | | Releases | This Advisory | September 2010 Bundle | | | | Publication | |-------------------------------------------------------------------| | There are no affected 12.0-based releases | |-------------------------------------------------------------------| | Affected | | First Fixed Release for | | 12.1-Based | First Fixed Release for | All Advisories in the | | Releases | This Advisory | September 2010 Bundle | | | | Publication | |-------------------------------------------------------------------| | There are no affected 12.1-based releases | |-------------------------------------------------------------------| | Affected | | First Fixed Release for | | 12.2-Based | First Fixed Release for | All Advisories in the | | Releases | This Advisory | September 2010 Bundle | | | | Publication | |------------+--------------------------+---------------------------| | 12.2 | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | | | Vulnerable; first fixed | | | | in 12.4T | | 12.2B | Not Vulnerable | | | | | Releases up to and | | | | including 12.2(2)B7 are | | | | not vulnerable. | |------------+--------------------------+---------------------------| | 12.2BC | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.2BW | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | | | Vulnerable; first fixed | | | | in 12.2SB | | 12.2BX | Not Vulnerable | | | | | Releases up to and | | | | including 12.2(15)BX are | | | | not vulnerable. | |------------+--------------------------+---------------------------| | | | Vulnerable; first fixed | | | | in 12.4T | | 12.2BY | Not Vulnerable | | | | | Releases up to and | | | | including 12.2(2)BY3 are | | | | not vulnerable. | |------------+--------------------------+---------------------------| | 12.2BZ | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.2CX | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.2CY | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2CZ | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | 12.2DA | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.2DD | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | 12.2DX | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | 12.2EW | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.2EWA | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.2EX | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.2EY | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.2EZ | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.2FX | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.2FY | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.2FZ | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2IRA | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2IRB | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2IRC | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2IRD | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2IRE | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2IXA | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2IXB | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2IXC | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2IXD | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2IXE | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2IXF | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2IXG | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2IXH | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | 12.2JA | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.2JK | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.2MB | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | | | Releases up to and | | | | including 12.2(15)MC1 are | | 12.2MC | Not Vulnerable | not vulnerable. Releases | | | | 12.2(15)MC2b and later | | | | are not vulnerable; first | | | | fixed in 12.4T | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2MRA | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | 12.2MRB | Not Vulnerable | 12.2(33)MRB2 | |------------+--------------------------+---------------------------| | | | Releases prior to 12.2 | | 12.2S | Not Vulnerable | (30)S are vulnerable, | | | | release 12.2(30)S and | | | | later are not vulnerable | |------------+--------------------------+---------------------------| | | | 12.2(31)SB19 | | | | | | 12.2SB | Not Vulnerable | Releases prior to 12.2 | | | | (33)SB5 are vulnerable, | | | | release 12.2(33)SB5 and | | | | later are not vulnerable | |------------+--------------------------+---------------------------| | 12.2SBC | Not Vulnerable | Vulnerable; first fixed | | | | in 12.2SB | |------------+--------------------------+---------------------------| | 12.2SCA | Not Vulnerable | Vulnerable; first fixed | | | | in 12.2SCB | |------------+--------------------------+---------------------------| | 12.2SCB | Not Vulnerable | 12.2(33)SCB9 | |------------+--------------------------+---------------------------| | 12.2SCC | Not Vulnerable | 12.2(33)SCC5 | |------------+--------------------------+---------------------------| | 12.2SCD | Not Vulnerable | 12.2(33)SCD3 | |------------+--------------------------+---------------------------| | 12.2SE | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.2SEA | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.2SEB | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.2SEC | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.2SED | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.2SEE | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.2SEF | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.2SEG | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | | | Releases prior to 12.2 | | | | (40)SG are vulnerable, | | 12.2SG | Not Vulnerable | release 12.2(40)SG and | | | | later are not vulnerable; | | | | migrate to any release in | | | | 12.2SGA | |------------+--------------------------+---------------------------| | 12.2SGA | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.2SL | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.2SM | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.2SO | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.2SQ | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | | | Releases prior to 12.2 | | 12.2SRA | Not Vulnerable | (33)SRA6 are vulnerable, | | | | release 12.2(33)SRA6 and | | | | later are not vulnerable | |------------+--------------------------+---------------------------| | | | Releases prior to 12.2 | | 12.2SRB | Not Vulnerable | (33)SRB1 are vulnerable, | | | | release 12.2(33)SRB1 and | | | | later are not vulnerable | |------------+--------------------------+---------------------------| | 12.2SRC | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.2SRD | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.2SRE | Not Vulnerable | 12.2(33)SRE1 | |------------+--------------------------+---------------------------| | 12.2STE | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.2SU | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | | | Releases prior to 12.2 | | | | (29b)SV1 are vulnerable, | | 12.2SV | Not Vulnerable | release 12.2(29b)SV1 and | | | | later are not vulnerable; | | | | migrate to any release in | | | | 12.2SVD | |------------+--------------------------+---------------------------| | 12.2SVA | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.2SVC | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.2SVD | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.2SVE | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | | | Releases up to and | | | | including 12.2(21)SW1 are | | 12.2SW | Not Vulnerable | not vulnerable. Releases | | | | 12.2(25)SW12 and later | | | | are not vulnerable; first | | | | fixed in 12.4T | |------------+--------------------------+---------------------------| | | | Releases up to and | | 12.2SX | Not Vulnerable | including 12.2(14)SX2 are | | | | not vulnerable. | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2SXA | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2SXB | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2SXD | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2SXE | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | | | Releases prior to 12.2 | | 12.2SXF | Not Vulnerable | (18)SXF11 are vulnerable, | | | | release 12.2(18)SXF11 and | | | | later are not vulnerable | |------------+--------------------------+---------------------------| | 12.2SXH | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.2SXI | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.2SY | Vulnerable; migrate to | Not Vulnerable | | | any release in 12.2S | | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2SZ | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | 12.2T | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2TPC | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | 12.2XA | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | 12.2XB | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | 12.2XC | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | 12.2XD | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | 12.2XE | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.2XF | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.2XG | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | 12.2XH | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | 12.2XI | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | 12.2XJ | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | 12.2XK | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | 12.2XL | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | 12.2XM | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | 12.2XN | Not Vulnerable | Vulnerable; first fixed | | | | in 12.2SB | |------------+--------------------------+---------------------------| | 12.2XNA | Please see Cisco IOS-XE | Please see Cisco IOS-XE | | | Software Availability | Software Availability | |------------+--------------------------+---------------------------| | 12.2XNB | Please see Cisco IOS-XE | Please see Cisco IOS-XE | | | Software Availability | Software Availability | |------------+--------------------------+---------------------------| | 12.2XNC | Please see Cisco IOS-XE | Please see Cisco IOS-XE | | | Software Availability | Software Availability | |------------+--------------------------+---------------------------| | 12.2XND | Please see Cisco IOS-XE | Please see Cisco IOS-XE | | | Software Availability | Software Availability | |------------+--------------------------+---------------------------| | 12.2XNE | Please see Cisco IOS-XE | Please see Cisco IOS-XE | | | Software Availability | Software Availability | |------------+--------------------------+---------------------------| | 12.2XNF | Please see Cisco IOS-XE | Please see Cisco IOS-XE | | | Software Availability | Software Availability | |------------+--------------------------+---------------------------| | 12.2XO | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.2XQ | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | 12.2XR | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.2XS | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | 12.2XT | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | 12.2XU | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | 12.2XV | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | 12.2XW | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | 12.2YA | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2YB | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2YC | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2YD | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2YE | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2YF | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | 12.2YG | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2YH | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2YJ | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2YK | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2YL | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | 12.2YM | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2YN | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | 12.2YO | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.2YP | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.2YQ | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.2YR | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.2YS | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2YT | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2YU | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | | | Releases prior to 12.2 | | 12.2YV | Not Vulnerable | (11)YV1 are vulnerable, | | | | release 12.2(11)YV1 and | | | | later are not vulnerable | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2YW | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2YX | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2YY | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2YZ | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | 12.2ZA | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | | | Releases up to and | | 12.2ZB | Not Vulnerable | including 12.2(8)ZB are | | | | not vulnerable. | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2ZC | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2ZD | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | 12.2ZE | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | 12.2ZF | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | 12.2ZG | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.2ZH | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2ZJ | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2ZL | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2ZP | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2ZU | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | 12.2ZX | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2ZY | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2ZYA | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | Affected | | First Fixed Release for | | 12.3-Based | First Fixed Release for | All Advisories in the | | Releases | This Advisory | September 2010 Bundle | | | | Publication | |------------+--------------------------+---------------------------| | 12.3 | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | 12.3B | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | 12.3BC | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.3BW | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.3EU | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.3JA | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.3JEA | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.3JEB | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.3JEC | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.3JED | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | | Releases up to and | | | | including 12.3(2)JK3 are | Releases up to and | | | not vulnerable. | including 12.3(2)JK3 are | | 12.3JK | | not vulnerable. Releases | | | Releases 12.3(8)JK1 and | 12.3(8)JK1 and later are | | | later are not | not vulnerable; first | | | vulnerable; first fixed | fixed in 12.4T | | | in 12.4T | | |------------+--------------------------+---------------------------| | 12.3JL | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.3JX | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | | Vulnerable; first fixed | | | | in 12.4T | | | 12.3T | | Vulnerable; first fixed | | | Releases up to and | in 12.4T | | | including 12.3(4)T11 are | | | | not vulnerable. | | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.3TPC | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | 12.3VA | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4T | in 12.4T | |------------+--------------------------+---------------------------| | 12.3XA | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.3XB | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | 12.3XC | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | 12.3XD | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4T | in 12.4T | |------------+--------------------------+---------------------------| | 12.3XE | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | | Vulnerable; Contact your | Vulnerable; Contact your | | | support organization per | support organization per | | 12.3XF | the instructions in | the instructions in | | | Obtaining Fixed Software | Obtaining Fixed Software | | | section of this advisory | section of this advisory | |------------+--------------------------+---------------------------| | 12.3XG | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4T | in 12.4T | |------------+--------------------------+---------------------------| | | Releases prior to 12.3 | Releases prior to 12.3(7) | | | (7)XI11 are vulnerable, | XI11 are vulnerable, | | 12.3XI | release 12.3(7)XI11 and | release 12.3(7)XI11 and | | | later are not vulnerable | later are not vulnerable; | | | | first fixed in 12.2SB | |------------+--------------------------+---------------------------| | 12.3XJ | Vulnerable; migrate to | Vulnerable; first fixed | | | any release in 12.4XN | in 12.4XR | |------------+--------------------------+---------------------------| | 12.3XK | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4T | in 12.4T | |------------+--------------------------+---------------------------| | 12.3XL | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4T | in 12.4T | |------------+--------------------------+---------------------------| | 12.3XQ | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4T | in 12.4T | |------------+--------------------------+---------------------------| | 12.3XR | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4T | in 12.4T | |------------+--------------------------+---------------------------| | 12.3XS | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | | Vulnerable; first fixed | | | | in 12.4T | | | 12.3XU | | Vulnerable; first fixed | | | Releases up to and | in 12.4T | | | including 12.3(8)XU1 are | | | | not vulnerable. | | |------------+--------------------------+---------------------------| | 12.3XW | Vulnerable; migrate to | Vulnerable; first fixed | | | any release in 12.4XN | in 12.4T | |------------+--------------------------+---------------------------| | 12.3XX | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4T | in 12.4T | |------------+--------------------------+---------------------------| | 12.3XY | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4T | in 12.4T | |------------+--------------------------+---------------------------| | 12.3XZ | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | 12.3YA | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | 12.3YD | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | 12.3YF | Vulnerable; migrate to | Vulnerable; first fixed | | | any release in 12.4XN | in 12.4XR | |------------+--------------------------+---------------------------| | 12.3YG | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4T | in 12.4T | |------------+--------------------------+---------------------------| | 12.3YH | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | 12.3YI | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | 12.3YJ | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | | Releases prior to 12.3 | | | | (11)YK3 are vulnerable, | | | 12.3YK | release 12.3(11)YK3 and | Vulnerable; first fixed | | | later are not | in 12.4T | | | vulnerable; first fixed | | | | in 12.4T | | |------------+--------------------------+---------------------------| | 12.3YM | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4T | in 12.4T | |------------+--------------------------+---------------------------| | 12.3YQ | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4T | in 12.4T | |------------+--------------------------+---------------------------| | | Vulnerable; first fixed | | | | in 12.4T | | | 12.3YS | | Vulnerable; first fixed | | | Releases up to and | in 12.4T | | | including 12.3(11)YS1 | | | | are not vulnerable. | | |------------+--------------------------+---------------------------| | 12.3YT | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4T | in 12.4T | |------------+--------------------------+---------------------------| | 12.3YU | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4T | in 12.4T | |------------+--------------------------+---------------------------| | 12.3YX | Vulnerable; migrate to | Vulnerable; first fixed | | | any release in 12.4XN | in 12.4XR | |------------+--------------------------+---------------------------| | | Vulnerable; Contact your | Vulnerable; Contact your | | | support organization per | support organization per | | 12.3YZ | the instructions in | the instructions in | | | Obtaining Fixed Software | Obtaining Fixed Software | | | section of this advisory | section of this advisory | |------------+--------------------------+---------------------------| | 12.3ZA | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4T | in 12.4T | |------------+--------------------------+---------------------------| | Affected | | First Fixed Release for | | 12.4-Based | First Fixed Release for | All Advisories in the | | Releases | This Advisory | September 2010 Bundle | | | | Publication | |------------+--------------------------+---------------------------| | 12.4 | 12.4(25d) | 12.4(25d) | |------------+--------------------------+---------------------------| | 12.4GC | 12.4(24)GC2 | 12.4(24)GC2 | |------------+--------------------------+---------------------------| | 12.4JA | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.4JDA | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.4JDC | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.4JDD | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.4JHA | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.4JHB | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.4JK | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.4JL | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.4JMA | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.4JMB | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.4JX | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.4JY | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.4MD | Not Vulnerable | 12.4(24)MD2 | |------------+--------------------------+---------------------------| | 12.4MDA | Not Vulnerable | 12.4(22)MDA4 | |------------+--------------------------+---------------------------| | 12.4MR | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4MRA | in 12.4MRA | |------------+--------------------------+---------------------------| | 12.4MRA | 12.4(20)MRA1 | 12.4(20)MRA1 | |------------+--------------------------+---------------------------| | 12.4SW | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | | 12.4(15)T14 | 12.4(15)T14 | | | | | | 12.4T | 12.4(24)T4 | 12.4(24)T4 | | | | | | | 12.4(20)T6 | 12.4(20)T6 | |------------+--------------------------+---------------------------| | 12.4XA | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4T | in 12.4T | |------------+--------------------------+---------------------------| | 12.4XB | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4T | in 12.4T | |------------+--------------------------+---------------------------| | 12.4XC | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4T | in 12.4T | |------------+--------------------------+---------------------------| | 12.4XD | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4T | in 12.4T | |------------+--------------------------+---------------------------| | | Releases prior to 12.4 | Releases prior to 12.4(6) | | | (6)XE5 are vulnerable, | XE5 are vulnerable, | | 12.4XE | release 12.4(6)XE5 and | release 12.4(6)XE5 and | | | later are not | later are not vulnerable; | | | vulnerable; first fixed | first fixed in 12.4T | | | in 12.4T | | |------------+--------------------------+---------------------------| | 12.4XF | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | 12.4XG | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | 12.4XJ | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4T | in 12.4T | |------------+--------------------------+---------------------------| | 12.4XK | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | | Vulnerable; Contact your | Vulnerable; Contact your | | | support organization per | support organization per | | 12.4XL | the instructions in | the instructions in | | | Obtaining Fixed Software | Obtaining Fixed Software | | | section of this advisory | section of this advisory | |------------+--------------------------+---------------------------| | | Releases up to and | | | | including 12.4(15)XM are | | | | not vulnerable. | | | 12.4XM | | Vulnerable; first fixed | | | Releases 12.4(15)XM3 and | in 12.4T | | | later are not | | | | vulnerable; first fixed | | | | in 12.4T | | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.4XN | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | | Vulnerable; Contact your | Vulnerable; Contact your | | | support organization per | support organization per | | 12.4XP | the instructions in | the instructions in | | | Obtaining Fixed Software | Obtaining Fixed Software | | | section of this advisory | section of this advisory | |------------+--------------------------+---------------------------| | 12.4XQ | Not Vulnerable | 12.4(15)XQ6; Available on | | | | 22-SEP-10 | |------------+--------------------------+---------------------------| | | | 12.4(15)XR9 | | 12.4XR | Not Vulnerable | | | | | 12.4(22)XR7 | |------------+--------------------------+---------------------------| | 12.4XT | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4T | in 12.4T | |------------+--------------------------+---------------------------| | | Vulnerable; Contact your | Vulnerable; Contact your | | | support organization per | support organization per | | 12.4XV | the instructions in | the instructions in | | | Obtaining Fixed Software | Obtaining Fixed Software | | | section of this advisory | section of this advisory | |------------+--------------------------+---------------------------| | 12.4XW | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4T | in 12.4T | |------------+--------------------------+---------------------------| | 12.4XY | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4T | in 12.4T | |------------+--------------------------+---------------------------| | 12.4XZ | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4T | in 12.4T | |------------+--------------------------+---------------------------| | 12.4YA | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4T | in 12.4T | |------------+--------------------------+---------------------------| | | Vulnerable; Contact your | Vulnerable; Contact your | | | support organization per | support organization per | | 12.4YB | the instructions in | the instructions in | | | Obtaining Fixed Software | Obtaining Fixed Software | | | section of this advisory | section of this advisory | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.4YD | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | 12.4YE | Not Vulnerable | 12.4(24)YE1 | |------------+--------------------------+---------------------------| | 12.4YG | Not Vulnerable | 12.4(24)YG3 | |------------+--------------------------+---------------------------| | Affected | | First Fixed Release for | | 15.0-Based | First Fixed Release for | All Advisories in the | | Releases | This Advisory | September 2010 Bundle | | | | Publication | |------------+--------------------------+---------------------------| | 15.0M | 15.0(1)M3 | 15.0(1)M3 | |------------+--------------------------+---------------------------| | | Cisco 7600 and 10000 | Cisco 7600 and 10000 | | | Series routers: Not | Series routers: 15.0(1)S1 | | | Vulnerable | (available early October | | | | 2010). | | 15.0S | Cisco ASR 1000 Series | | | | routes: Please see Cisco | Cisco ASR 1000 Series | | | IOS-XE Software | routes: Please see Cisco | | | Availability | IOS-XE Software | | | | Availability | |------------+--------------------------+---------------------------| | 15.0XA | 15.0(1)XA4 | Vulnerable; first fixed | | | | in 15.1T | |------------+--------------------------+---------------------------| | 15.0XO | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | Affected | | First Fixed Release for | | 15.1-Based | First Fixed Release for | All Advisories in the | | Releases | This Advisory | September 2010 Bundle | | | | Publication | |------------+--------------------------+---------------------------| | | 15.1(2)T0a | | | 15.1T | | 15.1(2)T1 | | | 15.1(1)T1 | | |------------+--------------------------+---------------------------| | 15.1XB | 15.1(1)XB | Vulnerable; first fixed | | | | in 15.1T | +-------------------------------------------------------------------+ Cisco IOS XE Software +-------------------- +-------------------------------------------------------------------+ | Cisco IOS | First Fixed | First Fixed Release for All | | XE | Release for This | Advisories in the September 2010 | | Release | Advisory | Bundle Publication | |-----------+------------------+------------------------------------| | 2.1.x | Not Vulnerable | Not Vulnerable | |-----------+------------------+------------------------------------| | 2.2.x | Not Vulnerable | Not Vulnerable | |-----------+------------------+------------------------------------| | 2.3.x | Not Vulnerable | Not Vulnerable | |-----------+------------------+------------------------------------| | 2.4.x | Not Vulnerable | Not Vulnerable | |-----------+------------------+------------------------------------| | | Vulnerable; | Vulnerable; migrate to 2.6.2 or | | 2.5.x | migrate to 2.6.2 | later | | | or later | | |-----------+------------------+------------------------------------| | 2.6.x | 2.6.1 | 2.6.2 | |-----------+------------------+------------------------------------| | 3.1.xS | Not Vulnerable | Not Vulnerable | +-------------------------------------------------------------------+ For mapping of Cisco IOS XE to Cisco IOS releases, please refer to the Cisco IOS XE 2 and Cisco IOS XE 3S Release Notes. Cisco IOS XR System Software +--------------------------- Cisco IOS XR Software is not affected by the vulnerabilities disclosed in the September 22, 2010, Cisco IOS Software Security Advisory bundled publication. Workarounds =========== If the affected Cisco IOS device requires SIP for VoIP services, SIP cannot be disabled, and no workarounds are available. Users are advised to apply mitigation techniques to help limit exposure to the vulnerabilities. Mitigation consists of allowing only legitimate devices to connect to affected devices. To increase effectiveness, the mitigation must be coupled with anti-spoofing measures on the network edge. This action is required because SIP can use UDP as the transport protocol. Additional mitigations that can be deployed on Cisco devices within the network are available in the companion document "Cisco Applied Mitigation Bulletin:Identifying and Mitigating Exploitation of the Multiple Vulnerabilities in Cisco Voice Products", which is available at the following location: http://www.cisco.com/warp/public/707/cisco-amb-20100922-voice.shtml Disabling SIP Listening Ports +---------------------------- For devices that do not require SIP to be enabled, the simplest and most effective workaround is to disable SIP processing on the device. Some versions of Cisco IOS Software allow administrators to disable SIP with the following commands: sip-ua no transport udp no transport tcp no transport tcp tls warning Warning: When applying this workaround to devices that are processing Media Gateway Control Protocol (MGCP) or H.323 calls, the device will not stop SIP processing while active calls are being processed. Under these circumstances, this workaround should be implemented during a maintenance window when active calls can be briefly stopped. The show udp connections, show tcp brief all, and show processes | include SIP commands can be used to confirm that the SIP UDP and TCP ports are closed after applying this workaround. Depending on the Cisco IOS Software version in use, the output from the show ip sockets command may still show the SIP ports open, but sending traffic to them will cause the SIP process to emit the following message: *Jun 2 11:36:47.691: sip_udp_sock_process_read: SIP UDP Listener is DISABLED Control Plane Policing +--------------------- For devices that need to offer SIP services, it is possible to use Control Plane Policing (CoPP) to block SIP traffic to the device from untrusted sources. Cisco IOS Releases 12.0S, 12.2SX, 12.2S, 12.3T, 12.4, and 12.4T support the CoPP feature. CoPP may be configured on a device to protect the management and control planes to minimize the risk and effectiveness of direct infrastructure attacks by explicitly permitting only authorized traffic sent to infrastructure devices in accordance with existing security policies and configurations. The following example can be adapted to specific network configurations: !-- The 192.168.1.0/24 network and the 172.16.1.1 host are trusted. !-- Everything else is not trusted. The following access list is used !-- to determine what traffic needs to be dropped by a control plane !-- policy (the CoPP feature.) If the access list matches (permit) !-- then traffic will be dropped and if the access list does not !-- match (deny) then traffic will be processed by the router. access-list 100 deny udp 192.168.1.0 0.0.0.255 any eq 5060 access-list 100 deny tcp 192.168.1.0 0.0.0.255 any eq 5060 access-list 100 deny tcp 192.168.1.0 0.0.0.255 any eq 5061 access-list 100 deny udp host 172.16.1.1 any eq 5060 access-list 100 deny tcp host 172.16.1.1 any eq 5060 access-list 100 deny tcp host 172.16.1.1 any eq 5061 access-list 100 permit udp any any eq 5060 access-list 100 permit tcp any any eq 5060 access-list 100 permit tcp any any eq 5061 !-- Permit (Police or Drop)/Deny (Allow) all other Layer3 and Layer4 !-- traffic in accordance with existing security policies and !-- configurations for traffic that is authorized to be sent !-- to infrastructure devices. !-- Create a Class-Map for traffic to be policed by !-- the CoPP feature. class-map match-all drop-sip-class match access-group 100 !-- Create a Policy-Map that will be applied to the !-- Control-Plane of the device. policy-map control-plane-policy class drop-sip-class drop !-- Apply the Policy-Map to the Control-Plane of the !-- device. control-plane service-policy input control-plane-policy Note: Because SIP can use UDP as a transport protocol, it is possible to easily spoof the IP address of the sender, which may defeat access control lists that permit communication to these ports from trusted IP addresses. In the above CoPP example, the access control entries (ACEs) that match the potential exploit packets with the "permit" action result in these packets being discarded by the policy-map "drop" function, while packets that match the "deny" action (not shown) are not affected by the policy-map drop function. Additional information on the configuration and use of the CoPP feature can be found at http://www.cisco.com/web/about/security/intelligence/coppwp_gs.html and http://www.cisco.com/en/US/docs/ios/12_3t/12_3t4/feature/guide/gtrtlimt.html Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability described in this advisory. These vulnerabilities were discovered by Cisco during internal testing. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at : http://www.cisco.com/warp/public/707/cisco-sa-20100922-sip.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +-----------------------------------------+ | Revision | | Initial | | 1.0 | 2010-September-22 | public | | | | release. | +-----------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (Darwin) iEYEARECAAYFAkyZ/SsACgkQ86n/Gc8U/uAExQCePGMUBQypd2bPNr1CbH19j1h3 9WgAn0czHTv1JOH6pJl2Bz4MRrPzokRR =6+8R -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . The Session Initiation Protocol (SIP) and Skinny Client Control Protocol (SCCP) services are affected by these vulnerabilities. There are no workarounds for these vulnerabilities. Details ======= Cisco Unified Communications Manager is the call processing component of the Cisco IP Telephony solution that extends enterprise telephony features and functions to packet telephony network devices, such as IP phones, media processing devices, VoIP gateways, and multimedia applications. To mitigate against this vulnerability, administrators are advised to restrict access to TCP and UDP port 5060 on vulnerable Cisco Unified Communications Manager 4.x systems that are configured to use SIP trunks with screening devices to valid SIP trunk end points. Network Connection Tracking Vulnerability +---------------------------------------- Cisco Unified Communications Manager contains a DoS vulnerability that involves the tracking of network connections by the embedded operating system firewall. By establishing many TCP connections with a vulnerable system, an attacker could overwhelm the operating system table that is used to track network connections and prevent new connections from being established to system services. Any service that listens to a TCP port on a vulnerable system could be affected by this vulnerability, including SIP and SCCP. This action could prevent new connections from being established to the SIP and SCCP services. Administrators can mitigate the SCCP- and SIP-related vulnerabilities by implementing filtering on screening devices to permit access to TCP ports 2000 and 2443, and TCP and UDP ports 5060 and 5061 only from networks that need SCCP and SIP access to Cisco Unified Communications Manager servers. ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. Successful exploitation of the vulnerabilities requires that SIP voice services are enabled. SOLUTION: Apply updates (please see the vendor's advisory for details)

