Cisco IOS Data-Link Switching内存泄露远程拒绝服务漏洞
Cisco IOS Data-Link Switching内存泄露远程拒绝服务漏洞
发布日期:2011-09-28
更新日期:2011-09-28
受影响系统:
Cisco IOS 15.x
Cisco IOS 12.x
不受影响系统:
Cisco IOS Cisco IOS 15.1(3)T
Cisco IOS Cisco IOS 15.1(2)T2a
Cisco IOS Cisco IOS 15.1(2)T2
Cisco IOS Cisco IOS 15.1(2)S
Cisco IOS Cisco IOS 15.1(1)T3
Cisco IOS Cisco IOS 15.1(1)S1
Cisco IOS Cisco IOS 15.0(1)S4
Cisco IOS Cisco IOS 15.0(1)S3a
Cisco IOS Cisco IOS 15.0(1)M5a
Cisco IOS Cisco IOS 15.0(1)M4
Cisco IOS Cisco IOS 12.4(25e)
Cisco IOS Cisco IOS 12.4(24)T5
Cisco IOS Cisco IOS 12.4(24)GC4
Cisco IOS Cisco IOS 12.4(2)XB12
Cisco IOS Cisco IOS 12.4(15)XM3
Cisco IOS Cisco IOS 12.4(15)XM
Cisco IOS Cisco IOS 12.4(15)T15
Cisco IOS Cisco IOS 12.3(2)XA7
Cisco IOS Cisco IOS 12.3(2)JK3
Cisco IOS Cisco IOS 12.2(8)YJ1
Cisco IOS Cisco IOS 12.2(50)SY
Cisco IOS Cisco IOS 12.2(40)SG
Cisco IOS Cisco IOS 12.2(4)YA8
Cisco IOS Cisco IOS 12.2(33)SXI6
Cisco IOS Cisco IOS 12.2(33)SXH8a
Cisco IOS Cisco IOS 12.2(33)SRE3
Cisco IOS Cisco IOS 12.2(33)SRD6
Cisco IOS Cisco IOS 12.2(33)SCE1
Cisco IOS Cisco IOS 12.2(33)SCD7
Cisco IOS Cisco IOS 12.2(33)SCD6
Cisco IOS Cisco IOS 12.2(33)SCC7
Cisco IOS Cisco IOS 12.2(33)SB10
Cisco IOS Cisco IOS 12.2(33)IRE3
Cisco IOS Cisco IOS 12.2(33)IRD1
Cisco IOS Cisco IOS 12.2(31)SB20
Cisco IOS Cisco IOS 12.2(30)S
Cisco IOS Cisco IOS 12.2(29a)SV
Cisco IOS Cisco IOS 12.2(25)SW12
Cisco IOS Cisco IOS 12.2(2)B7
Cisco IOS Cisco IOS 12.2(18)SXF17b
Cisco IOS Cisco IOS 12.2(15)BX
Cisco IOS Cisco IOS 12.2(13)ZH6
Cisco IOS Cisco IOS 12.2(11)YV1
描述:
--------------------------------------------------------------------------------
BUGTRAQ ID: 49829
CVE ID: CVE-2011-0945
Cisco的网际操作系统(IOS)是一个网际互连优化的复杂操作系统。数据流交互功能DLSw可以实现在IP网络上传输IBM SNA和网络BIOS流量。
DLSw功能在Cisco IOS上的实现上存在内存泄露漏洞,远程非法攻击者可利用此漏洞造成拒绝服务。
Cisco IOS设备配置DLSw监听IP协议91报文,根据DLSw配置,可以开放UDP端口2067和多个TCP端口。通过IP协议91而不是UDP或TCP传输利用此漏洞。
<*来源:Cisco
链接:http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d59.shtml
*>
建议:
--------------------------------------------------------------------------------
厂商补丁:
Cisco
-----
Cisco已经为此发布了一个安全公告(cisco-sa-20110928-dlsw)以及相应补丁:
cisco-sa-20110928-dlsw:Cisco IOS Software Data-Link Switching Vulnerability
链接:http://www.cisco.com/warp/public/707/cisco-sa-20110928-dlsw.shtml
评论暂时关闭