فا

‫ آسيب پذيري سرريز بافر در كتابخانه GNU C در چندين محصول سيسكو

شماره: IRCAD2015023728
تاريخ انتشار:2015-02-02
ميزان حساسيت: بسيار مهم
نرم افزارهاي تحت تاثير: 
Cisco Aggregation Services Routers (ASR)
Cisco Content Delivery Engine Series
Cisco Expressway Series
Cisco Identity Services Engine (ISE) 1.x
Cisco IOS 15.0
Cisco IOS 15.1
Cisco IOS 15.2
Cisco IOS 15.3
Cisco IOS 15.4
Cisco IOS XE 3.12.x
Cisco IOS XE 3.7.x
Cisco MDS 9000 Series
Cisco Nexus 7000 Series Switches
Cisco Physical Access Manager 1.x
Cisco TelePresence Conductor
Cisco TelePresence Exchange System
Cisco TelePresence System 1000
Cisco TelePresence System 1100
Cisco TelePresence System 1300 Series
Cisco TelePresence System 3000 Series
Cisco TelePresence Systems (CTS)
Cisco TelePresence TX9000 Series
Cisco Unified SIP Proxy (USP)
Cisco Network Level Service
Cisco Prime Data Center Network Manager (DCNM) 5.x
Cisco Prime Data Center Network Manager (DCNM) 6.x
Cisco Prime Data Center Network Manager (DCNM) 7.x
Cisco Prime Data Center Network Manager (DCNM) 9.x
Cisco Prime Infrastructure 2.x
Cisco TelePresence Video Communication Server (VCS)
Cisco Unified Communications Manager 10.x
Cisco Unified Communications Manager 7.x
Cisco Unified Communications Manager 8.x
Cisco Unified Communications Manager 9.x
Cisco Unified Communications Manager IM and Presence Service 10.x
توضيح:
سيسكو يك آسيب پذيري را در چندين محصول خود تاييد كرده است كه مي تواند توسط افراد خرابكار مورد سوء استفاده قرار بگيرد تا كنترل يك سيستم آسيب پذير را در اختيار بگيرند. اين آسيب پذيري به علت استفاده از يك نسخه آسيب پذير از كتابخانه GNU C در محصولات سيسكو ايجاد شده است. اين آسيب پذيري در محصولات زير گزارش شده است:
* Cisco Identity Services Engine (ISE) version 1.3(0.486).* Cisco Prime Infrastructure / Cisco Network Level Service version 2.2 and 2.2(1).
* Cisco Unified Communications Manager versions 10.0(1.10000.24), 10.5(1.10000.7), 10.5(2.10000.5), 7.1(5.10000.12), 8.5(1.10000.26), 8.6(2.10000.30), and 9.1(2.10000.28).
* Cisco Unified SIP Proxy (USP) version 9.0(0).
* Cisco Expressway Series / Cisco TelePresence Video Communication Server (VCS) versions X7.x and X8.1.x through X8.1.2.
* Cisco TelePresence Conductor versions XC1.x, XC2.0.x, XC2.1.x, and XC2.2.x through XC2.3.1.
* Cisco Aggregation Services Routers (ASR) running IOS-XE 15.2(4)S6 (3.7.6S), 15.3(3)S6, and 15.4(2)S1 (3.12.1S).
* Cisco IOS-XE versions 15.0(1)EX3, 15.0(1)EZ3, 15.0(1)XO1, 15.0(2)SG, 15.0(2)XO, 15.1(1)XO1, and 15.2(2)E1 for Catalyst 3k, 4k, AIR-CT5760, and Cisco RF Gateway 10 (RFGW-10).
* Cisco Unified Communications Manager IM and Presence Service (CUPS) version 10.0(1).
* Cisco Content Delivery Engine Series versions 2.1(1), 2.1(2), and 3.0(0).
* Cisco TelePresence Systems / TX9000 Series (please see the vendor's advisory and the bug report CSCus69749 for affected products and versions).
* Cisco Telepresence Exchange version 1.3.0.4.2.0.
* Cisco Nexus 7000 Series Switches version 6.2(10).
* Cisco MDS 9000 Series Multilayer Switches versions 3.3(1a), 4.2(1), 5.0(1), 5.2(1), and 6.2(1).
* Cisco Prime Data Center Network Manager versions 6.3(2), 7.0(2), 7.1(1), and 9.9(0)TIP(0.2).
* Cisco Physical Access Manager 1.5(2.0.3.7).
 
راهكار:
به يك نسخه اصلاح شده به روز رساني نماييد.
منابع:
Cisco (CSCus68798, CSCus69495, CSCus66650, CSCus69387, CSCus69558, CSCus69523, CSCus69732, CSCus69731, CSCus69785, CSCus69567, CSCus69749, CSCus69613, CSCus69452, CSCus68360, CSCus68892, CSCus69524, CSCus68905):
Secunia:
 
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 19 بهمن 1393

امتیاز

امتیاز شما
تعداد امتیازها:0