Unspecified vulnerability in Symantec Norton AntiVirus 2005 through 2008; Norton Internet Security 2005 through 2008; AntiVirus Corporate Edition 9.0 before MR7, 10.0, 10.1 before MR8, and 10.2 before MR3; and Client Security 2.0 before MR7, 3.0, and 3.1 before MR8; when Internet Email Scanning is installed and enabled, allows remote attackers to cause a denial of service (CPU consumption and persistent connection loss) via unknown attack vectors. Multiple Symantec products are prone to a remote denial-of-service vulnerability when processing specially crafted email messages. An attacker can exploit this issue to cause denial-of-service conditions and launch further attacks. Symantec AntiVirus is a very popular antivirus solution. Malicious mail messages can take a significant amount of time to process, causing the client system to lose connection to the mail server; the client will then continue to try to download the mail message the next time it connects to the mail server, and lose connection again. This behavior is repeated until the malicious email is deleted from the mail server. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Symantec Products Internet Email Scanning Denial of Service SECUNIA ADVISORY ID: SA36493 VERIFY ADVISORY: http://secunia.com/advisories/36493/ DESCRIPTION: A vulnerability has been reported in multiple Symantec products, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error when processing email messages and can be exploited to disable an email client by placing it in an infinite loop where unsuccessful email retrievals are repeatedly attempted. PROVIDED AND/OR DISCOVERED BY: The vendor credits Mark Litchfield of Next Generation Security Software. ORIGINAL ADVISORY: Symantec (SYM09-012): http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090826_01 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), 7.0 before 7.0(2a)su1, and 7.1 before 7.1(2) allows remote attackers to cause a denial of service (file-descriptor exhaustion and SCCP outage) via a flood of TCP packets, aka Bug ID CSCsx32236. Cisco Unified Communications Manager There is a service disruption (DoS) There is a vulnerability that becomes a condition. The problem is Bug IDs CSCsx32236 It is a problem.A large amount by a third party TCP Service disruption via packets (DoS) There is a possibility of being put into a state. An attacker can exploit these issues to cause denial-of-service conditions in the affected application. These issues are documented by these Cisco bug IDs: CSCsi46466 CSCsz40392 CSCsq22534 CSCsx32236 CSCsx23689. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. SOLUTION: Update to version 5.1(3g) (reportedly available in early September 2009). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . The Session Initiation Protocol (SIP) and Skinny Client Control Protocol (SCCP) services are affected by these vulnerabilities. There are no workarounds for these vulnerabilities. No other Cisco products are currently known to be affected by these vulnerabilities. Details ======= Cisco Unified Communications Manager is the call processing component of the Cisco IP Telephony solution that extends enterprise telephony features and functions to packet telephony network devices, such as IP phones, media processing devices, VoIP gateways, and multimedia applications. Each vulnerability is triggered by a malformed SIP message that could cause a critical process to fail, resulting in the disruption of voice services. All SIP ports (TCP 5060 and 5061, UDP 5060 and 5061) are affected by these vulnerabilities. To mitigate against this vulnerability, administrators are advised to restrict access to TCP and UDP port 5060 on vulnerable Cisco Unified Communications Manager 4.x systems that are configured to use SIP trunks with screening devices to valid SIP trunk end points. The second SIP DoS vulnerability is documented in Cisco Bug ID CSCsz40392 and has been assigned the CVE identifier CVE-2009-2051. By establishing many TCP connections with a vulnerable system, an attacker could overwhelm the operating system table that is used to track network connections and prevent new connections from being established to system services. Any service that listens to a TCP port on a vulnerable system could be affected by this vulnerability, including SIP and SCCP. By flooding a vulnerable system with many TCP packets, an attacker could exhaust operating system file descriptors that cause the SIP port (TCP 5060 and 5061) and SCCP port (TCP 2000 and 2443) to close. This action could prevent new connections from being established to the SIP and SCCP services. SIP UDP (5060 and 5061) ports are not affected. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss CSCsi46466 - CM 6.1 SDL router services dead when receiving abnormal CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed CSCsz40392 - CCM: Coredump in sipSafeStrlen from malicious INVITE Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed CSCsq22534 - IP_Conntrack Fills Up During TCP Flood Attack Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed CSCsx32236 - SCCP Port Closed in Response to FD Resource Exhaustion Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed CSCsx23689 - SIP Port Closed in Response to FD Resource Exhaustion Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== Successful exploitation of the vulnerabilities described in this advisory could result in the interruption of voice services. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. Administrators can mitigate the SCCP- and SIP-related vulnerabilities by implementing filtering on screening devices to permit access to TCP ports 2000 and 2443, and TCP and UDP ports 5060 and 5061 only from networks that need SCCP and SIP access to Cisco Unified Communications Manager servers. Additional mitigation techniques that can be deployed on Cisco devices within the network are available in the Cisco Applied Mitigation Bulletin companion document for this advisory: http://www.cisco.com/warp/public/707/cisco-amb-20090826-cucm.shtml Obtaining Fixed Software ======================== Cisco has released free software updates for select Cisco Unified Communications Manager versions that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at: http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html or as otherwise set forth at Cisco.com Downloads at: http://www.cisco.com/public/sw-center/sw-usingswc.shtml Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers who are concerned about the availability of fixed software for this vulnerability in these releases should contact the following email address: cucm-august26-inquiry@cisco.com Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to: http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory. The vulnerabilities were discovered by Cisco. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20090826-cucm.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +---------------------------------------+ | Revision | | Initial | | 1.0 | 2009-August-26 | public | | | | release. | +---------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at: http://www.cisco.com/go/psirt -----BEGIN PGP SIGNATURE----- iD8DBQFKlVmL86n/Gc8U/uARAv5YAJ9Qo8XGM9LvJWJ6AvVGQ0DvQ1v1KQCgg8vf x3d5mwP1SWPEvIGzoXffuBc= =oqg/ -----END PGP SIGNATURE-----

Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), 7.0 before 7.0(2a)su1, and 7.1 before 7.1(2a)su1 allows remote attackers to cause a denial of service (file-descriptor exhaustion and SIP outage) via a flood of TCP packets, aka Bug ID CSCsx23689. Cisco Unified Communications Manager includes denial of service (DoS) There is a vulnerability that could result in a condition. This problem is Bug IDs CSCsx23689 It's a problem.A large amount of TCP Denial of service via packets (DoS) It may be in a state. An attacker can exploit these issues to cause denial-of-service conditions in the affected application. These issues are documented by these Cisco bug IDs: CSCsi46466 CSCsz40392 CSCsq22534 CSCsx32236 CSCsx23689. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. SOLUTION: Update to version 5.1(3g) (reportedly available in early September 2009). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . The Session Initiation Protocol (SIP) and Skinny Client Control Protocol (SCCP) services are affected by these vulnerabilities. There are no workarounds for these vulnerabilities. No other Cisco products are currently known to be affected by these vulnerabilities. Details ======= Cisco Unified Communications Manager is the call processing component of the Cisco IP Telephony solution that extends enterprise telephony features and functions to packet telephony network devices, such as IP phones, media processing devices, VoIP gateways, and multimedia applications. Each vulnerability is triggered by a malformed SIP message that could cause a critical process to fail, resulting in the disruption of voice services. All SIP ports (TCP 5060 and 5061, UDP 5060 and 5061) are affected by these vulnerabilities. To mitigate against this vulnerability, administrators are advised to restrict access to TCP and UDP port 5060 on vulnerable Cisco Unified Communications Manager 4.x systems that are configured to use SIP trunks with screening devices to valid SIP trunk end points. The second SIP DoS vulnerability is documented in Cisco Bug ID CSCsz40392 and has been assigned the CVE identifier CVE-2009-2051. By establishing many TCP connections with a vulnerable system, an attacker could overwhelm the operating system table that is used to track network connections and prevent new connections from being established to system services. Any service that listens to a TCP port on a vulnerable system could be affected by this vulnerability, including SIP and SCCP. By flooding a vulnerable system with many TCP packets, an attacker could exhaust operating system file descriptors that cause the SIP port (TCP 5060 and 5061) and SCCP port (TCP 2000 and 2443) to close. This action could prevent new connections from being established to the SIP and SCCP services. SIP UDP (5060 and 5061) ports are not affected. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss CSCsi46466 - CM 6.1 SDL router services dead when receiving abnormal CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed CSCsz40392 - CCM: Coredump in sipSafeStrlen from malicious INVITE Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed CSCsq22534 - IP_Conntrack Fills Up During TCP Flood Attack Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed CSCsx32236 - SCCP Port Closed in Response to FD Resource Exhaustion Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed CSCsx23689 - SIP Port Closed in Response to FD Resource Exhaustion Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== Successful exploitation of the vulnerabilities described in this advisory could result in the interruption of voice services. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. Administrators can mitigate the SCCP- and SIP-related vulnerabilities by implementing filtering on screening devices to permit access to TCP ports 2000 and 2443, and TCP and UDP ports 5060 and 5061 only from networks that need SCCP and SIP access to Cisco Unified Communications Manager servers. Additional mitigation techniques that can be deployed on Cisco devices within the network are available in the Cisco Applied Mitigation Bulletin companion document for this advisory: http://www.cisco.com/warp/public/707/cisco-amb-20090826-cucm.shtml Obtaining Fixed Software ======================== Cisco has released free software updates for select Cisco Unified Communications Manager versions that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at: http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html or as otherwise set forth at Cisco.com Downloads at: http://www.cisco.com/public/sw-center/sw-usingswc.shtml Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers who are concerned about the availability of fixed software for this vulnerability in these releases should contact the following email address: cucm-august26-inquiry@cisco.com Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to: http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory. The vulnerabilities were discovered by Cisco. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20090826-cucm.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +---------------------------------------+ | Revision | | Initial | | 1.0 | 2009-August-26 | public | | | | release. | +---------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at: http://www.cisco.com/go/psirt -----BEGIN PGP SIGNATURE----- iD8DBQFKlVmL86n/Gc8U/uARAv5YAJ9Qo8XGM9LvJWJ6AvVGQ0DvQ1v1KQCgg8vf x3d5mwP1SWPEvIGzoXffuBc= =oqg/ -----END PGP SIGNATURE-----

Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), 7.0 before 7.0(2), and 7.1 before 7.1(2); and Cisco Unified Presence 1.x, 6.x before 6.0(6), and 7.x before 7.0(4); allows remote attackers to cause a denial of service (TCP services outage) via a large number of TCP connections, related to "tracking of network connections," aka Bug IDs CSCsq22534 and CSCsw52371. (DoS) There is a vulnerability that becomes a condition. The problem is Bug IDs CSCsq22534 and CSCsw52371 It is a problem.A large number of third parties TCP Service disruption via connection (DoS) There is a possibility of being put into a state. An attacker can exploit these issues to cause denial-of-service conditions in the affected application. These issues are documented by these Cisco bug IDs: CSCsi46466 CSCsz40392 CSCsq22534 CSCsx32236 CSCsx23689. An attacker can exploit this issue to prevent new TCP connections from being established, denying service to legitimate users. This issue is being tracked by Cisco BugID CSCsw52371. The software version can be determined by running the command "show version active" via the Command Line Interface (CLI). TCP 3-way handshakes must be completed for the attack to be successful. The TimesTenD process will be automatically restarted upon failure. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. SOLUTION: Update to version 5.1(3g) (reportedly available in early September 2009). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco Unified Communications Manager Denial of Service Vulnerabilities Advisory ID: cisco-sa-20090826-cucm Revision 1.0 For Public Release 2009 August 26 1600 UTC (GMT) +--------------------------------------------------------------------- Summary ======= Cisco Unified Communications Manager (formerly CallManager) contains multiple denial of service (DoS) vulnerabilities that if exploited could cause an interruption to voice services. The Session Initiation Protocol (SIP) and Skinny Client Control Protocol (SCCP) services are affected by these vulnerabilities. There are no workarounds for these vulnerabilities. No other Cisco products are currently known to be affected by these vulnerabilities. Details ======= Cisco Unified Communications Manager is the call processing component of the Cisco IP Telephony solution that extends enterprise telephony features and functions to packet telephony network devices, such as IP phones, media processing devices, VoIP gateways, and multimedia applications. Each vulnerability is triggered by a malformed SIP message that could cause a critical process to fail, resulting in the disruption of voice services. All SIP ports (TCP 5060 and 5061, UDP 5060 and 5061) are affected by these vulnerabilities. Cisco Unified Communications Manager 4.x versions are only affected by the first SIP DoS vulnerability if a SIP trunk is explicitly configured. To determine if a SIP truck is configured on a Cisco Unified Communications Manager version 4.x system, navigate to Device > Trunk and choose the option SIP Trunk in the Cisco Unified Communications Manager administration interface. To mitigate against this vulnerability, administrators are advised to restrict access to TCP and UDP port 5060 on vulnerable Cisco Unified Communications Manager 4.x systems that are configured to use SIP trunks with screening devices to valid SIP trunk end points. The second SIP DoS vulnerability is documented in Cisco Bug ID CSCsz40392 and has been assigned the CVE identifier CVE-2009-2051. Any service that listens to a TCP port on a vulnerable system could be affected by this vulnerability, including SIP and SCCP. By flooding a vulnerable system with many TCP packets, an attacker could exhaust operating system file descriptors that cause the SIP port (TCP 5060 and 5061) and SCCP port (TCP 2000 and 2443) to close. SIP UDP (5060 and 5061) ports are not affected. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss CSCsi46466 - CM 6.1 SDL router services dead when receiving abnormal CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed CSCsz40392 - CCM: Coredump in sipSafeStrlen from malicious INVITE Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed CSCsq22534 - IP_Conntrack Fills Up During TCP Flood Attack Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed CSCsx32236 - SCCP Port Closed in Response to FD Resource Exhaustion Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed CSCsx23689 - SIP Port Closed in Response to FD Resource Exhaustion Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== Successful exploitation of the vulnerabilities described in this advisory could result in the interruption of voice services. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. Administrators can mitigate the SCCP- and SIP-related vulnerabilities by implementing filtering on screening devices to permit access to TCP ports 2000 and 2443, and TCP and UDP ports 5060 and 5061 only from networks that need SCCP and SIP access to Cisco Unified Communications Manager servers. Additional mitigation techniques that can be deployed on Cisco devices within the network are available in the Cisco Applied Mitigation Bulletin companion document for this advisory: http://www.cisco.com/warp/public/707/cisco-amb-20090826-cucm.shtml Obtaining Fixed Software ======================== Cisco has released free software updates for select Cisco Unified Communications Manager versions that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at: http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html or as otherwise set forth at Cisco.com Downloads at: http://www.cisco.com/public/sw-center/sw-usingswc.shtml Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers who are concerned about the availability of fixed software for this vulnerability in these releases should contact the following email address: cucm-august26-inquiry@cisco.com Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to: http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20090826-cucm.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +---------------------------------------+ | Revision | | Initial | | 1.0 | 2009-August-26 | public | | | | release. | +---------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at: http://www.cisco.com/go/psirt -----BEGIN PGP SIGNATURE----- iD8DBQFKlVmL86n/Gc8U/uARAv5YAJ9Qo8XGM9LvJWJ6AvVGQ0DvQ1v1KQCgg8vf x3d5mwP1SWPEvIGzoXffuBc= =oqg/ -----END PGP SIGNATURE-----

