[<prev] [next>] [day] [month] [year] [list]
Message-id: <20120912121209.cisco-sa-20120912-cupxcp@psirt.cisco.com>
Date: Wed, 12 Sep 2012 12:12:12 -0400
From: Cisco Systems Product Security Incident Response Team <psirt@...co.com>
To: full-disclosure@...ts.grok.org.uk
Cc: psirt@...co.com
Subject: Cisco Security Advisory: Cisco Unified Presence
and Jabber Extensible Communications Platform Stream Header
Denial of Service Vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Unified Presence and Jabber Extensible Communications Platform
Stream Header Denial of Service Vulnerability
Advisory ID: cisco-sa-20120912-cupxcp
Revision 1.0
For Public Release 2012 September 12 16:00 UTC (GMT)
+---------------------------------------------------------------------
Summary
=======
A denial of service (DoS) vulnerability exists in Cisco Unified
Presence and Jabber Extensible Communications Platform (Jabber XCP).
An unauthenticated, remote attacker could exploit this vulnerability
by sending a specially crafted Extensible Messaging and Presence
Protocol (XMPP) stream header to an affected server. Successful
exploitation of this vulnerability could cause the Connection Manager
process to crash. Repeated exploitation could result in a sustained
DoS condition.
There are no workarounds available to mitigate exploitation of this
vulnerability.
Cisco has released free software updates that address this
vulnerability.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120912-cupxcp
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org
iF4EAREIAAYFAlBQmfoACgkQUddfH3/BbTr41QEAiEtU1YJmRk9YpE1gC5mlqWDN
nfdqWNCjaeDKfgnJjYYA/jqFNpCPCHjUL4Oon847zNnduIW2CY9SBrWc9g2iYLNL
=qvOa
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists