CERT-MU Vulnerability Note VN-2009-28

Cisco Unified Presence Denial of Service Vulnerabilities

Original Issue Date: October 23, 2009

Severity Rating: High

Affected Softwares

• Cisco Unified Presence versions 1.0 and later
• Cisco Unified Presence versions 6.0 and later but prior to 6.0(6)
• Cisco Unified Presence versions 7.0 and later but prior to 7.0(4)

Overview

Two vulnerabilities have been reported in Cisco Unified Presence that could allow a remote user to cause Denial of Service conditions.

Description

• TimesTenD Remote Denial of Service Vulnerability
  
  A remote attacker could exploit the vulnerability which exists because of an error in TimesTenD component by flooding TCP ports 16200 or 22794 with completed connections. This could cause the TimesTenD process to stop and then restart, resulting in a DoS condition
  
  
• Multiple TCP Connections Remote Denial of Service Vulnerability
  
  The vulnerability is because of an error in the handling of TCP packets on all listening ports. A remote attacker could exploit this vulnerability by opening many TCP connections to the target system to cause the internal connection tracking table to prevent new connections, resulting in a DoS condition.
  
  

  Solution

  Apply appropriate patch as mentioned in Cisco Security Advisory
  

  Vendor Information

  CISCO
  http://www.cisco.com/warp/public/707/cisco-sa-20091014-cup.shtml
  

  CVE Name
  CVE-2009-2874
  CVE-2009-2052
  

  References

  CISCO
  http://www.cisco.com/warp/public/707/cisco-sa-20091014-cup.shtml
  http://tools.cisco.com/security/center/viewAlert.x?alertId=19172
  

  SecurityTracker
  http://securitytracker.com/alerts/2009/Oct/1023018.html
  

  VUPEN
  http://www.vupen.com/english/advisories/2009/2915
  

  Disclaimer

  The information provided herein is on "as is" basis, without warranty of any kind.