Vulnerabilities > CVE-2010-0581 - Unspecified vulnerability in Cisco IOS

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
cisco
nessus

Summary

Unspecified vulnerability in the SIP implementation in Cisco IOS 12.3 and 12.4 allows remote attackers to execute arbitrary code via a malformed SIP message, aka Bug ID CSCsz89904, the "SIP Packet Parsing Arbitrary Code Execution Vulnerability."

Nessus

NASL familyCISCO
NASL idCISCO-SA-20100324-SIPHTTP.NASL
descriptionMultiple vulnerabilities exist in the Session Initiation Protocol (SIP) implementation in Cisco IOS Software that could allow an unauthenticated, remote attacker to cause a reload of an affected device when SIP operation is enabled. Remote code execution may also be possible. Cisco has released free software updates that address these vulnerabilities. For devices that must run SIP there are no workarounds; however, mitigations are available to limit exposure of the vulnerabilities.
last seen2019-10-28
modified2010-09-01
plugin id49054
published2010-09-01
reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/49054
titleCisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities (cisco-sa-20100324-sip)
code
#TRUSTED 1a315f012053e6131e00586117393328a0a7324e58687cda87163b3b964a71583a87b153f7eb7bdc86ee2300ee7b192173e8168953a0d220dfea21fdbf9b56f1460bc353315c4292a47040040377ce542ef5347b68766f342eea47f54b6f39e309e543779b92f20dfccdc7f2371b398aaa344ef89645621b037c28ed44aebced7766d69850500adec8888e6d1a77fbc77c37e4a950fabb73ffefd4418fe11945263d73814710dcd175d82c1c82cfed5896fadef3677895b9db5eda0c7d9f13dbb734e8822fa367dafa68bf136d85506b5ba59ff8a48bb73a9a3111dde6537b73b2af4e97b749002517d56e9fc513518278e4d6302a9924e6f2cb7953fd0ea98bc97b5e7a6ec1f0a52f0da98c9f945e60ff4e5f052066f9b709f89c50a6a0915aa526db2f4bbe28c12b1317c38bdf11b4f8de7536fa27af9c59aa5ca2794c0ac8e521896c8b53a442f264e8e13462c148ee635e3ec5518e7ac4cdd4c3a95b1a7ecb9eb927c8f259e969e8416ba6e9b4d2324dbb1b53a4b9983bf09455e30743b2aef3047ed5d943f2e0486b3b15295383197bdd7f591c61123549a720dc597e1e8ad16db98b32e694a8a53e8058b9247d6b6154e16d428644558170257f25b17292098fcd1274433dbac57e2a11cbf03bcf28c989dfccc04952d43f2503bb07fd963f7c6dbd44dff212823ce5edebc0283b4d98cee9903bbbd35be1338c5cc644
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Cisco Security Advisory cisco-sa-20100324-sip.
# The text itself is copyright (C) Cisco
#

include("compat.inc");

if (description)
{
  script_id(49054);
  script_version("1.21");
  script_set_attribute(attribute:"plugin_modification_date", value:"2018/11/15");

  script_cve_id("CVE-2010-0579", "CVE-2010-0580", "CVE-2010-0581");
  script_xref(name:"CISCO-BUG-ID", value:"CSCsz48680");
  script_xref(name:"CISCO-BUG-ID", value:"CSCsz89904");
  script_xref(name:"CISCO-BUG-ID", value:"CSCtb93416");
  script_xref(name:"CISCO-SA", value:"cisco-sa-20100324-sip");

  script_name(english:"Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities (cisco-sa-20100324-sip)");
  script_summary(english:"Checks the IOS version.");

  script_set_attribute(
    attribute:"synopsis",
    value:"The remote device is missing a vendor-supplied security patch."
  );
  script_set_attribute(
    attribute:"description",
    value:
"Multiple vulnerabilities exist in the Session Initiation Protocol
(SIP) implementation in Cisco IOS Software that could allow an
unauthenticated, remote attacker to cause a reload of an affected
device when SIP operation is enabled. Remote code execution may also
be possible. Cisco has released free software updates that address
these vulnerabilities. For devices that must run SIP there are no
workarounds; however, mitigations are available to limit exposure of
the vulnerabilities."
  );
  # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20100324-sip
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?0566c9c4"
  );
  script_set_attribute(
    attribute:"solution",
    value:
"Apply the relevant patch referenced in Cisco Security Advisory
cisco-sa-20100324-sip."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios");

  script_set_attribute(attribute:"vuln_publication_date", value:"2010/03/24");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/09/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/09/01");

