pioneer
超级版主
积分 4563
发帖 4545
注册 2007-7-16
来自 BJ
|
#1 Cisco Security Agent系统驱动不特定的缓冲溢出
来源
secunia.com
软件名
Cisco Security Agent (CSA) 5.x
Cisco Security Agent (CSA) 4.x
Cisco Unified Communications Manager 4.x
Cisco Unified Communications Manager 5.x
Cisco Unified Communications Manager 6.x
Cisco Conference Connection (CCC) 1.x
Cisco Emergency Responder (CER) 1.x
Cisco IP Call Center Express (IPCC Express)
Cisco IP Interactive Voice Response (IP IVR)
Cisco Unified MeetingPlace 4.x
Cisco Personal Assistant Version 1.3x
Cisco Personal Assistant Version 1.4x
描述
这可恶意导致拒绝服务或危害有漏洞的系统
应用程序的系统驱动中的越界访问错误,可通过传递特定的包到端口139/TCP或 445/TCP来导致缓冲溢出
溢出成功后可执行任意代码
windows(managed或unmanaged)下Cisco Security Agent的所有版本均已经报告过这个漏洞。具体请参照厂商提供的包括agent的思科产品列表
解决方案
应用更新
-- Managed Cisco Security Agents --
Cisco Security Agent version 4.5.1:
应用 Hotfix 4.5.1.672.
Cisco Security Agent version 5.0:
应用 Hotfix 5.0.0.225.
Cisco Security Agent version 5.1:
应用 Hotfix 5.1.0.106.
Cisco Security Agent version 5.2:
应用 Hotfix 5.2.0.238.
Hotfixes available at:
http://www.cisco.com/pcgi-bin/ta ... crypto?psrtdcat20e2
-- Cisco Security Agent for Cisco IP Communications Products --
Cisco Security Agent version 4.5.1:
应用 CUCM-CSA-4.5.1.672-2.0.7-k9.exe.
Cisco Security Agent version 5.0:
应用 CUCM-CSA-5.0.0.225-3.0.7-k9.exe
Fixes available at:
http://www.cisco.com/pcgi-bin/ta ... a-3des?psrtdcat20e2
-- Cisco Security Agent for Cisco Security Manager --
应用 fcs-csamc-hotfix-5.2.0.238-w2k3-k9-CSM.zip
http://www.cisco.com/pcgi-bin/tablebuild.pl/csm-app?psrtdcat20e2
| |
※文章所有权归【pioneer】与【东方微点论坛】共同所有,转载请注明出处!※
|
 |
|