Cisco Aironet Lightweight Access Point (AP) devices send the contents of certain multicast data frames in cleartext, which allows remote attackers to discover Wireless LAN Controller MAC addresses and IP addresses, and AP configuration details, by sniffing the wireless network. Cisco Lightweight Access Point is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause the affected device to stop responding, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCtb56664. Cisco Aironet wireless access points (APs) are very popular wireless access network devices. This paper associates devices with malicious controllers so that wireless clients cannot access legitimate network resources. This is a denial of service

The Cisco Security Monitoring, Analysis and Response System (CS-MARS) 6.0.4 and earlier stores cleartext passwords in log/sysbacktrace.## files within error-logs.tar.gz archives, which allows context-dependent attackers to obtain sensitive information by reading these files. Cisco Security Monitoring, Analysis, and Response System (MARS) is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information that can aid in further attacks. This issue is being tracked by Cisco Bug CSCtb52450. Cisco Security MARS 6.0.4 and prior are vulnerable

Cisco IOS XR 3.8.1 and earlier allows remote attackers to cause a denial of service (process crash) via a long BGP UPDATE message, as demonstrated by a message with many AS numbers in the AS Path Attribute. An attacker can exploit this issue to cause the BGP process to crash, creating a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCtb05382. Cisco IOS is an operating system developed by Cisco in the United States for its network equipment. The number of AS numbers must exceed the full or maximum length of the update message to trigger this vulnerability

Cisco IOS XR 3.8.1 and earlier allows remote authenticated users to cause a denial of service (process crash) via vectors involving a BGP UPDATE message with many AS numbers prepended to the AS path. Cisco IOS XR Is AS Service operation disruption due to incomplete number-related processing (DoS) There is a vulnerability that becomes a condition.Service disruption by remotely authenticated user (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to cause the BGP process to crash, creating a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCtb12726. Cisco IOS is an operating system developed by Cisco in the United States for its network equipment. Both the number of AS numbers required to prepend and the resulting crashes exceeded normal limits in a production environment. When the BGP process of an affected device crashes due to such an oversized AS path forwarding, no log message is generated before the crash

The Cisco Firewall Services Module (FWSM) 2.x, 3.1 before 3.1(16), 3.2 before 3.2(13), and 4.0 before 4.0(6) for Cisco Catalyst 6500 switches and Cisco 7600 routers allows remote attackers to cause a denial of service (traffic-handling outage) via a series of malformed ICMP messages. Attackers can exploit this issue to cause the vulnerable module to fail to respond to further traffic, resulting in a denial-of-service condition. This issue is tracked by Cisco Bug ID CSCsz97207. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. SOLUTION: Update to version 3.1(16), 3.2(13), or 4.0(6). Users of version 2.x should migrate to either 3.x or 4.x. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. The vulnerability may cause the FWSM to stop forwarding traffic and may be triggered while processing multiple, crafted ICMP messages. There are no known instances of intentional exploitation of this vulnerability. However, Cisco has observed data streams that appear to trigger this vulnerability unintentionally. Cisco has released free software updates that address this vulnerability. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20090819-fwsm.shtml. Affected Products ================= Vulnerable Products - ------------------- All non-fixed 2.x, 3.x and 4.x versions of the FWSM software are affected by this vulnerability. To determine the version of the FWSM software that is running, issue the "show module" command-line interface (CLI) command from Cisco IOS Software or Cisco Catalyst Operating System Software to identify what modules and sub-modules are installed in the system. The following example shows a system with an FWSM (WS-SVC-FWM-1) installed in slot 4. switch#show module Mod Ports Card Type Model Serial No. --- ----- -------------------------------------- ----------------- ----------- 1 48 SFM-capable 48 port 10/100/1000mb RJ45 WS-X6548-GE-TX SAxxxxxxxxx 4 6 Firewall Module WS-SVC-FWM-1 SAxxxxxxxxx 5 2 Supervisor Engine 720 (Active) WS-SUP720-BASE SAxxxxxxxxx 6 2 Supervisor Engine 720 (Hot) WS-SUP720-BASE SAxxxxxxxxx After locating the correct slot, issue the "show module <slot number>" command to identify the software version that is running. switch#show module 4 Mod Ports Card Type Model Serial No. --- ----- -------------------------------------- ----------------- ----------- 4 6 Firewall Module WS-SVC-FWM-1 SAxxxxxxxxx Mod MAC addresses Hw Fw Sw Status --- --------------------------------- ------ ------------ ------------ ------- 4 0003.e4xx.xxxx to 0003.e4xx.xxxx 3.0 7.2(1) 3.2(3) Ok The preceding example shows that the FWSM is running software version 3.2(3) as indicated by the column under "Sw". Note: Recent versions of Cisco IOS Software will show the software version of each module in the output from the "show module" command; therefore, executing the "show module <slot number>" command is not necessary. If a Virtual Switching System (VSS) is used to allow two physical Cisco Catalyst 6500 Series Switches to operate as a single logical virtual switch, the "show module switch all" command can display the software version of all FWSMs that belong to switch 1 and switch 2. The output from this command will be similar to the output from the "show module <slot number>" but will include module information for the modules in each switch in the VSS. Alternatively, version information can be obtained directly from the FWSM through the "show version" command, as shown in the following example. FWSM#show version FWSM Firewall Version 3.2(3) Customers who use the Cisco Adaptive Security Device Manager (ASDM) to manage their devices can find the version of the software displayed in the table in the login window or in the upper left corner of the ASDM window. The version notation is similar to the following example. FWSM Version: 3.2(3) Products Confirmed Not Vulnerable - --------------------------------- Other Cisco products that offer firewall services, including Cisco IOS Software, Cisco ASA 5500 Series Adaptive Security Appliances, and Cisco PIX Security Appliances, are not affected by this vulnerability. No other Cisco products are currently known to be affected by this vulnerability. The FWSM offers firewall services with stateful packet filtering and deep packet inspection. A vulnerability exists in the Cisco FWSM Software that may cause the FWSM to stop forwarding traffic between interfaces, or stop processing traffic that is directed at the FWSM (management traffic) after multiple, crafted ICMP messages are processed by the FWSM. Any traffic that transits or is directed towards the FWSM is affected, regardless of whether ICMP inspection ("inspect icmp" command under Class configuration mode) is enabled. The FWSM stops processing traffic because one of the Network Processors (NPs) that is used by the FWSM to handle traffic may use all available execution threads while handling a specific type of crafted ICMP messages. This behavior limits the execution threads that are available to handle additional traffic. Administrators may be able to determine if the FWSM has been affected by this vulnerability by issuing the "show np 2 stats" command. If this command produces output showing various counters and their values, as shown in the example CLI output that follows, the FWSM has not been affected by the vulnerability. If the command returns a single line that reads "ERROR: np_logger_query request for FP Stats failed", the FWSM may have been affected by the vulnerability. FWSM#show np 2 stats - ------------------------------------------------------------------------------- Fast Path 64 bit Global Statistics Counters (NP-2) - ------------------------------------------------------------------------------- PKT_MNG: total packets (dot1q) rcvd : 10565937 PKT_MNG: total packets (dot1q) sent : 4969517 PKT_MNG: total packets (dot1q) dropped : 65502 PKT_MNG: TCP packets received : 0 PKT_MNG: UDP packets received : 4963509 PKT_MNG: ICMP packets received : 0 PKT_MNG: ARP packets received : 2 PKT_MNG: other protocol pkts received : 0 PKT_MNG: default (no IP/ARP) dropped : 0 SESS_MNG: sessions created : 18 SESS_MNG: sessions embryonic to active : 0 [...] An FWSM that stops processing traffic as a result of this vulnerability will need to be reloaded. Note that unless the FWSM software is updated to a non-vulnerable version, or crafted ICMP messages are blocked (see the Workarounds section for details), the FWSM can still be subject to exploitation (intentional or otherwise) after a reload. If an FWSM that is configured for failover operation encounters this issue, the active FWSM may not properly fail over to the standby FWSM. IPv6 (in particular ICMPv6) cannot trigger this vulnerability. Vulnerability Scoring Details +---------------------------- Cisco has provided scores for the vulnerability in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided a FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss * NP 2 threads lock due to processing crafted ICMP message (CSCsz97207) CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== Successful exploitation of the vulnerability may cause the FWSM to stop forwarding traffic between interfaces (transit traffic), and stop processing traffic directed at the FWSM (management traffic). If the FWSM is configured for failover operation, the active FWSM may not fail over to the standby FWSM. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. Each row of the FWSM software table below describes a major FWSM software train and the earliest possible release within that train that contains the fix (the "First Fixed Release") and the anticipated date of availability (if not currently available) in the "First Fixed Release" column. A device running a release that is earlier than the release in a specific column (less than the First Fixed Release) is known to be vulnerable. The release should be upgraded at least to the indicated release or a later version (greater than or equal to the First Fixed Release label). +---------------------------------------+ | Major | First Fixed Release | | Release | | |------------+--------------------------| | 2.x | Vulnerable; migrate to | | | 3.x or 4.x | |------------+--------------------------| | 3.1 | 3.1(16) | |------------+--------------------------| | 3.2 | 3.2(13) | |------------+--------------------------| | 4.0 | 4.0(6) | +---------------------------------------+ Fixed FWSM software can be downloaded from the Software Center on cisco.com by visiting http://www.cisco.com/public/sw-center/index.shtml and navigating to "Security" > "Cisco Catalyst 6500 Series Firewall Services Module" > "Firewall Services Module (FWSM) Software". Workarounds =========== There are no workarounds for this vulnerability. Access control lists (ACLs) that are deployed on the FWSM itself to block through-the-device or to-the-device ICMP messages are not effective to prevent this vulnerability. However, blocking unnecessary ICMP messages on screening devices or on devices in the path to the FWSM will prevent the FWSM from triggering the vulnerability. For example, the following ACL, when deployed on a Cisco IOS device in front of the FWSM, will prevent crafted ICMP messages from reaching the FWSM, and thus protect the FWSM from triggering the vulnerability: access-list 101 permit icmp any any echo access-list 101 permit icmp any any echo-reply access-list 101 permit icmp any any traceroute access-list 101 permit icmp any any packet-too-big access-list 101 permit icmp any any time-exceeded access-list 101 permit icmp any any host-unreachable access-list 101 permit icmp any any unreachable access-list 101 deny icmp any any access-list 101 permit ip any any This sample ACL is allowing certain ICMP messages that are vital for network troubleshooting and for proper operation of the network. It is safe to allow any other ICMP messages for which the Cisco IOS Software "access-list" command has named ICMP type keywords. ACLs like the one in the preceding example may also be deployed on non-Cisco IOS devices, such as the Cisco PIX and ASA security appliances, although the ACL syntax on non-Cisco IOS devices may not support all the named ICMP type keywords that the Cisco IOS ACL syntax supports. However, on non-Cisco IOS devices, it is safe to permit all ICMP messages for which there are named ICMP type keywords in the ACL syntax. As mentioned in the Details section, if the FWSM has stopped processing traffic due to this vulnerability, the FWSM will require a reload. Additional mitigations that can be deployed on Cisco devices within the network are available in the Cisco Applied Mitigation Bulletin companion document for this advisory, which is available at the following link: http://www.cisco.com/warp/public/707/cisco-amb-20090819-fwsm.shtml. Obtaining Fixed Software ======================== Cisco has released free software updates that address this vulnerability. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html, or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml. Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts - -------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations - ------------------------------------------------- Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts - ----------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability described in this advisory, but Cisco is aware of customers that have encountered this vulnerability during normal network operation. This vulnerability was discovered during the handling of customer support cases. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20090819-fwsm.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +------------------------------------------------------------+ | Revision 1.0 | 2009-August-19 | Initial public release | +------------------------------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html . This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt. +-------------------------------------------------------------------- Copyright 2008-2009 Cisco Systems, Inc. All rights reserved. +-------------------------------------------------------------------- Updated: Aug 19, 2009 Document ID: 110460 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkqMMFYACgkQ86n/Gc8U/uA2jACeLVA38jWbQv4AGpSCvOPVJjgR NqUAniMoiEUkV/JIDlo1xA0ztaO6jCFR =2Tm1 -----END PGP SIGNATURE-----

