| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 25 Jan 2017 11:34:06 -0500 From: Cisco Systems Product Security Incident Response Team <psirt@...co.com> To: bugtraq@...urityfocus.com Cc: psirt@...co.com Subject: Cisco Security Advisory: Cisco Expressway Series and TelePresence VCS Denial of Service Vulnerability -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco Expressway Series and TelePresence VCS Denial of Service Vulnerability Advisory ID: cisco-sa-20170125-expressway Revision 1.0 For Public Release 2017 January 25 16:00 UTC (GMT) +--------------------------------------------------------------------- Summary ======= A vulnerability in the received packet parser of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) software could allow an unauthenticated, remote attacker to cause a reload of the affected system, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient size validation of user-supplied data. An attacker could exploit this vulnerability by sending crafted H.224 data in Real-Time Transport Protocol (RTP) packets in an H.323 call. An exploit could allow the attacker to overflow a buffer in a cache that belongs to the received packet parser, which will result in a crash of the application, resulting in a DoS condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170125-expressway -----BEGIN PGP SIGNATURE----- iQIVAwUBWIeDZq89gD3EAJB5AQJoOhAAm8pNabl5Kr9d+LAe4IluOsqyeHf2gMg0 drcfsdA36rLpGDHkjNrY8bLkOpC1CG+XM0DNTcRztggya05W4EiI26DmFyxlIWyR bVI6h5VcTO4TpqNRrIYq9+iqEV2oKKTLNcBn5YCS0qU2dwGoN882cFoUsgKQcnCj etLfzRByCEpAye02Lz8bZFRuRdPe98GCqxo7mSnZzxQNtiUfN1LfUvlryoeDh01J d0oDQy8fsOtoKfWJi6DtZwZO79ySJ3Z6FDp03Xd2OqJmWNCMfYYkmzKMrfMI/Jyo l1Ze70epM9SJyxZp0h5dsSDryCMQdBvdwlhQuk84Dnu1hZOTcM2d88KhWIEpiUGo RcVQsAHMMkqHZYz14uy1bRc5Y0QxRu8WooSVQsDofSOJD/p33aDGudgnPZwyEvQQ V2w5oQ29jEiInPd+sadpBUtVcq2/EI79qJK9PaLmx7ML3lZmKynXfwCyWbS5o91q orsl7/+/EH+ty3VKF0c6x8n5tnRMTEfaD+bL7akjGaespehEL7t5qQiIHIBxWleX jXpYh5NeoVPGARMoQt6KtDsbjPY0I4nVbb5kTRoKMQ/9kZ3H0FAwxUwkKAnEVt6C g7USmB32lBaSCqnKAuRzOVz8bSy/6rdG9Br7bTZ8ezQatOCZBgmu5cBZ5yNVTxsb aifANu7jBdc= =fBku -----END PGP SIGNATURE-----
Powered by blists - more mailing lists