  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.");
  script_family(english:"CISCO");

  script_dependencies("cisco_ios_version.nasl");
  script_require_keys("Host/Cisco/IOS/Version");

  exit(0);
}



include("audit.inc");
include("cisco_func.inc");
include("cisco_kb_cmd_func.inc");

flag = 0;
override = 0;

version = get_kb_item_or_exit("Host/Cisco/IOS/Version");
if ( version == '12.3(11)T' ) flag++;
if ( version == '12.3(11)T1' ) flag++;
if ( version == '12.3(11)T10' ) flag++;
if ( version == '12.3(11)T11' ) flag++;
if ( version == '12.3(11)T12' ) flag++;
if ( version == '12.3(11)T2' ) flag++;
if ( version == '12.3(11)T2a' ) flag++;
if ( version == '12.3(11)T3' ) flag++;
if ( version == '12.3(11)T4' ) flag++;
if ( version == '12.3(11)T5' ) flag++;
if ( version == '12.3(11)T6' ) flag++;
if ( version == '12.3(11)T7' ) flag++;
if ( version == '12.3(11)T8' ) flag++;
if ( version == '12.3(11)T9' ) flag++;
if ( version == '12.3(11)XL' ) flag++;
if ( version == '12.3(11)XL1' ) flag++;
if ( version == '12.3(11)XL2' ) flag++;
if ( version == '12.3(11)XL3' ) flag++;
if ( version == '12.3(11)YF' ) flag++;
if ( version == '12.3(11)YF1' ) flag++;
if ( version == '12.3(11)YF2' ) flag++;
if ( version == '12.3(11)YF3' ) flag++;
if ( version == '12.3(11)YF4' ) flag++;
if ( version == '12.3(11)YK' ) flag++;
if ( version == '12.3(11)YK1' ) flag++;
if ( version == '12.3(11)YK2' ) flag++;
if ( version == '12.3(11)YL' ) flag++;
if ( version == '12.3(11)YL1' ) flag++;
if ( version == '12.3(11)YL2' ) flag++;
if ( version == '12.3(11)YN' ) flag++;
if ( version == '12.3(11)YR' ) flag++;
if ( version == '12.3(11)YR1' ) flag++;
if ( version == '12.3(11)YS2' ) flag++;
if ( version == '12.3(11)YW' ) flag++;
if ( version == '12.3(11)YW1' ) flag++;
if ( version == '12.3(11)YW2' ) flag++;
if ( version == '12.3(11)YZ' ) flag++;
if ( version == '12.3(11)YZ1' ) flag++;
if ( version == '12.3(11)YZ2' ) flag++;
if ( version == '12.3(11)ZB' ) flag++;
if ( version == '12.3(11)ZB1' ) flag++;
if ( version == '12.3(11)ZB2' ) flag++;
if ( version == '12.3(14)T' ) flag++;
if ( version == '12.3(14)T1' ) flag++;
if ( version == '12.3(14)T2' ) flag++;
if ( version == '12.3(14)T3' ) flag++;
if ( version == '12.3(14)T4' ) flag++;
if ( version == '12.3(14)T5' ) flag++;
if ( version == '12.3(14)T6' ) flag++;
if ( version == '12.3(14)T7' ) flag++;
if ( version == '12.3(14)YM1' ) flag++;
if ( version == '12.3(14)YM10' ) flag++;
if ( version == '12.3(14)YM11' ) flag++;
if ( version == '12.3(14)YM12' ) flag++;
if ( version == '12.3(14)YM13' ) flag++;
if ( version == '12.3(14)YM2' ) flag++;
if ( version == '12.3(14)YM3' ) flag++;
if ( version == '12.3(14)YM4' ) flag++;
if ( version == '12.3(14)YM5' ) flag++;
if ( version == '12.3(14)YM6' ) flag++;
if ( version == '12.3(14)YM7' ) flag++;
if ( version == '12.3(14)YM8' ) flag++;
if ( version == '12.3(14)YM9' ) flag++;
if ( version == '12.3(14)YQ' ) flag++;
if ( version == '12.3(14)YQ1' ) flag++;
if ( version == '12.3(14)YQ2' ) flag++;