kmxIds.sys before 7.3.1.18 in CA Host-Based Intrusion Prevention System (HIPS) 8.1 allows remote attackers to cause a denial of service (system crash) via a malformed packet. Computer Associates Host-Based Intrusion Prevention System is affected by a denial-of-service vulnerability because the application mishandles malformed user-supplied input. A remote attacker may exploit this issue to cause denial-of-service conditions. Host-Based Intrusion Prevention System 8.1 is affected by this issue; other versions may also be vulnerable. CA HIPS integrates functions such as firewall, intrusion detection, intrusion protection, operating system security and application control to provide centralized active security protection. -----BEGIN PGP SIGNED MESSAGE----- CA20090818-01: Security Notice for CA Host-Based Intrusion Prevention System Issued: August 18, 2009 CA's technical support is alerting customers to a security risk with CA Host-Based Intrusion Prevention System. CA has issued a patch to address the vulnerability. The vulnerability, CVE-2009-2740, is due to the kmxIds.sys driver not correctly handling certain malformed packets. An attacker can send a malicious packet that will cause a kernel crash. Using Windows Explorer, locate the file "kmxIds.sys". By default, the file is located in the "C:\Windows\system32\drivers\" directory. 2. Right click on the file and select Properties. 3. Select the Version tab. 4. If the file version is less than indicated in the below table, the installation is vulnerable. File Name Version Size(bytes) Date kmxIds.sys 7.3.1.18 163,840 June 03, 2009, 12:32:22 PM Solution CA has issued the following patch to address the vulnerability. References CVE-2009-2740 - HIPS kmxIds.sys remote crash http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2740 CA20090818-01: Security Notice for CA Host-Based Intrusion Prevention System (line may wrap) https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=21 4665 Acknowledgement CVE-2009-2740 - iViZ Security Research Team Change History Version 1.0: Initial Release If additional information is required, please contact CA Support at http://support.ca.com/ If you discover a vulnerability in CA products, please report your findings to the CA Product Vulnerability Response Team. (line may wrap) https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=17 7782 Kevin Kotas CA Product Vulnerability Response Team -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQEVAwUBSosQJJI1FvIeMomJAQFFEAf+IcKJCxu2tj2cO24u8Hp3nQIeCyAAJITU Fdsmn/RRDNKPXm6fCPVbeK7rnvCGRuSmEOXPT+H+Y8S5ruppUqf4kuehkvhaW3N+ m5xjiC4BnACtPO6HE2q4JelgAdb0mKWIWnbn6ydWXKvBKViUQU4cAirCxRw7zj7P lrfm+V6hun7s6FTF7IccdGTJDhxXOCo9Q++FGLaOvaXJiXSS+HvzTM7MzbAEa5yy TosaTPGrnYO8FzQz+P/HFlCYsD6IKjCfMy1C63Qp7xCFWZ6ltJSKEIUYLu/DJlWu z2JUzNXn4lqNXoDLOAuBHawMiJesPXshjFqFG0kdeRxvP4JMUhENOQ== =AsHd -----END PGP SIGNATURE----- . --------------------------------------------------------------------------------------------------- [ iViZ Security Advisory 09-005 19/08/2009 ] --------------------------------------------------------------------------------------------------- iViZ Techno Solutions Pvt. http://www.ivizsecurity.com ------------------------------------------------------------------------------------------ * Title: CA HIPS kmxids.sys Remote Kernel Vulnerability * Software: CA HIPS r8.1 --[ Synopsis: CA HIPS is a Host Based Intrusion Prevention System in which managed agents are deployed on individual hosts to be protected by the HIPS and controlled by the centralized console. --[ Affected Software: * CA HIPS r8.1 (possibly older versions too) Tested on: * Agent Product Version: 1.5.290 * Agent Engine Version: 1.5.286 --[ Technical description: When CA HIPS agent processes certain malformed IP packets, it fails to handle certain boundary condition during parsing and pattern matching of the packet. It is possible to force the kernel driver (kmxids.sys) responsible for analyzing each in/out packet to reference invalid/unmapped memory. The following information is obtained during crash analysis: ------ CURRENT_IRQL: 2 FAULTING_IP: kmxids+a2f4 f6b8c2f4 8a26 mov ah,byte ptr [esi] DEFAULT_BUCKET_ID: DRIVER_FAULT BUGCHECK_STR: 0xD1 TRAP_FRAME: f88ca4f4 -- (.trap 0xfffffffff88ca4f4) ErrCode = 00000000 eax=f88ca754 ebx=81f7415a ecx=00000003 edx=428c200c esi=6e96d603 edi=f6b83264 eip=f6b8c2f4 esp=f88ca568 ebp=f88ca574 iopl=0 nv up ei pl nz na pe nc cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010206 kmxids+0xa2f4: f6b8c2f4 8a26 mov ah,byte ptr [esi] ds:0023:6e96d603=?? Resetting default scope LAST_CONTROL_TRANSFER: from 804f7b9d to 80527bdc STACK_TEXT: f88ca0a8 804f7b9d 00000003 f88ca404 00000000 nt!RtlpBreakWithStatusInstruction f88ca0f4 804f878a 00000003 6e96d603 f6b8c2f4 nt!KiBugCheckDebugBreak+0x19 f88ca4d4 80540683 0000000a 6e96d603 00000002 nt!KeBugCheck2+0x574 f88ca4d4 f6b8c2f4 0000000a 6e96d603 00000002 nt!KiTrap0E+0x233 WARNING: Stack unwind information not available. Following frames may be wrong. f88ca574 f6b832e1 6e96d603 f6b83264 00000003 kmxids+0xa2f4 00000000 00000000 00000000 00000000 00000000 kmxids+0x12e1 ------ The issue can be used to create a Denial of Service condition on each of the host protected by affected versions of CA HIPS agent, however due to the nature of the vulnerability remote code execution is unlikely

Cisco IOS XR 3.4.0 through 3.8.1 allows remote attackers to cause a denial of service (session reset) via a BGP UPDATE message with an invalid attribute, as demonstrated in the wild on 17 August 2009. An attacker can exploit this issue to cause an affected device to restart the peering session. The resulting peering session will flap until the sender ceases to send the invalid update. This issue is being tracked by Cisco Bug ID CSCtb42995. Cisco IOS is an operating system developed by Cisco in the United States for its network equipment. The vulnerability manifests when a BGP peer announces a prefix with a specific invalid attribute. On receipt of this prefix, the Cisco IOS XR device will restart the peering session by sending a notification. This is a different vulnerability to what was disclosed in the Cisco Security Advisory "Cisco IOS Software Border Gateway Protocol 4-Byte Autonomous System Number Vulnerabilities" disclosed on the 2009 July 29 1600 UTC at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20090729-bgp.shtml Cisco is preparing to release free software maintenance upgrade (SMU) that address this vulnerability. This advisory will be updated once the SMU is available. A workaround that mitigates this vulnerability is available. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20090818-bgp.shtml Affected Products ================= This vulnerability affects all Cisco IOS XR software devices after and including software release 3.4.0 configured with BGP routing. Vulnerable Products +------------------ To determine the Cisco IOS XR Software release that is running on a Cisco product, administrators can log in to the device and issue the show version command to display the system banner. The system banner confirms that the device is running Cisco IOS XR Software by displaying text similar to "Cisco IOS XR Software". The software version is displayed after the text "Cisco IOS XR Software". The following example identifies a Cisco CRS-1 that is running Cisco IOS XR Software Release 3.6.2: RP/0/RP0/CPU0:CRS#show version Tue Aug 18 14:25:17.407 AEST Cisco IOS XR Software, Version 3.6.2[00] Copyright (c) 2008 by Cisco Systems, Inc. ROM: System Bootstrap, Version 1.49(20080319:195807) [CRS-1 ROMMON], CRS uptime is 4 weeks, 4 days, 1 minute System image file is "disk0:hfr-os-mbi-3.6.2/mbihfr-rp.vm" cisco CRS-8/S (7457) processor with 4194304K bytes of memory. 7457 processor at 1197Mhz, Revision 1.2 17 Packet over SONET/SDH network interface(s) 1 DWDM controller(s) 17 SONET/SDH Port controller(s) 8 TenGigabitEthernet/IEEE 802.3 interface(s) 2 Ethernet/IEEE 802.3 interface(s) 1019k bytes of non-volatile configuration memory. 38079M bytes of hard disk. 981440k bytes of ATA PCMCIA card at disk 0 (Sector size 512 bytes). Configuration register on node 0/0/CPU0 is 0x102 Boot device on node 0/0/CPU0 is mem: !--- output truncated The following example identifies a Cisco 12404 router that is running Cisco IOS XR Software Release 3.7.1: RP/0/0/CPU0:GSR#show version Cisco IOS XR Software, Version 3.7.1[00] Copyright (c) 2008 by Cisco Systems, Inc. ROM: System Bootstrap, Version 12.0(20051020:160303) SOFTWARE Copyright (c) 1994-2005 by cisco Systems, Inc. GSR uptime is 3 weeks, 6 days, 3 hours, 20 minutes System image file is "disk0:c12k-os-mbi-3.7.1/mbiprp-rp.vm" cisco 12404/PRP (7457) processor with 2097152K bytes of memory. 7457 processor at 1266Mhz, Revision 1.2 1 Cisco 12000 Series Performance Route Processor 1 Cisco 12000 Series - Multi-Service Blade Controller 1 1 Port ISE Packet Over SONET OC-48c/STM-16 Controller (1 POS) 1 Cisco 12000 Series SPA Interface Processor-601/501/401 3 Ethernet/IEEE 802.3 interface(s) 1 SONET/SDH Port controller(s) 1 Packet over SONET/SDH network interface(s) 4 PLIM QoS controller(s) 8 FastEthernet/IEEE 802.3 interface(s) 1016k bytes of non-volatile configuration memory. 1000496k bytes of disk0: (Sector size 512 bytes). 65536k bytes of Flash internal SIMM (Sector size 256k). Configuration register on node 0/0/CPU0 is 0x2102 Boot device on node 0/0/CPU0 is disk0: !--- output truncated Additional information about Cisco IOS XR software release naming conventions is available in the "White Paper: Cisco IOS Reference Guide" at the following link: http://www.cisco.com/warp/public/620/1.html#t6 Additional information about Cisco IOS XR software time-based release model is available in the "White Paper: Guidelines for Cisco IOS XR Software" at the following link: http://www.cisco.com/en/US/prod/collateral/iosswrel/ps8803/ps5845/product_bulletin_c25-478699.html BGP is configured in Cisco IOS XR software with the configuration command router bgp [AS Number] or router bgp [X.Y]. The device is vulnerable if it is running affected Cisco IOS XR version and has BGP configured. The following example shows a Cisco IOS XR software device configured with BGP: RP/0/0/CPU0:GSR#show running-config | begin router bgp Building configuration... router bgp 65535 bgp router-id 192.168.0.1 address-family ipv4 unicast network 192.168.1.1/32 ! address-family vpnv4 unicast ! neighbor 192.168.2.1 remote-as 65534 update-source Loopback0 address-family ipv4 unicast ! !--- output truncated Products Confirmed Not Vulnerable +-------------------------------- The following Cisco products are confirmed not vulnerable: * Cisco IOS Software * Cisco IOS XR Software prior to release 3.4.0 * Cisco IOS XR Software not configured for BGP routing No other Cisco products are currently known to be affected by this vulnerability. When receiving the invalid update the receiving Cisco IOS XR software device will display a log message like the following example: RP/0/RP0/CPU0:Aug 17 13:47:05.896 GMT: bgp[122]: %ROUTING-BGP-5-ADJCHANGE : neighbor 192.168.0.1 Down - BGP Notification sent: invalid or corrupt AS path The peering session will flap until the sender stops sending the invalid/corrupt prefix. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerability in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at http://intellishield.cisco.com/security/alertmanager/cvss CSCtb42995 - Cisco IOS XR Software Border Gateway Protocol Vulnerability +----------------------------------------------------- CVSS Base Score - 4.3 Access Vector - Network Access Complexity - Medium Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Partial CVSS Temporal Score - 3.9 Exploitability - Functional Remediation Level - Unavailable Report Confidence - Confirmed Impact ====== Successful exploitation of the vulnerability may result in BGP peering sessions continuously being reset. This may lead to routing inconsistencies and a denial of service for those affected networks. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. +---------------------------------------+ | Cisco IOS XR Version | SMU ID | |----------------------+----------------| | 3.2.X | Not Vulnerable | |----------------------+----------------| | 3.3.X | Not vulnerable | |----------------------+----------------| | 3.4.0 | Pending | |----------------------+----------------| | 3.4.1 | Pending | |----------------------+----------------| | 3.4.2 | Pending | |----------------------+----------------| | 3.4.3 | Pending | |----------------------+----------------| | 3.5.2 | Pending | |----------------------+----------------| | 3.5.3 | Pending | |----------------------+----------------| | 3.5.4 | Pending | |----------------------+----------------| | 3.6.0 | Pending | |----------------------+----------------| | 3.6.1 | Pending | |----------------------+----------------| | 3.6.2 | Pending | |----------------------+----------------| | 3.6.3 | Pending | |----------------------+----------------| | 3.7.0 | Pending | |----------------------+----------------| | 3.7.1 | Pending | |----------------------+----------------| | 3.7.2 | Pending | |----------------------+----------------| | 3.7.3 | Pending | |----------------------+----------------| | 3.8.0 | Pending | |----------------------+----------------| | 3.8.1 | Pending | +---------------------------------------+ Workarounds =========== There are no workarounds on the affected device itself. Co-ordination is required with the peering neighbor support staff to filter the invalid update on their outbound path. The following procedure explains how to help mitigate this vulnerability: Using the peer IP address in the log message that was generated when the Cisco IOS XR software device received the invalid update; capture the notification message hex dump from the CLI command show bgp neighbor and contact the Cisco TAC whom can assist with a decode. Details on how to contact Cisco TAC are contained within the section "Obtaining Fixed Software" of this advisory. The following example show an example generated log message when receiving the invalid update, and the details to be captured to be sent to the Cisco TAC for decoding: Log message generated when receiving invalid update: RP/0/RP0/CPU0:Aug 17 13:47:05.896 GMT: bgp[122]: %ROUTING-BGP-5-ADJCHANGE : neighbor 192.168.0.1 Down - BGP Notification sent: invalid or corrupt AS path Information to capture for decoding by the Cisco TAC, is the output from show bgp neighbors [ip address of neighbor from above log message]. RP/0/RP0/CPU0:CRS#show bgp neighbors 192.168.0.1 <capture output and provide to Cisco TAC> Working with Cisco TAC, the decode of the above will display the AS path in a manner illustrated below. ATTRIBUTE NAME: AS_PATH AS_PATH: Type 2 is AS_SEQUENCE AS_PATH: Segment Length is 4 (0x04) segments long AS_PATH: 65533 65532 65531 65531 Working cooperatively with your peering partner, request that they filter outbound prefix advertisements from the identified source AS (in this example 65531) for your peering session. The filters configuration methods will vary depending on the routing device operating system used. For Cisco IOS XR the filters will be applied using Routing Policy Language (RPL) policies or with Cisco IOS software via applying route-maps that deny advertisements matching that AS in their AS-PATH. Once these policies are applied, the peering session will be re-established. For further information on Cisco IOS XR RPL consult the document "Implementing Routing Policy on Cisco IOS XR Software" at the following link: http://www.cisco.com/en/US/docs/ios_xr_sw/iosxr_r3.0/routing/configuration/guide/rc3rpl.html#wp1118699 For further information on Cisco IOS route maps with BGP, consult the document "Cisco IOS BGP Configuration Guide, Release 12.4T" at the following link: http://www.cisco.com/en/US/docs/ios/12_2sr/12_2srb/feature/guide/tbgp_c.html Obtaining Fixed Software ======================== Cisco will be releasing free software updates that address this vulnerability. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== On August 17, 2009 around 16:30-17:00 UTC several ISP's began experiencing connectivity issues as BGP sessions were being repeatedly reset. Cisco TAC was engaged with a number of customers all seeing similar issues. Stability came a few hours afterward as workarounds were applied. At this time, it is not believed that the connectivity issues were the result of malicious activity. Status of this Notice: INTERIM ============================== THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. CISCO EXPECTS TO UPDATE THIS DOCUMENT AS NEW INFORMATION BECOMES AVAILABLE. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at : http://www.cisco.com/warp/public/707/cisco-sa-20090818-bgp.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +---------------------------------------+ | Revision | | Initial | | 1.0 | 2009-August-18 | public | | | | release. | +---------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt - --------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin) iD8DBQFKitOJ86n/Gc8U/uARAlpUAJ95EA/XmiFntl4XuXpKTpqeIt5q8gCfdOPV /OmnNTdlD9lueFh99gS6NDM= =dejJ -----END PGP SIGNATURE-----

