int(4396)

Vulnerability Bulletins

Denegación de servicio en Cisco Application Control Engine Global Site Selector

Vulnerability classification
Property Value
Confidence level Oficial
Impact Denegación de Servicio
Dificulty Experto
Required attacker level Acceso remoto sin cuenta a un servicio estandar

System information
Property Value
Affected manufacturer Networking
Affected software Cisco GSS 4480 Global Site Selector
Cisco GSS 4490 Global Site Selector
Cisco GSS 4491 Global Site Selector
Cisco GSS 4492R Global Site Selector

Description
Se ha descubierto una vulnerabilidad en Cisco Application Control Engine Global Site Selector (GSS). La vulnerabilidad reside en un error en el procesamiento de consultas DNS.

Un atacante remoto podría causar una denegación de servicio mediante una consulta DNS especialmente diseñada.

Solution


Actualización de software

Cisco
Cisco Unified Communications Manager 4.2(3)SR4 / patch 3.0(2)
Cisco Unified Communications Manager 4.3(2)SR1 / patch 3.0(2)
Cisco Unified Communications Manager 5.1(3c) / patch 3.0(2)
Cisco Unified Communications Manager 6.1(2) / patch 3.0(2)
http://tools.cisco.com/support/downloads/

Standar resources
Property Value
CVE CVE-2008-3819
BID 33152

Other resources
Cisco Security Advisory (cisco-sa-20090107-gss)
http://www.cisco.com/warp/public/707/cisco-sa-20090107-gss.shtml

Version history
Version Comments Date
1.0 Aviso emitido 2009-01-12
Ministerio de Defensa
CNI
CCN
CCN-CERT