漏洞起因
设计错误
影响系统
Cisco Unified Communications Manager 6.1(3)
Cisco Unified Communications Manager 6.1(2)
Cisco Unified Communications Manager 6.1(1a)
Cisco Unified Communications Manager 6.1(1)
Cisco Unified Communications Manager 6.1 (3b)su1
Cisco Unified Communications Manager 6.1 (2)su1
Cisco Unified Communications Manager 6.1
Cisco Unified Communications Manager 6.0(1)
Cisco Unified Communications Manager 6.0 (1a)
Cisco Unified Communications Manager 6.0
Cisco Unified Communications Manager 5.1(3C)
Cisco Unified Communications Manager 5.1(3a)
Cisco Unified Communications Manager 5.1(3)
Cisco Unified Communications Manager 5.1(2b)
Cisco Unified Communications Manager 5.1(2)
Cisco Unified Communications Manager 5.1(1)
Cisco Unified Communications Manager 5.1 (3e)
Cisco Unified Communications Manager 5.1 (3d)
Cisco Unified Communications Manager 5.1 (2a)
Cisco Unified Communications Manager 4.3(2)SR1
Cisco Unified Communications Manager 4.3(2)
Cisco Unified Communications Manager 4.3(1)sr.1
Cisco Unified Communications Manager 4.3
Cisco Unified Communications Manager 4.2(3)sr.2
Cisco Unified Communications Manager 4.2 (3)SR4
Cisco Unified Communications Manager 4.2 (3)SR3
Cisco Unified Communications Manager 4.2 (3)SR2b
Cisco Unified Communication Manager 7.0(2)
Cisco Unified Communication Manager 7.0
Cisco Unified Communication Manager 6.1(3)
Cisco Unified Communication Manager 6.1(3)
Cisco Unified Communication Manager 5.1(3e)
Cisco Unified Communication Manager 5.1(3e)
Cisco Unified Communication Manager 5.0
Cisco Unified Communication Manager 4.3(2)SR1b
Cisco Unified Communication Manager 4.2(3)SR4b
Cisco Unified CallManager 6.0
Cisco Unified CallManager 5.1
Cisco Unified CallManager 5.0(4a)SU1
Cisco Unified CallManager 5.0(4)
Cisco Unified CallManager 5.0(3a)
Cisco Unified CallManager 5.0(3)
Cisco Unified CallManager 5.0(2)
Cisco Unified CallManager 5.0(1)
Cisco Unified CallManager 5.0
Cisco Unified CallManager 5.0
Cisco Unified CallManager 5.0
Cisco Unified CallManager 4.3(2)SR1b
Cisco Unified CallManager 4.3(2)SR1a
Cisco Unified CallManager 4.3(1)sr1
Cisco Unified CallManager 4.2(3)SR4b
Cisco Unified CallManager 4.2(3)sr2
Cisco Unified CallManager 4.2(3)SR1
Cisco Unified CallManager 4.2
Cisco Unified CallManager 4.1(3)SR8a
Cisco Unified CallManager 4.1(3)SR8
Cisco Unified CallManager 4.1(3)SR7
Cisco Unified CallManager 4.1(3)sr5
Cisco Unified CallManager 4.1(3)SR4
Cisco Unified CallManager 4.1(3)sr.5
Cisco Unified CallManager 4.1 (3)SR5c
Cisco Unified CallManager 4.1 (3)SR5b
Cisco Unified CallManager 4.1
Cisco Unified CallManager 4.0
不受影响系统
Cisco Unified Communications Manager 7.1(2a)su1
Cisco Unified Communications Manager 7.1(2)
Cisco Unified Communications Manager 7.0(3g)
Cisco Unified Communications Manager 7.0(2a)su1
Cisco Unified Communications Manager 6.1(4)
Cisco Unified Communications Manager 5.1(3g)
危害
远程攻击者可以利用漏洞对服务进行拒绝服务攻击。
攻击所需条件
攻击者必须访问Cisco Unified Communications Manager。
漏洞信息
Cisco Unified Communications Manager是一款Cisco IP电话解决方案中的呼叫处理组件。
Cisco Unified Communications Manager包含多个安全漏洞:
-畸形SIP消息漏洞:
Cisco Unified Communications Manager在处理SIP报文时存在两个拒绝服务漏洞,每个漏洞可通过畸形SIP消息触发,可导致重要进程崩溃,语音服务破坏。所有SIP端口(TCP 5060 和5061, UDP 5060和5061)都收此漏洞影响。
第一个拒绝服务漏洞Cisco Bug ID为CSCsi46466 ,并指派CVE ID为:CVE-2009-2050。此漏洞在Cisco Unified Communications Manager6.1(1)及之后版本得到修补。
Cisco Unified Communications Manager 4.x版本只有在SIP trunk配置为explicitly模式下受第一个拒绝服务漏洞影响。要判断Cisco Unified Communications Manager 4.x版本是否配置了SIP truck,查看Device > Trunk并选择Cisco Unified Communications Manager管理接口中的SIP Trunk选项。要临时解决此漏洞,建立管理员限制对配置了SIP truck的Cisco Unified Communications Manager 4.x监听的TCP和UDP port 5060进行访问限制。
第二个拒绝服务漏洞Cisco Bug ID为CSCsz40392,并指派CVE ID为:CVE-2009-2051。此漏洞在Cisco Unified Communications Manager versions 5.1(3g), 6.1(4)和7.1(2)及之后版本得到修补。
-网络连接追踪漏洞
Cisco Unified Communications Manager包含的嵌入式操作系统防火墙处理网络连接跟踪存在拒绝服务攻击。通过对受影响系统建立多个TCP连接,攻击者可以填满用户跟踪网络连接的操作系统表,并导致不能对新连接进行处理。任何监听TCP端口的服务受此漏洞影响,包括SIP和SCCP。
此漏洞Cisco Bug ID为CSCsq22534,并指派CVE ID为:CVE-2009-2052。此漏洞在Cisco Unified Communications Manager versions 5.1(3g), 6.1(4)和7.1(2)及之后版本得到修补。
-SIP和SCCP相关的拒绝服务攻击:
Cisco Unified Communications Manager处理SIP和SCCP报文存在两个拒绝服务攻击,通过使用大量TCP报文进行’淹没’攻击,攻击者可以消耗大量操作系统文件描述符使SIP端口(TCP 5060和5061)和SCCP端口(TCP 2000和2443)关闭。这种行为可导致不能与SIP和SCCP服务建立新连接。SIP UDP (5060和5061)端口不受影响。
SCCP漏洞的Cisco Bug ID为CSCsx32236,并指派CVE ID为:CVE-2009-2053。此漏洞在Cisco Unified Communications Manager versions 5.1(3g), 6.1(4)和7.1(2)及之后版本得到修补。
SIP漏洞的Cisco Bug ID为CSCsx23689,并指派CVE ID为:CVE-2009-2054。此漏洞在Cisco Unified Communications Manager versions 5.1(3g), 6.1(4), 7.0(2a)su1和7.1(2a)su1.及之后版本得到修补。
测试方法
厂商解决方案
用户可参考如下安全公告获得补丁信息:
http://www.cisco.com/en/US/products/products_security_advisory09186a0080af2d11.shtml
漏洞提供者
Cisco
0 条评论。