Cross-site scripting (XSS) vulnerability in the Activities module in vtiger CRM 5.0.4 allows remote attackers to inject arbitrary web script or HTML via the action parameter to phprint.php. NOTE: the query_string vector is already covered by CVE-2008-3101.3. vtiger CRM is prone to multiple input-validation vulnerabilities: - A remote PHP code-execution vulnerability - Multiple local file-include vulnerabilities - A cross-site scripting vulnerability - Multiple cross-site request-forgery vulnerabilities Attackers can exploit these issues to execute arbitrary script code within the context of the webserver, perform unauthorized actions, compromise the affected application, steal cookie-based authentication credentials, or obtain information that could aid in further attacks. The issues affect vtiger CRM 5.0.4; other versions may also be affected

neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. This vulnerability CVE-2009-2408 And is related.A crafted certificate allows any man-in-the-middle attacker to SSL There is a possibility of impersonating a server. This issue affects Neon when compiled against OpenSSL. Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks. Versions prior to Neon 0.28.6 are vulnerable. Additional applications that use the affected library may also be vulnerable. neon is an HTTP/1.1 and WebDAV client library with a C interface. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:221 http://www.mandriva.com/security/ _______________________________________________________________________ Package : libneon0.27 Date : August 24, 2009 Affected: 2008.1, 2009.0, 2009.1, Corporate 4.0, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities has been found and corrected in libneon0.27: neon before 0.28.6, when expat is used, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564 (CVE-2009-2473). _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2473 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2474 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.1: 26729257d5b2255a8a6242cfe6931dc9 2008.1/i586/libneon0.27-0.28.3-0.2mdv2008.1.i586.rpm 992af0611f69a2e4043f29faf50de608 2008.1/i586/libneon0.27-devel-0.28.3-0.2mdv2008.1.i586.rpm 71e83652b0aa875f404ecf0df9409184 2008.1/i586/libneon0.27-static-devel-0.28.3-0.2mdv2008.1.i586.rpm a4b59dd8d54e66de85f70186c7726269 2008.1/SRPMS/libneon0.27-0.28.3-0.2mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: 56eb9b74f3e2202ac683377a16799c70 2008.1/x86_64/lib64neon0.27-0.28.3-0.2mdv2008.1.x86_64.rpm f688d9a1285f19e7b80997b52a147a60 2008.1/x86_64/lib64neon0.27-devel-0.28.3-0.2mdv2008.1.x86_64.rpm 08f5058e8dc35470e8cdc8cf9cb16381 2008.1/x86_64/lib64neon0.27-static-devel-0.28.3-0.2mdv2008.1.x86_64.rpm a4b59dd8d54e66de85f70186c7726269 2008.1/SRPMS/libneon0.27-0.28.3-0.2mdv2008.1.src.rpm Mandriva Linux 2009.0: 9bf34661a2420bd2402cafc4565a2587 2009.0/i586/libneon0.27-0.28.3-1.1mdv2009.0.i586.rpm f6ed581464940115491ec68cacafe859 2009.0/i586/libneon0.27-devel-0.28.3-1.1mdv2009.0.i586.rpm db2dc25faa186ceb3394af63a9e2d0e6 2009.0/i586/libneon0.27-static-devel-0.28.3-1.1mdv2009.0.i586.rpm 14cbfad698a74067a74199807e8c9282 2009.0/SRPMS/libneon0.27-0.28.3-1.1mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 3a86cf10f1df3feaea91ae64e28f3e8d 2009.0/x86_64/lib64neon0.27-0.28.3-1.1mdv2009.0.x86_64.rpm 872195ee41e00405d03ab18010bd15d9 2009.0/x86_64/lib64neon0.27-devel-0.28.3-1.1mdv2009.0.x86_64.rpm f841222c663bc8506e6e0e87a165c6b7 2009.0/x86_64/lib64neon0.27-static-devel-0.28.3-1.1mdv2009.0.x86_64.rpm 14cbfad698a74067a74199807e8c9282 2009.0/SRPMS/libneon0.27-0.28.3-1.1mdv2009.0.src.rpm Mandriva Linux 2009.1: 14c6caacb5e2b3f9e0a2e7b7924ba1e3 2009.1/i586/libneon0.27-0.28.3-2.1mdv2009.1.i586.rpm 242e3182440acc212408d03d27ba9a08 2009.1/i586/libneon0.27-devel-0.28.3-2.1mdv2009.1.i586.rpm 71701b0c1b6931979cb6eabe377522aa 2009.1/i586/libneon0.27-static-devel-0.28.3-2.1mdv2009.1.i586.rpm 58bd3f3f6ac9178d9e4903fa88fd5862 2009.1/SRPMS/libneon0.27-0.28.3-2.1mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: 5ac6a8cefa50849e32957b821ec1ef8c 2009.1/x86_64/lib64neon0.27-0.28.3-2.1mdv2009.1.x86_64.rpm 5b801b45bf9d73a59b7eb0a4b350431f 2009.1/x86_64/lib64neon0.27-devel-0.28.3-2.1mdv2009.1.x86_64.rpm 72e5bce2285b22ccd6b6f68c8c47bff8 2009.1/x86_64/lib64neon0.27-static-devel-0.28.3-2.1mdv2009.1.x86_64.rpm 58bd3f3f6ac9178d9e4903fa88fd5862 2009.1/SRPMS/libneon0.27-0.28.3-2.1mdv2009.1.src.rpm Corporate 4.0: 6c92c285d835d3d283c820bbe14fa013 corporate/4.0/i586/libneon0.27-0.28.3-0.2.20060mlcs4.i586.rpm ae72e53a686010d7b31e56bee90000e5 corporate/4.0/i586/libneon0.27-devel-0.28.3-0.2.20060mlcs4.i586.rpm 1814371725d85bb607af694a074fc816 corporate/4.0/i586/libneon0.27-static-devel-0.28.3-0.2.20060mlcs4.i586.rpm 617b5c9c0bf440531b571e34409023b3 corporate/4.0/SRPMS/libneon0.27-0.28.3-0.2.20060mlcs4.src.rpm Corporate 4.0/X86_64: 9db63260cab1c01d8f6e3882f719a8a6 corporate/4.0/x86_64/lib64neon0.27-0.28.3-0.2.20060mlcs4.x86_64.rpm 526df150c547d98fdeeda8241774bcbf corporate/4.0/x86_64/lib64neon0.27-devel-0.28.3-0.2.20060mlcs4.x86_64.rpm 02fa7448bb3a59c6f0947a2e96983813 corporate/4.0/x86_64/lib64neon0.27-static-devel-0.28.3-0.2.20060mlcs4.x86_64.rpm 617b5c9c0bf440531b571e34409023b3 corporate/4.0/SRPMS/libneon0.27-0.28.3-0.2.20060mlcs4.src.rpm Mandriva Enterprise Server 5: a2209a398a7f98673c5bd459dfa1fd58 mes5/i586/libneon0.27-0.28.3-1.1mdvmes5.i586.rpm 18631025bb665c21dcbd4ef75986dc2f mes5/i586/libneon0.27-devel-0.28.3-1.1mdvmes5.i586.rpm b216b56ea349e57db0bd1a06791c1192 mes5/i586/libneon0.27-static-devel-0.28.3-1.1mdvmes5.i586.rpm 2cd59a4c7297629446c6c0779363d6fd mes5/SRPMS/libneon0.27-0.28.3-1.1mdvmes5.src.rpm Mandriva Enterprise Server 5/X86_64: ee892ef74cca60e827899a0d9e06c8cd mes5/x86_64/lib64neon0.27-0.28.3-1.1mdvmes5.x86_64.rpm db0c1a9ab2315bf05dc35382349d4534 mes5/x86_64/lib64neon0.27-devel-0.28.3-1.1mdvmes5.x86_64.rpm 0c131d6264ef181e0b3870c8eb438b36 mes5/x86_64/lib64neon0.27-static-devel-0.28.3-1.1mdvmes5.x86_64.rpm 2cd59a4c7297629446c6c0779363d6fd mes5/SRPMS/libneon0.27-0.28.3-1.1mdvmes5.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFKkvLkmqjQ0CJFipgRAq6qAJ9cjtiGVrF46gPqCQlUYpyiTrM/uwCgm9Wp 0gkprOAZM9dbBhPRDNeWeEs= =E/sr -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . Packages for 2008.0 are being provided due to extended support for Corporate products. For more information: SA31508 SA36371 SOLUTION: Apply updated packages. -- Ubuntu 6.06 LTS -- Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/neon/neon_0.25.5.dfsg-5ubuntu0.1.diff.gz Size/MD5: 21241 816587e0cf93ab4a4b83facb7768962f http://security.ubuntu.com/ubuntu/pool/main/n/neon/neon_0.25.5.dfsg-5ubuntu0.1.dsc Size/MD5: 789 883a571edfb6ca2f265b6cc830b92cec http://security.ubuntu.com/ubuntu/pool/main/n/neon/neon_0.25.5.dfsg.orig.tar.gz Size/MD5: 633438 32ed43bea8568f8f592266c6ff6acf0f amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/n/neon/libneon25-dbg_0.25.5.dfsg-5ubuntu0.1_amd64.deb Size/MD5: 150072 8fe35489f1bf3c0d9dc029c737a3b400 http://security.ubuntu.com/ubuntu/pool/main/n/neon/libneon25-dev_0.25.5.dfsg-5ubuntu0.1_amd64.deb Size/MD5: 139964 1fc960e8c8d23498f73651158c5fed88 http://security.ubuntu.com/ubuntu/pool/main/n/neon/libneon25_0.25.5.dfsg-5ubuntu0.1_amd64.deb Size/MD5: 105972 718aab24299009494603f217d680343e i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/n/neon/libneon25-dbg_0.25.5.dfsg-5ubuntu0.1_i386.deb Size/MD5: 129460 850a2dcae6650b6cd360d8fd5e260306 http://security.ubuntu.com/ubuntu/pool/main/n/neon/libneon25-dev_0.25.5.dfsg-5ubuntu0.1_i386.deb Size/MD5: 127282 b29d4d5725a2b166a65317b39d927a2d http://security.ubuntu.com/ubuntu/pool/main/n/neon/libneon25_0.25.5.dfsg-5ubuntu0.1_i386.deb Size/MD5: 98742 d925ff133a28cd973197e22b2e0d18e4 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/n/neon/libneon25-dbg_0.25.5.dfsg-5ubuntu0.1_powerpc.deb Size/MD5: 149668 037f23da1f9566622a018632fe610c2d http://security.ubuntu.com/ubuntu/pool/main/n/neon/libneon25-dev_0.25.5.dfsg-5ubuntu0.1_powerpc.deb Size/MD5: 139344 f1fe92c7c7f59ca0968a1bb87d585717 http://security.ubuntu.com/ubuntu/pool/main/n/neon/libneon25_0.25.5.dfsg-5ubuntu0.1_powerpc.deb Size/MD5: 102650 38eff65b3cb36fdf18b1a9c508ebbd56 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/n/neon/libneon25-dbg_0.25.5.dfsg-5ubuntu0.1_sparc.deb Size/MD5: 131338 e204e6cb89e1bf96d3367c3bbf1487c1 http://security.ubuntu.com/ubuntu/pool/main/n/neon/libneon25-dev_0.25.5.dfsg-5ubuntu0.1_sparc.deb Size/MD5: 133516 213211b48418ed7388bb9235130efa9a http://security.ubuntu.com/ubuntu/pool/main/n/neon/libneon25_0.25.5.dfsg-5ubuntu0.1_sparc.deb Size/MD5: 101588 3cb88debbc07258d7ee434b32262128e -- Ubuntu 8.04 LTS -- Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/neon27/neon27_0.27.2-1ubuntu0.1.diff.gz Size/MD5: 20712 20939a5349b3b1d57c6ce3660e362f42 http://security.ubuntu.com/ubuntu/pool/main/n/neon27/neon27_0.27.2-1ubuntu0.1.dsc Size/MD5: 939 a8ad0b6b6c520828fd7d00749897f26a http://security.ubuntu.com/ubuntu/pool/main/n/neon27/neon27_0.27.2.orig.tar.gz Size/MD5: 812750 24d434a4d5d4b6ce8f076039688f60ce amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/n/neon27/libneon27-dbg_0.27.2-1ubuntu0.1_amd64.deb Size/MD5: 176652 ed7021e0f6b21df0851aab43e6c008d3 http://security.ubuntu.com/ubuntu/pool/main/n/neon27/libneon27-dev_0.27.2-1ubuntu0.1_amd64.deb Size/MD5: 402820 9f302f4e9031233a43d49b636706e13f http://security.ubuntu.com/ubuntu/pool/main/n/neon27/libneon27-gnutls-dbg_0.27.2-1ubuntu0.1_amd64.deb Size/MD5: 157874 ff25752134f938896a7b146169ddee49 http://security.ubuntu.com/ubuntu/pool/main/n/neon27/libneon27-gnutls-dev_0.27.2-1ubuntu0.1_amd64.deb Size/MD5: 376918 2615e14d72ec90aa8b42cf6ca0b379b2 http://security.ubuntu.com/ubuntu/pool/main/n/neon27/libneon27-gnutls_0.27.2-1ubuntu0.1_amd64.deb Size/MD5: 108292 2539874993245e5a3e34fbc6ecf29fda http://security.ubuntu.com/ubuntu/pool/main/n/neon27/libneon27_0.27.2-1ubuntu0.1_amd64.deb Size/MD5: 133262 70d032dcdcac2b62d0279504990f5d3e i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/n/neon27/libneon27-dbg_0.27.2-1ubuntu0.1_i386.deb Size/MD5: 170324 916695eae648a04716d6decd5afd454e http://security.ubuntu.com/ubuntu/pool/main/n/neon27/libneon27-dev_0.27.2-1ubuntu0.1_i386.deb Size/MD5: 369116 6a079f855afcbf62debaec5b6d924d78 http://security.ubuntu.com/ubuntu/pool/main/n/neon27/libneon27-gnutls-dbg_0.27.2-1ubuntu0.1_i386.deb Size/MD5: 151426 654b963a71dcb4e96e4f37bf858a498f http://security.ubuntu.com/ubuntu/pool/main/n/neon27/libneon27-gnutls-dev_0.27.2-1ubuntu0.1_i386.deb Size/MD5: 344216 42923c3cd16536839d33e91391afe58a http://security.ubuntu.com/ubuntu/pool/main/n/neon27/libneon27-gnutls_0.27.2-1ubuntu0.1_i386.deb Size/MD5: 103146 85cbd67c28eed802c146f49266986793 http://security.ubuntu.com/ubuntu/pool/main/n/neon27/libneon27_0.27.2-1ubuntu0.1_i386.deb Size/MD5: 127926 99fa358256515f29eab2057538cf3ee1 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/n/neon27/libneon27-dbg_0.27.2-1ubuntu0.1_lpia.deb Size/MD5: 172252 eab88350f2284d5f9d74f8788555fc81 http://ports.ubuntu.com/pool/main/n/neon27/libneon27-dev_0.27.2-1ubuntu0.1_lpia.deb Size/MD5: 371158 8e97b2cc49f5213f127848b9bf760324 http://ports.ubuntu.com/pool/main/n/neon27/libneon27-gnutls-dbg_0.27.2-1ubuntu0.1_lpia.deb Size/MD5: 153228 191f3882e96d175eb9f58df4db377cdd http://ports.ubuntu.com/pool/main/n/neon27/libneon27-gnutls-dev_0.27.2-1ubuntu0.1_lpia.deb Size/MD5: 345646 026e6d7570cfcd8452aabc1aa4e430c5 http://ports.ubuntu.com/pool/main/n/neon27/libneon27-gnutls_0.27.2-1ubuntu0.1_lpia.deb Size/MD5: 102114 96bc6e6b22ca0c87c4542d447ef87f6c http://ports.ubuntu.com/pool/main/n/neon27/libneon27_0.27.2-1ubuntu0.1_lpia.deb Size/MD5: 127030 4e55fd691c2349280efceb57448dba6a powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/n/neon27/libneon27-dbg_0.27.2-1ubuntu0.1_powerpc.deb Size/MD5: 176704 c5cb99ca83490774d54ca181d537ead2 http://ports.ubuntu.com/pool/main/n/neon27/libneon27-dev_0.27.2-1ubuntu0.1_powerpc.deb Size/MD5: 421734 a1465902d5fce2a81631971b3e7158a7 http://ports.ubuntu.com/pool/main/n/neon27/libneon27-gnutls-dbg_0.27.2-1ubuntu0.1_powerpc.deb Size/MD5: 157946 a983b5baf576d1f065176ba12166cc19 http://ports.ubuntu.com/pool/main/n/neon27/libneon27-gnutls-dev_0.27.2-1ubuntu0.1_powerpc.deb Size/MD5: 391658 4a9785df166703eb6fa7c8132a98a3b1 http://ports.ubuntu.com/pool/main/n/neon27/libneon27-gnutls_0.27.2-1ubuntu0.1_powerpc.deb Size/MD5: 110220 d885beccb5d7db7aace902b39ebd2cb5 http://ports.ubuntu.com/pool/main/n/neon27/libneon27_0.27.2-1ubuntu0.1_powerpc.deb Size/MD5: 134874 bdc0bd129db2bc565b514a86eff5aaef sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/n/neon27/libneon27-dbg_0.27.2-1ubuntu0.1_sparc.deb Size/MD5: 162998 ff3ed6431bffadfc57c3f8a9d4cac74e http://ports.ubuntu.com/pool/main/n/neon27/libneon27-dev_0.27.2-1ubuntu0.1_sparc.deb Size/MD5: 371204 fced2fe9f2cc105203c9fe518408c12c http://ports.ubuntu.com/pool/main/n/neon27/libneon27-gnutls-dbg_0.27.2-1ubuntu0.1_sparc.deb Size/MD5: 144480 5d79c57d41605ab64dd46500e42e0843 http://ports.ubuntu.com/pool/main/n/neon27/libneon27-gnutls-dev_0.27.2-1ubuntu0.1_sparc.deb Size/MD5: 343442 94b1d72e42b52c2164168f8d377773e8 http://ports.ubuntu.com/pool/main/n/neon27/libneon27-gnutls_0.27.2-1ubuntu0.1_sparc.deb Size/MD5: 103374 8c77263ab7d6181405005208022a1b06 http://ports.ubuntu.com/pool/main/n/neon27/libneon27_0.27.2-1ubuntu0.1_sparc.deb Size/MD5: 128486 e272c8dddd67ce4d87afbd4c90fedffa -- Ubuntu 8.10 -- Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/neon27/neon27_0.28.2-2ubuntu0.1.diff.gz