Cisco Subscriber Edge Services Manager Can Be Crashed With Specially Crafted Compressed DNS Data
|
|
SecurityTracker Alert ID: 1015975
|
|
SecurityTracker URL: http://securitytracker.com/id?1015975
|
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Apr 22 2006
|
Impact: Denial of service via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Advisory: Cisco Security Advisory
|
Version(s): 3.2(1), 3.2(2), and 3.3(1)
|
Description: A vulnerability was reported in Cisco Subscriber Edge Services Manager (SESM) in the processing of DNS messages. A remote user can cause denial of service conditions.
A remote user can send a DNS packet with specially crafted message compression data to cause an error on the target system. The
target system may function abnormally or crash.
[Editor's note: The original vulnerability was reported in May 2005 as affecting
other Cisco products. On April 21, 2006, Cisco reported that Cisco SESM is also affected.]
|
Impact: A remote user can cause the target system to crash or function abnormally.
|
Solution: The vendor has issued a fixed version (3.3(2)). A fix matrix is available at:
http://www.cisco.com/warp/public/707/cisco-sn-20050524-dns.shtml
|
Vendor URL: www.cisco.com/warp/public/707/cisco-sn-20050524-dns.shtml (Links to External Site)
|
Cause: Exception handling error
|
Underlying OS: Linux (Red Hat Enterprise), Linux (SuSE), UNIX (Solaris - SunOS), Windows (NT)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Fri, 21 Apr 2006 20:51:47 -0400
Subject: Cisco Subscriber Edge Services Manager (SESM)
|
http://www.cisco.com/warp/public/707/cisco-sn-20050524-dns.shtml
|
|
