U radu programskih paketa Cisco Unified Presence i Jabber Extensible Communications Platform (Jabber XCP) uočen je sigurnosni nedostatak. Moguće ga je iskoristiti udaljeno, za izvođenje napada uskraćivanjem usluge.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Cisco Unified Presence and Jabber Extensible Communications Platform
Stream Header Denial of Service Vulnerability

Advisory ID: cisco-sa-20120912-cupxcp

Revision 1.0

For Public Release 2012 September 12 16:00  UTC (GMT)
+---------------------------------------------------------------------

Summary
=======

A denial of service (DoS) vulnerability exists in Cisco Unified
Presence and Jabber Extensible Communications Platform (Jabber XCP).
An unauthenticated, remote attacker could exploit this vulnerability
by sending a specially crafted Extensible Messaging and Presence
Protocol (XMPP) stream header to an affected server. Successful
exploitation of this vulnerability could cause the Connection Manager
process to crash.  Repeated exploitation could result in a sustained
DoS condition.

There are no workarounds available to mitigate exploitation of this
vulnerability.

Cisco has released free software updates that address this
vulnerability.  

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120912-cupxcp
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org

iF4EAREIAAYFAlBQmfoACgkQUddfH3/BbTr41QEAiEtU1YJmRk9YpE1gC5mlqWDN
nfdqWNCjaeDKfgnJjYYA/jqFNpCPCHjUL4Oon847zNnduIW2CY9SBrWc9g2iYLNL
=qvOa
-----END PGP SIGNATURE-----
_______________________________________________
cust-security-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
To unsubscribe, send the command "unsubscribe" in the subject of your message to
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.