if ( version == '12.3(14)YQ3' ) flag++;
if ( version == '12.3(14)YQ4' ) flag++;
if ( version == '12.3(14)YQ5' ) flag++;
if ( version == '12.3(14)YQ6' ) flag++;
if ( version == '12.3(14)YQ7' ) flag++;
if ( version == '12.3(14)YQ8' ) flag++;
if ( version == '12.3(14)YT' ) flag++;
if ( version == '12.3(14)YT1' ) flag++;
if ( version == '12.3(14)YU' ) flag++;
if ( version == '12.3(14)YU1' ) flag++;
if ( version == '12.3(14)YX' ) flag++;
if ( version == '12.3(14)YX1' ) flag++;
if ( version == '12.3(14)YX10' ) flag++;
if ( version == '12.3(14)YX11' ) flag++;
if ( version == '12.3(14)YX12' ) flag++;
if ( version == '12.3(14)YX13' ) flag++;
if ( version == '12.3(14)YX14' ) flag++;
if ( version == '12.3(14)YX15' ) flag++;
if ( version == '12.3(14)YX2' ) flag++;
if ( version == '12.3(14)YX3' ) flag++;
if ( version == '12.3(14)YX4' ) flag++;
if ( version == '12.3(14)YX7' ) flag++;
if ( version == '12.3(14)YX8' ) flag++;
if ( version == '12.3(14)YX9' ) flag++;
if ( version == '12.3(2)XF' ) flag++;
if ( version == '12.3(4)XD' ) flag++;
if ( version == '12.3(4)XD1' ) flag++;
if ( version == '12.3(4)XD2' ) flag++;
if ( version == '12.3(4)XD3' ) flag++;
if ( version == '12.3(4)XD4' ) flag++;
if ( version == '12.3(4)XG' ) flag++;
if ( version == '12.3(4)XG1' ) flag++;
if ( version == '12.3(4)XG2' ) flag++;
if ( version == '12.3(4)XG3' ) flag++;
if ( version == '12.3(4)XG4' ) flag++;
if ( version == '12.3(4)XG5' ) flag++;
if ( version == '12.3(4)XH' ) flag++;
if ( version == '12.3(4)XH1' ) flag++;
if ( version == '12.3(4)XK' ) flag++;
if ( version == '12.3(4)XK1' ) flag++;
if ( version == '12.3(4)XK2' ) flag++;
if ( version == '12.3(4)XK3' ) flag++;
if ( version == '12.3(4)XK4' ) flag++;
if ( version == '12.3(4)XQ' ) flag++;
if ( version == '12.3(4)XQ1' ) flag++;
if ( version == '12.3(7)T' ) flag++;
if ( version == '12.3(7)T1' ) flag++;
if ( version == '12.3(7)T10' ) flag++;
if ( version == '12.3(7)T11' ) flag++;
if ( version == '12.3(7)T12' ) flag++;
if ( version == '12.3(7)T2' ) flag++;
if ( version == '12.3(7)T3' ) flag++;
if ( version == '12.3(7)T4' ) flag++;
if ( version == '12.3(7)T5' ) flag++;
if ( version == '12.3(7)T6' ) flag++;
if ( version == '12.3(7)T7' ) flag++;
if ( version == '12.3(7)T8' ) flag++;
if ( version == '12.3(7)T9' ) flag++;
if ( version == '12.3(7)XI' ) flag++;
if ( version == '12.3(7)XI1' ) flag++;
if ( version == '12.3(7)XI10a' ) flag++;
if ( version == '12.3(7)XI2' ) flag++;
if ( version == '12.3(7)XI2b' ) flag++;
if ( version == '12.3(7)XI3' ) flag++;
if ( version == '12.3(7)XI4' ) flag++;
if ( version == '12.3(7)XI5' ) flag++;
if ( version == '12.3(7)XI6' ) flag++;
if ( version == '12.3(7)XI7' ) flag++;
if ( version == '12.3(7)XI7a' ) flag++;
if ( version == '12.3(7)XI7b' ) flag++;
if ( version == '12.3(7)XI8' ) flag++;
if ( version == '12.3(7)XI8bc' ) flag++;
if ( version == '12.3(7)XI8g' ) flag++;
if ( version == '12.3(7)XJ' ) flag++;
if ( version == '12.3(7)XJ1' ) flag++;
if ( version == '12.3(7)XJ2' ) flag++;
if ( version == '12.3(7)XL' ) flag++;
