CERT-In Vulnerability Note CIVN-2008-62
Cisco Unified Presence Denial of Service Vulnerabilities
Original Issue Date:
May 23, 2008
Severity Rating:
High
System Affected
- Cisco Unified Presence versions prior to 6.0(3)
- Cisco, Unified Presence Server, 1.0
- Cisco, Unified Presence Server, 1.0(1)
- Cisco, Unified Presence Server, 1.0(2)
- Cisco, Unified Presence Server, 1.0(3)
Overview
Multiple vulnerabilities have been reported in Cisco Unified Presence that may cause an interruption in presence service.
Description
Cisco Unified Presence is a critical component in Cisco Unified Communication environment. It collects information about user availability status and user communications capabilities. Using these information, applications such as Cisco Unified Personal Communicator and Cisco Unified CallManager can improve productivity by helping users connect with colleagues more efficiently by determining the most effective way for collaborative communication.
1. Cisco Unified Presence Malformed Packet Processing Presence Engine Denial of Service Vulnerability
(CVE-2008-1158 , CVE-2008-1740)
Multiple vulnerabilities exist in Cisco Unified Presence version 1.0(3) and prior that could allow a remote unauthenticated attacker to cause a denial of service condition. A remote user can send specially crafted IP packets to exploit this vulnerability. The vulnerability exists due to an error in the Presence Engine service when parsing malformed packets. When processed, the malicious packet could cause the Presence Engine service to crash.
2. Cisco Unified Presence SIP Proxy Daemon Denial of Service Vulnerability (CVE-2008-1741)
Cisco Unified Presence Server consists of a SIP presence engine and a SIP proxy function. The Presence Engine collects user presence information (such as busy, idle, away, or available status) as well as user capabilities (such as the ability to support voice, video, IM, and Web collaboration) and compiles the data in a repository for each user. The SIP proxy function allows for efficient and accurate routing of both presence and general SIP messaging through the enterprise.
A vulnerability exists in Cisco Unified Presence versions 6.0(2) and prior, that could allow a remote unauthenticated attacker to cause a denial of service condition. The attacker conducts a certain type of TCP port scan on the vulnerable system. The system may incorrectly handle certain connection states during the scanning process, causing the SIP proxy daemon to crash preventing the target system from routing SIP messages.
Solution
Apply appropriate patches as mentioned in CISCO Security Advisory cisco-sa-20080514-cup
Vendor Information
Cisco
http://www.cisco.com/en/US/products/products_security_advisory
09186a0080995682.shtml
http://tools.cisco.com/security/center/viewAlert.x?alertId=15767
http://tools.cisco.com/security/center/viewAlert.x?alertId=15770
References
AusCERT
http://www.auscert.org.au/render.html?it=9290
X-Force
http://xforce.iss.net/xforce/xfdb/42410
SecurityTracker
http://securitytracker.com/alerts/2008/May/1020023.html
CVE-Name
CVE-2008-1158
CVE-2007-1740
CVE-2007-1741
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
|
