Secunia Security Advisory - Multiple vulnerabilities have been reported in Cisco IOS, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
44ee6ccea6fac8f569887f6d564ced194003a5e66d5f5e03975f585fe2640569
----------------------------------------------------------------------
BETA test the new Secunia Personal Software Inspector!
The Secunia PSI detects installed software on your computer and
categorises it as either Insecure, End-of-Life, or Up-To-Date.
Effectively enabling you to focus your attention on software
installations where more secure versions are available from the
vendors.
Download the free PSI BETA from the Secunia website:
https://psi.secunia.com/
----------------------------------------------------------------------
TITLE:
Cisco IOS Voice Service Multiple Protocol Handling Vulnerabilities
SECUNIA ADVISORY ID:
SA26363
VERIFY ADVISORY:
http://secunia.com/advisories/26363/
CRITICAL:
Moderately critical
IMPACT:
DoS, System access
WHERE:
>From remote
OPERATING SYSTEM:
Cisco IOS 12.x
http://secunia.com/product/182/
Cisco IOS R12.x
http://secunia.com/product/50/
DESCRIPTION:
Multiple vulnerabilities have been reported in Cisco IOS, which can
be exploited by malicious people to cause a DoS (Denial of Service)
or potentially compromise a vulnerable system.
1) Errors when processing SIP packets can be exploited to crash the
device or allow execution of arbitrary code via specially-crafted SIP
packets.
2) Errors when processing MGCP packets can be exploited to cause the
device to crash or become unresponsive via specially-crafted MGCP
packets.
3) Errors when processing H.323 packets can be exploited to crash the
device via specially crafted H.323 packets.
4) Errors when processing RTP packets can be exploited to crash the
device via specially crafted RTP packets.
5) An error within Facsimile reception can be exploited to crash the
device via an overly large packet.
Please see the vendor's advisory for a list of affected versions.
SOLUTION:
Apply updated versions. See vendor advisory for more details.
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------