if ( version == '12.3(7)XM' ) flag++;
if ( version == '12.3(7)XR' ) flag++;
if ( version == '12.3(7)XR3' ) flag++;
if ( version == '12.3(7)XR4' ) flag++;
if ( version == '12.3(7)XR5' ) flag++;
if ( version == '12.3(7)XR6' ) flag++;
if ( version == '12.3(7)XR7' ) flag++;
if ( version == '12.3(7)YB' ) flag++;
if ( version == '12.3(7)YB1' ) flag++;
if ( version == '12.3(8)T' ) flag++;
if ( version == '12.3(8)T1' ) flag++;
if ( version == '12.3(8)T10' ) flag++;
if ( version == '12.3(8)T11' ) flag++;
if ( version == '12.3(8)T2' ) flag++;
if ( version == '12.3(8)T3' ) flag++;
if ( version == '12.3(8)T4' ) flag++;
if ( version == '12.3(8)T5' ) flag++;
if ( version == '12.3(8)T6' ) flag++;
if ( version == '12.3(8)T7' ) flag++;
if ( version == '12.3(8)T8' ) flag++;
if ( version == '12.3(8)T9' ) flag++;
if ( version == '12.3(8)XU2' ) flag++;
if ( version == '12.3(8)XU3' ) flag++;
if ( version == '12.3(8)XU4' ) flag++;
if ( version == '12.3(8)XU5' ) flag++;
if ( version == '12.3(8)XW' ) flag++;
if ( version == '12.3(8)XW1' ) flag++;
if ( version == '12.3(8)XW1a' ) flag++;
if ( version == '12.3(8)XW1b' ) flag++;
if ( version == '12.3(8)XW2' ) flag++;
if ( version == '12.3(8)XW3' ) flag++;
if ( version == '12.3(8)XX' ) flag++;
if ( version == '12.3(8)XX1' ) flag++;
if ( version == '12.3(8)XX2d' ) flag++;
if ( version == '12.3(8)XX2e' ) flag++;
if ( version == '12.3(8)XY' ) flag++;
if ( version == '12.3(8)XY1' ) flag++;
if ( version == '12.3(8)XY2' ) flag++;
if ( version == '12.3(8)XY3' ) flag++;
if ( version == '12.3(8)XY4' ) flag++;
if ( version == '12.3(8)XY5' ) flag++;
if ( version == '12.3(8)XY6' ) flag++;
if ( version == '12.3(8)XY7' ) flag++;
if ( version == '12.3(8)YC' ) flag++;
if ( version == '12.3(8)YC1' ) flag++;
if ( version == '12.3(8)YC2' ) flag++;
if ( version == '12.3(8)YC3' ) flag++;
if ( version == '12.3(8)YG' ) flag++;
if ( version == '12.3(8)YG2' ) flag++;
if ( version == '12.3(8)YG3' ) flag++;
if ( version == '12.3(8)YG4' ) flag++;
if ( version == '12.3(8)YG6' ) flag++;
if ( version == '12.3(8)ZA' ) flag++;
if ( version == '12.3(8)ZA1' ) flag++;
if ( version == '12.4(1)' ) flag++;
if ( version == '12.4(10)' ) flag++;
if ( version == '12.4(10a)' ) flag++;
if ( version == '12.4(10b)' ) flag++;
if ( version == '12.4(10c)' ) flag++;
if ( version == '12.4(12)' ) flag++;
if ( version == '12.4(12a)' ) flag++;
if ( version == '12.4(12b)' ) flag++;
if ( version == '12.4(12c)' ) flag++;
if ( version == '12.4(13)' ) flag++;
if ( version == '12.4(13a)' ) flag++;
if ( version == '12.4(13b)' ) flag++;
if ( version == '12.4(13c)' ) flag++;
if ( version == '12.4(13d)' ) flag++;
if ( version == '12.4(13e)' ) flag++;
if ( version == '12.4(13f)' ) flag++;
if ( version == '12.4(16)' ) flag++;
if ( version == '12.4(16a)' ) flag++;
if ( version == '12.4(16b)' ) flag++;
if ( version == '12.4(17)' ) flag++;
if ( version == '12.4(17a)' ) flag++;
if ( version == '12.4(17b)' ) flag++;
if ( version == '12.4(18)' ) flag++;
if ( version == '12.4(18a)' ) flag++;
