Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:19355
HistoryMar 27, 2010 - 12:00 a.m.

Cisco IOS SIP实现多个拒绝服务和远程代码执行漏洞

2010-03-2700:00:00
Root
www.seebug.org
23

0.023 Low

EPSS

Percentile

88.5%

JSON

BUGTRAQ ID: 38935,38929,38933
CVE ID: CVE-2010-0579,CVE-2010-0580,CVE-2010-0581

Cisco IOS是思科网络设备所使用的互联网操作系统。

Cisco IOS Software的SIP实现中存在多个漏洞,可能允许远程攻击者导致设备重载或执行任意代码。当运行Cisco IOS Software的设备处理畸形SIP消息时可以触发这些漏洞。

在SIP运行在TCP传输的情况下,必须完成三重握手才可以利用这些漏洞。

Cisco IOS 12.4
Cisco IOS 12.3
临时解决方法:

  • 对于不需要启用SIP的设备,最简单有效的临时解决方案就是在设备上禁止处理SIP。一些Cisco IOS Software版本上允许管理员通过以下命令禁用SIP:

    sip-ua
    no transport udp
    no transport tcp
    no transport tcp tls

  • 对于需要提供SIP服务的设备,可使用控制面整形(CoPP)阻断不可信任来源到设备的SIP通讯。可在网络中应用以下示例:

    !-- The 192.168.1.0/24 network and the 172.16.1.1 host are trusted.
    !-- Everything else is not trusted. The following access list is used
    !-- to determine what traffic needs to be dropped by a control plane
    !-- policy (the CoPP feature.) If the access list matches (permit)
    !-- then traffic will be dropped and if the access list does not
    !-- match (deny) then traffic will be processed by the router.

    access-list 100 deny udp 192.168.1.0 0.0.0.255 any eq 5060
    access-list 100 deny tcp 192.168.1.0 0.0.0.255 any eq 5060
    access-list 100 deny tcp 192.168.1.0 0.0.0.255 any eq 5061
    access-list 100 deny udp host 172.16.1.1 any eq 5060
    access-list 100 deny tcp host 172.16.1.1 any eq 5060
    access-list 100 deny tcp host 172.16.1.1 any eq 5061
    access-list 100 permit udp any any eq 5060
    access-list 100 permit tcp any any eq 5060
    access-list 100 permit tcp any any eq 5061

    !-- Permit (Police or Drop)/Deny (Allow) all other Layer3 and Layer4
    !-- traffic in accordance with existing security policies and
    !-- configurations for traffic that is authorized to be sent
    !-- to infrastructure devices.
    !-- Create a Class-Map for traffic to be policed by
    !-- the CoPP feature.

    class-map match-all drop-sip-class
    match access-group 100

    !-- Create a Policy-Map that will be applied to the
    !-- Control-Plane of the device.

    policy-map control-plane-policy
    class drop-sip-class
    drop

    !-- Apply the Policy-Map to the Control-Plane of the
    !-- device.

    control-plane
    service-policy input control-plane-policy

厂商补丁:

Cisco

Cisco已经为此发布了一个安全公告(cisco-sa-20100324-sip)以及相应补丁:
cisco-sa-20100324-sip:Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities
链接:http://www.cisco.com/warp/public/707/cisco-sa-20100324-sip.shtml

Related

cisco 1
nessus 1
securityvulns 2
cve 3
prion 3
cvelist 3
cisco
cisco
Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities
2010-03-24 16:00:00
nessus
nessus
Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities (cisco-sa-20100324-sip)
2010-09-01 00:00:00
securityvulns
securityvulns
Cisco Security Advisory: Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities
2010-03-25 00:00:00
Cisco routers IOS multiple security vulnerabilities
2010-03-25 00:00:00
cve
cve
CVE-2010-0579
2010-03-25 21:00:00
CVE-2010-0580
2010-03-25 21:00:00
CVE-2010-0581
2010-03-25 21:00:00
prion
prion
Denial of service
2010-03-25 21:00:00
Remote code execution
2010-03-25 21:00:00
Remote code execution
2010-03-25 21:00:00
cvelist
cvelist
CVE-2010-0579
2010-03-25 20:31:00
CVE-2010-0581
2010-03-25 20:31:00
CVE-2010-0580
2010-03-25 20:31:00

0.023 Low

EPSS

Percentile

88.5%

JSON
Related for SSV:19355
cisco1nessus1securityvulns2cve3prion3cvelist3