Size/MD5: 23815 6f6b1e6ada9a523896127613b1f2a217 http://security.ubuntu.com/ubuntu/pool/main/n/neon27/neon27_0.28.2-2ubuntu0.1.dsc Size/MD5: 1379 7ea5e427b97085cc7511afcdcedf857d http://security.ubuntu.com/ubuntu/pool/main/n/neon27/neon27_0.28.2.orig.tar.gz Size/MD5: 797944 b99b3f44e8507ae2d17362f1b34aaf02 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/n/neon27/libneon27-dbg_0.28.2-2ubuntu0.1_amd64.deb Size/MD5: 191520 f6ab3ecad18b6cd3d05e2751ffa7a5a9 http://security.ubuntu.com/ubuntu/pool/main/n/neon27/libneon27-dev_0.28.2-2ubuntu0.1_amd64.deb Size/MD5: 428176 5830845f7612a0dba4efbe2a8021e4c4 http://security.ubuntu.com/ubuntu/pool/main/n/neon27/libneon27-gnutls-dbg_0.28.2-2ubuntu0.1_amd64.deb Size/MD5: 172890 97942efd1db0a758e97bcdf37f0d8f76 http://security.ubuntu.com/ubuntu/pool/main/n/neon27/libneon27-gnutls-dev_0.28.2-2ubuntu0.1_amd64.deb Size/MD5: 402762 892c4c6fb330a202e7c3bb6202bb0a02 http://security.ubuntu.com/ubuntu/pool/main/n/neon27/libneon27-gnutls_0.28.2-2ubuntu0.1_amd64.deb Size/MD5: 119264 d313c4dc3a6b379fbe4e2f973b5947e6 http://security.ubuntu.com/ubuntu/pool/main/n/neon27/libneon27_0.28.2-2ubuntu0.1_amd64.deb Size/MD5: 144902 7d580f2550b264fada435ec7597a5742 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/n/neon27/libneon27-dbg_0.28.2-2ubuntu0.1_i386.deb Size/MD5: 184370 3d50415bf133d4dfe276dfc03e71e020 http://security.ubuntu.com/ubuntu/pool/main/n/neon27/libneon27-dev_0.28.2-2ubuntu0.1_i386.deb Size/MD5: 393130 29bd3b6e83c131e6900c031805ba34fa http://security.ubuntu.com/ubuntu/pool/main/n/neon27/libneon27-gnutls-dbg_0.28.2-2ubuntu0.1_i386.deb Size/MD5: 166050 f65eddb05aa5d975a7e122c84d7b7845 http://security.ubuntu.com/ubuntu/pool/main/n/neon27/libneon27-gnutls-dev_0.28.2-2ubuntu0.1_i386.deb Size/MD5: 368212 eb7020e74a0311d2104976e1772b641a http://security.ubuntu.com/ubuntu/pool/main/n/neon27/libneon27-gnutls_0.28.2-2ubuntu0.1_i386.deb Size/MD5: 114122 035e3b754e87e0cf46a8ec136caaa026 http://security.ubuntu.com/ubuntu/pool/main/n/neon27/libneon27_0.28.2-2ubuntu0.1_i386.deb Size/MD5: 139584 cfc9ceb5dcc52610fde529ffe5604da7 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/n/neon27/libneon27-dbg_0.28.2-2ubuntu0.1_lpia.deb Size/MD5: 185900 17a1d4d1f1ab9708aa18e034fb7b29e1 http://ports.ubuntu.com/pool/main/n/neon27/libneon27-dev_0.28.2-2ubuntu0.1_lpia.deb Size/MD5: 394742 24f17a926e8a8c17b0273dab1c24a70e http://ports.ubuntu.com/pool/main/n/neon27/libneon27-gnutls-dbg_0.28.2-2ubuntu0.1_lpia.deb Size/MD5: 167492 2c73ae4810ba0742f849803620595c74 http://ports.ubuntu.com/pool/main/n/neon27/libneon27-gnutls-dev_0.28.2-2ubuntu0.1_lpia.deb Size/MD5: 370226 f7ff770cfcfd9a624db80a2c8100e436 http://ports.ubuntu.com/pool/main/n/neon27/libneon27-gnutls_0.28.2-2ubuntu0.1_lpia.deb Size/MD5: 113006 4e7446c38f409381e44fa3348d9cf16d http://ports.ubuntu.com/pool/main/n/neon27/libneon27_0.28.2-2ubuntu0.1_lpia.deb Size/MD5: 138624 a2de6a9c1ec02a3970f01052caccef64 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/n/neon27/libneon27-dbg_0.28.2-2ubuntu0.1_powerpc.deb Size/MD5: 191006 d2ae675e1836a76db2974ca4bb10a6d2 http://ports.ubuntu.com/pool/main/n/neon27/libneon27-dev_0.28.2-2ubuntu0.1_powerpc.deb Size/MD5: 445778 75977229ba9371115dd80bd77b078230 http://ports.ubuntu.com/pool/main/n/neon27/libneon27-gnutls-dbg_0.28.2-2ubuntu0.1_powerpc.deb Size/MD5: 173002 265636356f24a9fea8be60ca92938b37 http://ports.ubuntu.com/pool/main/n/neon27/libneon27-gnutls-dev_0.28.2-2ubuntu0.1_powerpc.deb Size/MD5: 415936 5f87a783c030a936ce9535a06f627785 http://ports.ubuntu.com/pool/main/n/neon27/libneon27-gnutls_0.28.2-2ubuntu0.1_powerpc.deb Size/MD5: 120452 c543de922280e517454db6bdef402cde http://ports.ubuntu.com/pool/main/n/neon27/libneon27_0.28.2-2ubuntu0.1_powerpc.deb Size/MD5: 145836 cc66be766fd9275d137edd4ec11ed625 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/n/neon27/libneon27-dbg_0.28.2-2ubuntu0.1_sparc.deb Size/MD5: 175622 3ba09f3066863bdf0520c2a8f8eb45ac http://ports.ubuntu.com/pool/main/n/neon27/libneon27-dev_0.28.2-2ubuntu0.1_sparc.deb Size/MD5: 392552 359ede258a11a7d17457e24a98986775 http://ports.ubuntu.com/pool/main/n/neon27/libneon27-gnutls-dbg_0.28.2-2ubuntu0.1_sparc.deb Size/MD5: 156452 0ffb01d9c0bbfe97fe114af0d331fd3e http://ports.ubuntu.com/pool/main/n/neon27/libneon27-gnutls-dev_0.28.2-2ubuntu0.1_sparc.deb Size/MD5: 365460 79920f83cac355effe18b7bdc872c634 http://ports.ubuntu.com/pool/main/n/neon27/libneon27-gnutls_0.28.2-2ubuntu0.1_sparc.deb Size/MD5: 113430 f603e40fb8ec979f617a3d45b4bf5ce0 http://ports.ubuntu.com/pool/main/n/neon27/libneon27_0.28.2-2ubuntu0.1_sparc.deb Size/MD5: 139032 0ec4017b6acb3ef39f2a6f6d2447844b -- Ubuntu 9.04 -- Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/neon27/neon27_0.28.2-6.1ubuntu0.1.diff.gz Size/MD5: 24132 da9be21a19b61748eda43f41a1aca91c http://security.ubuntu.com/ubuntu/pool/main/n/neon27/neon27_0.28.2-6.1ubuntu0.1.dsc Size/MD5: 1411 bae9926bff7220064db056ba7ce726f9 http://security.ubuntu.com/ubuntu/pool/main/n/neon27/neon27_0.28.2.orig.tar.gz Size/MD5: 797944 b99b3f44e8507ae2d17362f1b34aaf02 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/n/neon27/libneon25-dev_0.28.2-6.1ubuntu0.1_amd64.deb Size/MD5: 51354 8617736f3540ceb2c7fdd1b2a54d3dda http://security.ubuntu.com/ubuntu/pool/main/n/neon27/libneon27-dbg_0.28.2-6.1ubuntu0.1_amd64.deb Size/MD5: 191964 1dd150f8babcfce047b839607bcac0f7 http://security.ubuntu.com/ubuntu/pool/main/n/neon27/libneon27-dev_0.28.2-6.1ubuntu0.1_amd64.deb Size/MD5: 428610 00f874c335002728e868f365db185b04 http://security.ubuntu.com/ubuntu/pool/main/n/neon27/libneon27-gnutls-dbg_0.28.2-6.1ubuntu0.1_amd64.deb Size/MD5: 173350 71cfa13feebdde24f2332a5bd0e73c0c http://security.ubuntu.com/ubuntu/pool/main/n/neon27/libneon27-gnutls-dev_0.28.2-6.1ubuntu0.1_amd64.deb Size/MD5: 403366 a4e0c48c548fef1014e604e59c15b027 http://security.ubuntu.com/ubuntu/pool/main/n/neon27/libneon27-gnutls_0.28.2-6.1ubuntu0.1_amd64.deb Size/MD5: 119684 52876e4cecf3b1ec6d8192eea3da2778 http://security.ubuntu.com/ubuntu/pool/main/n/neon27/libneon27_0.28.2-6.1ubuntu0.1_amd64.deb Size/MD5: 145328 3b6f9fe274456465097f4f41ac265e13 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/n/neon27/libneon25-dev_0.28.2-6.1ubuntu0.1_i386.deb Size/MD5: 51354 93dde95d793a6ce061cb3af2db75a271 http://security.ubuntu.com/ubuntu/pool/main/n/neon27/libneon27-dbg_0.28.2-6.1ubuntu0.1_i386.deb Size/MD5: 184882 8000f55c371f25d1ee87f91f9ca7f364 http://security.ubuntu.com/ubuntu/pool/main/n/neon27/libneon27-dev_0.28.2-6.1ubuntu0.1_i386.deb Size/MD5: 393574 b5ed91f1b2cc9306b482cd936cc5c78c http://security.ubuntu.com/ubuntu/pool/main/n/neon27/libneon27-gnutls-dbg_0.28.2-6.1ubuntu0.1_i386.deb Size/MD5: 166604 b21c479d09f7e88e0510c12190d87296 http://security.ubuntu.com/ubuntu/pool/main/n/neon27/libneon27-gnutls-dev_0.28.2-6.1ubuntu0.1_i386.deb Size/MD5: 368756 ee65f90a0496ed8128526a338ffd7fe7 http://security.ubuntu.com/ubuntu/pool/main/n/neon27/libneon27-gnutls_0.28.2-6.1ubuntu0.1_i386.deb Size/MD5: 114522 96bc36544b43d5e65727725e85b75ff0 http://security.ubuntu.com/ubuntu/pool/main/n/neon27/libneon27_0.28.2-6.1ubuntu0.1_i386.deb Size/MD5: 140030 267bdfbc9b9784baf73857798a99967d lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/n/neon27/libneon25-dev_0.28.2-6.1ubuntu0.1_lpia.deb Size/MD5: 51352 97c0f618e1a8da22999f9904f78c573d http://ports.ubuntu.com/pool/main/n/neon27/libneon27-dbg_0.28.2-6.1ubuntu0.1_lpia.deb Size/MD5: 186410 5e20424a69ce45d3a66db001e5efb2dc http://ports.ubuntu.com/pool/main/n/neon27/libneon27-dev_0.28.2-6.1ubuntu0.1_lpia.deb Size/MD5: 395242 372ebcd1dd210f2d5c136e9129b08ace http://ports.ubuntu.com/pool/main/n/neon27/libneon27-gnutls-dbg_0.28.2-6.1ubuntu0.1_lpia.deb Size/MD5: 168082 cbe9aede94ebf50f2ba0ff571429efc8 http://ports.ubuntu.com/pool/main/n/neon27/libneon27-gnutls-dev_0.28.2-6.1ubuntu0.1_lpia.deb Size/MD5: 370768 b9f57bf4900fa9ffe18a07fd71da3b8a http://ports.ubuntu.com/pool/main/n/neon27/libneon27-gnutls_0.28.2-6.1ubuntu0.1_lpia.deb Size/MD5: 113406 1846871ab639b8a0bc919a65c1d09e6e http://ports.ubuntu.com/pool/main/n/neon27/libneon27_0.28.2-6.1ubuntu0.1_lpia.deb Size/MD5: 139088 66b63223d36d97786e6174173d267dcb powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/n/neon27/libneon25-dev_0.28.2-6.1ubuntu0.1_powerpc.deb Size/MD5: 51354 07ee535da3df9885366f770800bd6598 http://ports.ubuntu.com/pool/main/n/neon27/libneon27-dbg_0.28.2-6.1ubuntu0.1_powerpc.deb Size/MD5: 191494 e7843d2987691be6246d6d1041dc4ca6 http://ports.ubuntu.com/pool/main/n/neon27/libneon27-dev_0.28.2-6.1ubuntu0.1_powerpc.deb Size/MD5: 446240 b47ea0b823d1118a71591e83cbe0eb48 http://ports.ubuntu.com/pool/main/n/neon27/libneon27-gnutls-dbg_0.28.2-6.1ubuntu0.1_powerpc.deb Size/MD5: 173578 a295423d33a38e5420988e1dac86e9b4 http://ports.ubuntu.com/pool/main/n/neon27/libneon27-gnutls-dev_0.28.2-6.1ubuntu0.1_powerpc.deb Size/MD5: 416384 5ea6c1bdb3c729500216f4deedad8dfc http://ports.ubuntu.com/pool/main/n/neon27/libneon27-gnutls_0.28.2-6.1ubuntu0.1_powerpc.deb Size/MD5: 120876 68ec1ef141c84bcad4ac4f84c547db17 http://ports.ubuntu.com/pool/main/n/neon27/libneon27_0.28.2-6.1ubuntu0.1_powerpc.deb Size/MD5: 146292 0984c79035eb76183dc9be0b79cbd721 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/n/neon27/libneon25-dev_0.28.2-6.1ubuntu0.1_sparc.deb Size/MD5: 51354 2024b1b2d5b26aef5fb0572e2daa8359 http://ports.ubuntu.com/pool/main/n/neon27/libneon27-dbg_0.28.2-6.1ubuntu0.1_sparc.deb Size/MD5: 176196 4913aebd8db013e216c5e15fa4484ea9 http://ports.ubuntu.com/pool/main/n/neon27/libneon27-dev_0.28.2-6.1ubuntu0.1_sparc.deb Size/MD5: 393056 318c10bfa9e933e6b899608b48e1f8ce http://ports.ubuntu.com/pool/main/n/neon27/libneon27-gnutls-dbg_0.28.2-6.1ubuntu0.1_sparc.deb Size/MD5: 156960 a3f9117577059313afe62e30ae9ca3d4 http://ports.ubuntu.com/pool/main/n/neon27/libneon27-gnutls-dev_0.28.2-6.1ubuntu0.1_sparc.deb Size/MD5: 365968 45a35f598143a009cd432e1c5f146f36 http://ports.ubuntu.com/pool/main/n/neon27/libneon27-gnutls_0.28.2-6.1ubuntu0.1_sparc.deb Size/MD5: 113806 ed7d45494f5bc5749abef18218b5c697 http://ports.ubuntu.com/pool/main/n/neon27/libneon27_0.28.2-6.1ubuntu0.1_sparc.deb Size/MD5: 139408 a5248c13c20456a323f932f8cd32b04c ORIGINAL ADVISORY: http://www.ubuntu.com/usn/usn-835-1 OTHER REFERENCES: SA31508: http://secunia.com/advisories/31508/ SA36371: http://secunia.com/advisories/36371/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. =========================================================== Ubuntu Security Notice USN-835-1 September 21, 2009 neon, neon27 vulnerabilities CVE-2008-3746, CVE-2009-2474 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libneon25 0.25.5.dfsg-5ubuntu0.1 Ubuntu 8.04 LTS: libneon27 0.27.2-1ubuntu0.1 libneon27-gnutls 0.27.2-1ubuntu0.1 Ubuntu 8.10: libneon27 0.28.2-2ubuntu0.1 libneon27-gnutls 0.28.2-2ubuntu0.1 Ubuntu 9.04: libneon27 0.28.2-6.1ubuntu0.1 libneon27-gnutls 0.28.2-6.1ubuntu0.1 In general, a standard system upgrade is sufficient to effect the necessary changes. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: neon Denial of Service and Spoofing Vulnerabilities SECUNIA ADVISORY ID: SA36371 VERIFY ADVISORY: http://secunia.com/advisories/36371/ DESCRIPTION: Two vulnerabilities have been reported in neon, which can be exploited by malicious people to conduct spoofing attacks or cause a DoS (Denial of Service). 1) An error when expanding XML entities can be exploited to consume large amounts of memory and cause a crash or hang via a specially crafted XML document. Successful exploitation of this vulnerability requires that the expat library is used. 2) An error when processing SSL certificates containing NULL characters embedded in certain certificate fields and can be exploited to spoof certificates for legitimate domains. This is related to vulnerability #2 in: SA36093 The vulnerabilities are reported in versions prior to 0.28.6. SOLUTION: Update to version 0.28.6. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://lists.manyfish.co.uk/pipermail/neon/2009-August/001044.html http://lists.manyfish.co.uk/pipermail/neon/2009-August/001045.html http://lists.manyfish.co.uk/pipermail/neon/2009-August/001046.html OTHER REFERENCES: SA36093: http://secunia.com/advisories/36093/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Cross-site scripting (XSS) vulnerability in uddiclient/process in the UDDI client in SAP NetWeaver Application Server (Java) 7.0 allows remote attackers to inject arbitrary web script or HTML via the TModel Key field. SAP NetWeaver Application Server is prone to an HTML-injection vulnerability because the application's UDDI client fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible. This issue is documented by SAP Note 1322098. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: SAP NetWeaver Application Server UDDI Client Cross-Site Scripting SECUNIA ADVISORY ID: SA36228 VERIFY ADVISORY: http://secunia.com/advisories/36228/ DESCRIPTION: A vulnerability has been reported in SAP NetWeaver, which can be exploited by malicious people to conduct cross-site scripting attacks. The vulnerability is reported in SAP NetWeaver Application Server Java version 7.0. Other versions may also be affected. SOLUTION: Apply vendor patch (please see SAP note 1322098). https://service.sap.com/sap/support/notes/1322098 PROVIDED AND/OR DISCOVERED BY: Alexander Polyakov, Digital Security Research Group [DSecRG] ORIGINAL ADVISORY: http://www.dsecrg.com/pages/vul/show.php?id=133 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

