---------------------------------------------------------------------- BETA test the new Secunia Personal Software Inspector! The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors. Download the free PSI BETA from the Secunia website: https://psi.secunia.com/ ---------------------------------------------------------------------- TITLE: Cisco IOS Voice Service Multiple Protocol Handling Vulnerabilities SECUNIA ADVISORY ID: SA26363 VERIFY ADVISORY: http://secunia.com/advisories/26363/ CRITICAL: Moderately critical IMPACT: DoS, System access WHERE: >From remote OPERATING SYSTEM: Cisco IOS 12.x http://secunia.com/product/182/ Cisco IOS R12.x http://secunia.com/product/50/ DESCRIPTION: Multiple vulnerabilities have been reported in Cisco IOS, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. 1) Errors when processing SIP packets can be exploited to crash the device or allow execution of arbitrary code via specially-crafted SIP packets. 2) Errors when processing MGCP packets can be exploited to cause the device to crash or become unresponsive via specially-crafted MGCP packets. 3) Errors when processing H.323 packets can be exploited to crash the device via specially crafted H.323 packets. 4) Errors when processing RTP packets can be exploited to crash the device via specially crafted RTP packets. 5) An error within Facsimile reception can be exploited to crash the device via an overly large packet. Please see the vendor's advisory for a list of affected versions. SOLUTION: Apply updated versions. See vendor advisory for more details. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------