if ( version == '12.4(18b)' ) flag++;
if ( version == '12.4(18c)' ) flag++;
if ( version == '12.4(18d)' ) flag++;
if ( version == '12.4(18e)' ) flag++;
if ( version == '12.4(19)' ) flag++;
if ( version == '12.4(19a)' ) flag++;
if ( version == '12.4(19b)' ) flag++;
if ( version == '12.4(1a)' ) flag++;
if ( version == '12.4(1b)' ) flag++;
if ( version == '12.4(1c)' ) flag++;
if ( version == '12.4(2)MR' ) flag++;
if ( version == '12.4(2)MR1' ) flag++;
if ( version == '12.4(2)T' ) flag++;
if ( version == '12.4(2)T1' ) flag++;
if ( version == '12.4(2)T2' ) flag++;
if ( version == '12.4(2)T3' ) flag++;
if ( version == '12.4(2)T4' ) flag++;
if ( version == '12.4(2)T5' ) flag++;
if ( version == '12.4(2)T6' ) flag++;
if ( version == '12.4(2)XA' ) flag++;
if ( version == '12.4(2)XA1' ) flag++;
if ( version == '12.4(2)XA2' ) flag++;
if ( version == '12.4(2)XB' ) flag++;
if ( version == '12.4(2)XB1' ) flag++;
if ( version == '12.4(2)XB10' ) flag++;
if ( version == '12.4(2)XB11' ) flag++;
if ( version == '12.4(2)XB2' ) flag++;
if ( version == '12.4(2)XB3' ) flag++;
if ( version == '12.4(2)XB4' ) flag++;
if ( version == '12.4(2)XB5' ) flag++;
if ( version == '12.4(2)XB6' ) flag++;
if ( version == '12.4(2)XB7' ) flag++;
if ( version == '12.4(2)XB8' ) flag++;
if ( version == '12.4(2)XB9' ) flag++;
if ( version == '12.4(20)YA' ) flag++;
if ( version == '12.4(20)YA1' ) flag++;
if ( version == '12.4(20)YA2' ) flag++;
if ( version == '12.4(20)YA3' ) flag++;
if ( version == '12.4(21)' ) flag++;
if ( version == '12.4(21a)' ) flag++;
if ( version == '12.4(21a)M1' ) flag++;
if ( version == '12.4(22)GC1' ) flag++;
if ( version == '12.4(22)MD' ) flag++;
if ( version == '12.4(22)MD1' ) flag++;
if ( version == '12.4(22)MDA' ) flag++;
if ( version == '12.4(22)MDA1' ) flag++;
if ( version == '12.4(22)MF' ) flag++;
if ( version == '12.4(22)T' ) flag++;
if ( version == '12.4(22)T1' ) flag++;
if ( version == '12.4(22)T2' ) flag++;
if ( version == '12.4(22)XR' ) flag++;
if ( version == '12.4(22)XR1' ) flag++;
if ( version == '12.4(22)XR2' ) flag++;
if ( version == '12.4(22)YB' ) flag++;
if ( version == '12.4(22)YB1' ) flag++;
if ( version == '12.4(22)YB4' ) flag++;
if ( version == '12.4(22)YD' ) flag++;
if ( version == '12.4(22)YD1' ) flag++;
if ( version == '12.4(22)YD2' ) flag++;
if ( version == '12.4(22)YE' ) flag++;
if ( version == '12.4(22)YE1' ) flag++;
if ( version == '12.4(23)' ) flag++;
if ( version == '12.4(23a)' ) flag++;
if ( version == '12.4(23b)' ) flag++;
if ( version == '12.4(23b)M1' ) flag++;
if ( version == '12.4(23c)' ) flag++;
if ( version == '12.4(24)GC1' ) flag++;
if ( version == '12.4(24)T' ) flag++;
if ( version == '12.4(24)T1' ) flag++;
if ( version == '12.4(24)YG1' ) flag++;
if ( version == '12.4(25)' ) flag++;
if ( version == '12.4(25a)' ) flag++;
if ( version == '12.4(25b)' ) flag++;
if ( version == '12.4(3)' ) flag++;
if ( version == '12.4(3a)' ) flag++;
if ( version == '12.4(3b)' ) flag++;
if ( version == '12.4(3c)' ) flag++;
if ( version == '12.4(3d)' ) flag++;