2Wire HomePortal and OfficePortal are both small router devices from 2Wire. The 2Wire web interface does not properly validate the page=CD35_SETUP_01 request parameter submitted by the user to the xslt script. If the remote attacker submits a very long password1 parameter of more than 512 characters, the password can be reset and the new password will be prompted the next time you log in to the router. Multiple 2Wire routers are prone to an access-validation vulnerability because they fail to adequately authenticate users before performing certain actions. Unauthenticated attackers can leverage this issue to change the router's administrative password. Successful attacks will completely compromise affected devices. 2Wire routers prior to Firmware version 5.29.135.5 are vulnerable

WebKit in Apple Safari before 4.0.3 does not properly restrict the URL scheme of the pluginspage attribute of an EMBED element, which allows user-assisted remote attackers to launch arbitrary file: URLs and obtain sensitive information via a crafted HTML document. WebKit is prone to a remote information-disclosure vulnerability. An attacker can exploit this issue to obtain sensitive information that may aid in further attacks. Apple Safari is a WEB browser. A remote information disclosure vulnerability exists in the URL policies of Apple Safari WebKit. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: SUSE update for Multiple Packages SECUNIA ADVISORY ID: SA43068 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43068/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43068 RELEASE DATE: 2011-01-25 DISCUSS ADVISORY: http://secunia.com/advisories/43068/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43068/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43068 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for multiple packages, which fixes multiple vulnerabilities. For more information: SA32349 SA33495 SA35095 SA35379 SA35411 SA35449 SA35758 SA36269 SA36677 SA37273 SA37346 SA37769 SA38061 SA38545 SA38932 SA39029 SA39091 SA39384 SA39661 SA39937 SA40002 SA40072 SA40105 SA40112 SA40148 SA40196 SA40257 SA40664 SA40783 SA41014 SA41085 SA41242 SA41328 SA41390 SA41443 SA41535 SA41841 SA41888 SA41968 SA42151 SA42264 SA42290 SA42312 SA42443 SA42461 SA42658 SA42769 SA42886 SA42956 SA43053 SOLUTION: Apply updated packages via YaST Online Update or the SUSE FTP server. ORIGINAL ADVISORY: SUSE-SR:2011:002: http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Unspecified vulnerability in Apple Safari 4 before 4.0.3 allows remote web servers to place an arbitrary web site in the Top Sites view, and possibly conduct phishing attacks, via unknown vectors. An attacker may exploit this issue to promote arbitrary sites into the Top Site views through automated actions. Successful exploits will lead to other attacks. Versions prior to Apple Safari 4.0.3 are vulnerable

Buffer overflow in WebKit in Apple Safari before 4.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted floating-point numbers. WebKit is prone to a remote buffer-overflow vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition. Versions prior to Apple Safari 4.0.3 are vulnerable; other applications using WebKit may also be affected. Apple Safari is a WEB browser. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: SUSE update for Multiple Packages SECUNIA ADVISORY ID: SA43068 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43068/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43068 RELEASE DATE: 2011-01-25 DISCUSS ADVISORY: http://secunia.com/advisories/43068/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43068/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43068 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for multiple packages, which fixes multiple vulnerabilities. For more information: SA32349 SA33495 SA35095 SA35379 SA35411 SA35449 SA35758 SA36269 SA36677 SA37273 SA37346 SA37769 SA38061 SA38545 SA38932 SA39029 SA39091 SA39384 SA39661 SA39937 SA40002 SA40072 SA40105 SA40112 SA40148 SA40196 SA40257 SA40664 SA40783 SA41014 SA41085 SA41242 SA41328 SA41390 SA41443 SA41535 SA41841 SA41888 SA41968 SA42151 SA42264 SA42290 SA42312 SA42443 SA42461 SA42658 SA42769 SA42886 SA42956 SA43053 SOLUTION: Apply updated packages via YaST Online Update or the SUSE FTP server. ORIGINAL ADVISORY: SUSE-SR:2011:002: http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------