CVE-2004-0352
CVSS5.0
发布时间 :2004-11-23 00:00:00
修订时间 :2008-09-05 16:38:12
NMCOS    

[原文]Cisco 11000 Series Content Services Switches (CSS) running WebNS 5.0(x) before 05.0(04.07)S, and 6.10(x) before 06.10(02.05)S allow remote attackers to cause a denial of service (device reset) via a malformed packet to UDP port 5002.


[CNNVD]Cisco Content Service Switch管理端口UDP拒绝服务漏洞(CNNVD-200411-063)

        Cisco 11000 Series Content Services Switches (CSS)运行WebNS 05.0(04.07)S以前的5.0(x)版本,以及06.10(02.05)S以前的6.10(x)版本时存在漏洞。远程攻击者可以借助一个到UDP端口5002的数据包导致服务拒绝。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/h:cisco:content_services_switch_11150Cisco Cisco Content Services 11150
cpe:/h:cisco:content_services_switch_11050Cisco Cisco Content Services 11050
cpe:/h:cisco:content_services_switch_11000Cisco Content Service 11000
cpe:/h:cisco:content_services_switch_11800Cisco Cisco Content Services 11800

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0352
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0352
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200411-063
(官方数据源) CNNVD

- 其它链接及资源

http://www.kb.cert.org/vuls/id/363374
(VENDOR_ADVISORY)  CERT-VN  VU#363374
http://www.securityfocus.com/bid/9806
(VENDOR_ADVISORY)  BID  9806
http://www.cisco.com/warp/public/707/cisco-sa-20040304-css.shtml
(VENDOR_ADVISORY)  CISCO  20040304 Cisco CSS 11000 Series Content Services Switches Malformed UDP Packet Vulnerability
http://xforce.iss.net/xforce/xfdb/15388
(VENDOR_ADVISORY)  XF  cisco-css-udp-dos(15388)

- 漏洞信息

Cisco Content Service Switch管理端口UDP拒绝服务漏洞
中危 设计错误
2004-11-23 00:00:00 2005-10-20 00:00:00
远程  
        Cisco 11000 Series Content Services Switches (CSS)运行WebNS 05.0(04.07)S以前的5.0(x)版本,以及06.10(02.05)S以前的6.10(x)版本时存在漏洞。远程攻击者可以借助一个到UDP端口5002的数据包导致服务拒绝。

- 公告与补丁

        Cisco has released fixes for this issue:
        Cisco CSS11050 Content Services Switch
        
        Cisco CSS11800 Content Services Switch
        
        Cisco CSS11150 Content Services Switch
        
        Cisco CSS11000 Content Services Switch
        

- 漏洞信息

4139
Cisco Content Services Switch 11000 Series WebNS DoS
Remote / Network Access Denial of Service
Loss of Availability
Exploit Public

- 漏洞描述

Cisco Content Services Switches running WebNS contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker sends malformed UDP packets to the management ports, and will result in loss of availability switch.

- 时间线

2004-03-04 Unknow
2004-03-04 Unknow

- 解决方案

Upgrade to versions 5.0(04.07)S and/or 6.10(02.05)S or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Cisco Content Service Switch Management Port UDP Denial Of Service Vulnerability
Design Error 9806
Yes No
2004-03-04 12:00:00 2006-09-01 09:23:00
Discovery credited to Timothy Arnold.

- 受影响的程序版本

Cisco CSS11800 Content Services Switch
Cisco CSS11150 Content Services Switch
Cisco CSS11050 Content Services Switch
Cisco CSS11000 Content Services Switch

- 漏洞讨论

A problem in the handling of some types of malformed UDP network traffic to the Cisco Content Service Switch management port may allow an attacker to deny service to legitimate users of vulnerable systems.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

Cisco has released fixes for this issue:


Cisco CSS11050 Content Services Switch

Cisco CSS11800 Content Services Switch

Cisco CSS11150 Content Services Switch

Cisco CSS11000 Content Services Switch

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站