if ( version == '12.4(3e)' ) flag++;
if ( version == '12.4(3f)' ) flag++;
if ( version == '12.4(3g)' ) flag++;
if ( version == '12.4(3h)' ) flag++;
if ( version == '12.4(3i)' ) flag++;
if ( version == '12.4(3j)' ) flag++;
if ( version == '12.4(4)MR' ) flag++;
if ( version == '12.4(4)MR1' ) flag++;
if ( version == '12.4(4)T' ) flag++;
if ( version == '12.4(4)T1' ) flag++;
if ( version == '12.4(4)T2' ) flag++;
if ( version == '12.4(4)T3' ) flag++;
if ( version == '12.4(4)T4' ) flag++;
if ( version == '12.4(4)T5' ) flag++;
if ( version == '12.4(4)T6' ) flag++;
if ( version == '12.4(4)T7' ) flag++;
if ( version == '12.4(4)T8' ) flag++;
if ( version == '12.4(4)XD' ) flag++;
if ( version == '12.4(4)XD1' ) flag++;
if ( version == '12.4(4)XD10' ) flag++;
if ( version == '12.4(4)XD11' ) flag++;
if ( version == '12.4(4)XD12' ) flag++;
if ( version == '12.4(4)XD2' ) flag++;
if ( version == '12.4(4)XD3' ) flag++;
if ( version == '12.4(4)XD4' ) flag++;
if ( version == '12.4(4)XD5' ) flag++;
if ( version == '12.4(4)XD6' ) flag++;
if ( version == '12.4(4)XD7' ) flag++;
if ( version == '12.4(4)XD8' ) flag++;
if ( version == '12.4(4)XD9' ) flag++;
if ( version == '12.4(5)' ) flag++;
if ( version == '12.4(5a)' ) flag++;
if ( version == '12.4(5a)M0' ) flag++;
if ( version == '12.4(5b)' ) flag++;
if ( version == '12.4(5c)' ) flag++;
if ( version == '12.4(6)MR' ) flag++;
if ( version == '12.4(6)MR1' ) flag++;
if ( version == '12.4(6)T' ) flag++;
if ( version == '12.4(6)T1' ) flag++;
if ( version == '12.4(6)T10' ) flag++;
if ( version == '12.4(6)T11' ) flag++;
if ( version == '12.4(6)T12' ) flag++;
if ( version == '12.4(6)T2' ) flag++;
if ( version == '12.4(6)T3' ) flag++;
if ( version == '12.4(6)T4' ) flag++;
if ( version == '12.4(6)T5' ) flag++;
if ( version == '12.4(6)T5a' ) flag++;
if ( version == '12.4(6)T5b' ) flag++;
if ( version == '12.4(6)T6' ) flag++;
if ( version == '12.4(6)T7' ) flag++;
if ( version == '12.4(6)T8' ) flag++;
if ( version == '12.4(6)T9' ) flag++;
if ( version == '12.4(6)XP' ) flag++;
if ( version == '12.4(6)XT' ) flag++;
if ( version == '12.4(6)XT1' ) flag++;
if ( version == '12.4(6)XT2' ) flag++;
if ( version == '12.4(7)' ) flag++;
if ( version == '12.4(7a)' ) flag++;
if ( version == '12.4(7b)' ) flag++;
if ( version == '12.4(7c)' ) flag++;
if ( version == '12.4(7d)' ) flag++;
if ( version == '12.4(7e)' ) flag++;
if ( version == '12.4(7f)' ) flag++;
if ( version == '12.4(7g)' ) flag++;
if ( version == '12.4(7h)' ) flag++;
if ( version == '12.4(8)' ) flag++;
if ( version == '12.4(8a)' ) flag++;
if ( version == '12.4(8b)' ) flag++;
if ( version == '12.4(8c)' ) flag++;
if ( version == '12.4(8d)' ) flag++;
if (get_kb_item("Host/local_checks_enabled"))
{
  if (flag)
  {
    flag = 0;
    buf = cisco_command_kb_item("Host/Cisco/Config/show_processes", "show processes");
    if (check_cisco_result(buf))
    {
      if (preg(pattern:"SIP", multiline:TRUE, string:buf)) { flag = 1; }
    } else if (cisco_needs_enable(buf)) { flag = 1; override = 1; }
  }
}



