You are here
Home > Preporuke > Ranjivost SDP-a Cisco Meeting Server proizvoda

Ranjivost SDP-a Cisco Meeting Server proizvoda

by ncert - 0
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: CIS

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

Cisco Security Advisory: Cisco Meeting Server Session Description Protocol Media Lines Buffer Overflow Vulnerability

Advisory ID: cisco-sa-20161102-cms1

Revision: 1.0

For Public Release 2016 November 2 16:00 UTC (GMT)

+———————————————————————

Summary
=======

A vulnerability in the Session Description Protocol (SDP) parser of Cisco Meeting Server could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system.

The vulnerability exists because the affected software performs incomplete input validation of the size of media lines in session descriptions. An attacker could exploit this vulnerability by sending crafted packets to the SDP parser on an affected system. A successful exploit could allow the attacker to cause a buffer overflow condition on an affected system, which could allow the attacker to execute arbitrary code on the system.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cms1

—–BEGIN PGP SIGNATURE—–
Comment: GPGTools – http://gpgtools.org

iQIcBAEBCgAGBQJYGeeeAAoJEK89gD3EAJB5ONgP/RUQTYCV+EW2SbXMFCghUH0m
f6SrzmX3BJYe1ToFWf+QltKKHuS+iWr/R81fQ7tlBqDb8qpVIvhqM4HPirvKNl0w
fwrkwu32FCDQNv6zeZuMeT9u0IooLzT6gEUDtxzhcy7iimhF6MmqdfyBSyYVVHrx
N2N3Ru7ngMtgFLXdOGmL4AVT58LCy35WmxZXN1pel5VklKKnLhpXAnIyWovHDMJa
srl9Hk7bgtP9Z8c+jhsAuQO6PdzZJXPo831TYQXx6gbzg5ESewfbcFSZpo35YVMZ
BWEJ37NiYPXF9aMgu7t0+DwzSJr3ws9GQb58/R79m2vVTsLCAdbPtr7caHZ0yYEV
Rc5zutMlNgMz1qR4fhwPefEIEktghmy9TmlrK6p7CLzXI0Xfa0jHYSUr12OT9qHo
wLym7jGsC8NksH0rKEGFCKK3vQpflasW74BoJ1gwl046JbCQIQIc9U/ofcJZspKe
KCbkpic0kAozMEms7tEprq3nOb34tPgWa0Ie1rXoDWu6ioXgjlMQusznO35MPIJ7
EfcmFV+Z8NK6cxG5G+aKwWl8xnWRii5/bXfEFnCx5ICcMD1KOP651rcCHpTDLs+m
5yYjwOOxrnHVveldIon6Ryp+1j0hkTZkbBPcRCN7kgNPioAC6GNWjFvj0hYxCbz9
8FFZPoHfD+E5+Bvcjz2r
=69Jd
—–END PGP SIGNATURE—–
_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com

AutorTomislav Protega
Cert idNCERT-REF-2016-11-0060-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
Izvorhttp://www.adobe.com/
ncert
Top
More in Preporuke
Ranjivost Cisco Prime Home platforme

Otkrivena je ranjivost u web GUI sučelju Cisco Prime Home platforme uzrokovana greškom pri obradi RBAC (role-based access control) kontrole...

Close