lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-id: <201604061208.6.cts2@psirt.cisco.com>
Date: Wed,  6 Apr 2016 12:08:31 -0400
From: Cisco Systems Product Security Incident Response Team <psirt@...co.com>
To: bugtraq@...urityfocus.com
Cc: psirt@...co.com
Subject: Cisco Security Advisory: Cisco TelePresence Server Malformed STUN Packet Processing Denial of Service Vulnerability

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Cisco TelePresence Server Malformed STUN Packet Processing Denial of Service 
Vulnerability

Advisory ID:  cisco-sa-20160406-cts2

Revision 1.0

For Public Release 2016 April 6 16:00 UTC (GMT)

+---------------------------------------------------------------------------------------

Summary
=======

A vulnerability in Cisco TelePresence Server devices running software version 3.1 could 
allow an unauthenticated, remote attacker to reload the device.

The vulnerability exists due to a failure to properly process malformed Session 
Traversal Utilities for NAT (STUN) packets. An attacker could exploit this vulnerability 
by submitting malformed STUN packets to the device. If successful, the attacker could 
force the device to reload and drop all calls in the process.

Cisco has released software updates that address this vulnerability. Workarounds that 
address this vulnerability are not available.

This advisory is available at the following link: 
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-
cts2

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCgAGBQJXBSEeAAoJEK89gD3EAJB52JIQAMfj1NBNDPnO5Aaxt7q/WF09
RN1RVX2VCbk48UX7OyvVZ1ipj5aLoi9S3mV0k7AL+VsYpdW5XaLEbAqCV7vTmM8o
1FfPVVeWdnFd2JTfBOP7lHwJ1Q1p9IarlCAnIUIpPfJ28V+XKGpgsI1gioZo+6Gy
oe1dXmbiBXOYyNyZSzWkS13ydZjN9lFWHoN17A7vslHaD1mbkoj7qSL0gzmpk8+p
FDycKFIVDqKU2IfmFdVbDNDKUvuFmTSgdOx0cB2BgHuM+K6ftR1T26/cQbynFus4
jUbKQZ47019Cdn1YCePExn+ojaiypvI/a4JGRstiVtilsm3ulw04GiTRUgKVp2mG
J04CEAYnxcIqjZZJfwTP6AAOW7QjsSMDXvq8PLR8xZYgRqTlD52I5sdQCl41gpv7
v1EsQKiOXVhV+79pJrq1IDYWB7FDkMAV9WDoYTJCg9+ijPbkN2HCtC3EOvXCC58e
CDHlybCYQDbp+xX3oZDTx5j63fLNeybxdYP5poBOLzlWgxClfX/6DcaQ11yCCTsW
Mjjp8WBvtWQGDIX4KvUbUxijGhn2aV7bw4yFcdj0Gd5P+hU6VEQOmY7D/IoG6uu4
7nlYu0U8nCadZIW22KL55hMwUSsZOOZPEFnOTAfQuNOY2O2+PUWQO/quSUJXG5Jw
wYBRpLBK7sHzPl9RzBPx
=UEZB
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