if (flag)
{
  security_hole(port:0, extra:cisco_caveat(override));
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 38935,38929,38933 CVE ID: CVE-2010-0579,CVE-2010-0580,CVE-2010-0581 Cisco IOS是思科网络设备所使用的互联网操作系统。 Cisco IOS Software的SIP实现中存在多个漏洞,可能允许远程攻击者导致设备重载或执行任意代码。当运行Cisco IOS Software的设备处理畸形SIP消息时可以触发这些漏洞。 在SIP运行在TCP传输的情况下,必须完成三重握手才可以利用这些漏洞。 Cisco IOS 12.4 Cisco IOS 12.3 临时解决方法: * 对于不需要启用SIP的设备,最简单有效的临时解决方案就是在设备上禁止处理SIP。一些Cisco IOS Software版本上允许管理员通过以下命令禁用SIP: sip-ua no transport udp no transport tcp no transport tcp tls * 对于需要提供SIP服务的设备,可使用控制面整形(CoPP)阻断不可信任来源到设备的SIP通讯。可在网络中应用以下示例: !-- The 192.168.1.0/24 network and the 172.16.1.1 host are trusted. !-- Everything else is not trusted. The following access list is used !-- to determine what traffic needs to be dropped by a control plane !-- policy (the CoPP feature.) If the access list matches (permit) !-- then traffic will be dropped and if the access list does not !-- match (deny) then traffic will be processed by the router. access-list 100 deny udp 192.168.1.0 0.0.0.255 any eq 5060 access-list 100 deny tcp 192.168.1.0 0.0.0.255 any eq 5060 access-list 100 deny tcp 192.168.1.0 0.0.0.255 any eq 5061 access-list 100 deny udp host 172.16.1.1 any eq 5060 access-list 100 deny tcp host 172.16.1.1 any eq 5060 access-list 100 deny tcp host 172.16.1.1 any eq 5061 access-list 100 permit udp any any eq 5060 access-list 100 permit tcp any any eq 5060 access-list 100 permit tcp any any eq 5061 !-- Permit (Police or Drop)/Deny (Allow) all other Layer3 and Layer4 !-- traffic in accordance with existing security policies and !-- configurations for traffic that is authorized to be sent !-- to infrastructure devices. !-- Create a Class-Map for traffic to be policed by !-- the CoPP feature. class-map match-all drop-sip-class match access-group 100 !-- Create a Policy-Map that will be applied to the !-- Control-Plane of the device. policy-map control-plane-policy class drop-sip-class drop !-- Apply the Policy-Map to the Control-Plane of the !-- device. control-plane service-policy input control-plane-policy 厂商补丁: Cisco ----- Cisco已经为此发布了一个安全公告(cisco-sa-20100324-sip)以及相应补丁: cisco-sa-20100324-sip:Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities 链接:http://www.cisco.com/warp/public/707/cisco-sa-20100324-sip.shtml
idSSV:19355
last seen2017-11-19
modified2010-03-27
published2010-03-27
reporterRoot
titleCisco IOS SIP实现多个拒绝服务和远程代码执行漏洞