Vulnerabilities > CVE-2005-4794 - Remote Denial of Service vulnerability in Multiple Vendor DNS Message Decompression
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Cisco IP Phones 7902/7905/7912, ATA 186/188, Unity Express, ACNS, and Subscriber Edge Services Manager (SESM) allows remote attackers to cause a denial of service (crash or instability) via a compressed DNS packet with a label length byte with an incorrect offset. Cisco has released advisory cisco-sn-20050524-dns to address this issue. Please see the referenced advisory for further information on obtaining fixes.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 4 | |
Hardware | 4 |
References
- http://secunia.com/advisories/15472
- http://securitytracker.com/id?1014043
- http://securitytracker.com/id?1014044
- http://securitytracker.com/id?1014045
- http://securitytracker.com/id?1014046
- http://securitytracker.com/id?1015975
- http://www.cisco.com/warp/public/707/cisco-sn-20050524-dns.shtml
- http://www.niscc.gov.uk/niscc/docs/al-20050524-00433.html
- http://www.niscc.gov.uk/niscc/docs/re-20050524-00432.pdf?lang=en
- http://www.osvdb.org/19003
- http://www.securityfocus.com/bid/13729
- https://exchange.xforce.ibmcloud.com/vulnerabilities/20712