Cisco Various Products Compressed DNS Messages Denial of Service
Apologies for responding to my own post, but Secunia has released more details on this vulnerability alert, specifically: [snip] A vulnerability has been reported in various Cisco products, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the DNS implementation during the decompression of compressed DNS messages and can be exploited via a specially crafted DNS packet containing invalid information in the compressed section. Successful exploitation crashes a vulnerable device or causes it to function abnormally. The vulnerability affects the following products: * Cisco IP Phones 7902/7905/7912 * Cisco ATA (Analog Telephone Adaptor) 186/188 * Cisco Unity Express The following Cisco ACNS (Application and Content Networking System) devices are also affected: * Cisco 500 Series Content Engines * Cisco 7300 Series Content Engines * Cisco Content Routers 4400 series * Cisco Content Distribution Manager 4600 series * Cisco Content Engine Module for Cisco 2600, 2800, 3600, 3700, and 3800 series Integrated Service Routers. Solution: See patch matrix in vendor advisory for information about fixes. http://www.cisco.com/warp/public/707/cisco-sn-20050524-dns.shtml#software Provided and/or discovered by: NISCC credits Dr. Steve Beaty. Original Advisory: Cisco: http://www.cisco.com/warp/public/707/cisco-sn-20050524-dns.shtml NISCC: http://www.niscc.gov.uk/niscc/docs/al-20050524-00433.html [snip] http://secunia.com/advisories/15472/ - ferg -- "Fergie (Paul Ferguson)" <fergdawg@netzero.net> wrote: UNIRAS (UK Gov CERT)/NISCC: http://www.niscc.gov.uk/niscc/docs/al-20050524-00433.html [snip] Summary - ------- A vulnerability affecting the Domain Name System (DNS) protocol was identified by Dr. Steve Beaty from the Department of Mathematical and Computer Science of Metropolitan State College of Denver. The Domain Name System (DNS) protocol is an Internet service that translates domain names into Internet Protocol (IP) addresses. Because domain names are alphabetic, they're easier to remember, however the Internet is really based on IP addresses; hence every time a domain name is requested, a DNS service must translate the name into the corresponding IP address. The vulnerability concerns the recursion process used by some DNS implementations to decompress compressed DNS messages. Under certain circumstances, it is possible to cause the DNS server to terminate abnormally. All users of applications that support DNS are recommended to take note of this advisory and carry out any remedial actions suggested by their vendor(s). [snip] - ferg -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg@netzero.net or fergdawg@sbcglobal.net ferg's tech blog: http://fergdawg.blogspot.com/
participants (1)
-
Fergie (Paul Ferguson)