Cisco安全公告 Windows2k Workstation 服务缓存溢出缺陷
涉及程序:
Cisco
描述:
Cisco安全公告 Windows2k Workstation 服务缓存溢出缺陷
详细: 此安全公告描述的是影响在Microsoft Windows 2000上运行的Cisco产品和程序的漏洞。利用此漏洞,攻击者可执行任意代码或者进行拒绝服务攻击。
Workstation服务通过UDP/TCP的138/139/445端口接收数据,通过限制这些端口的传输,有助于减轻利用此漏洞蠕虫病毒的影响.通过限制这些端口的传输也有助于阻止不合法的访问/DOS攻击.
此漏洞已经被发现以及在Microsoft他们的安全公告上MS03-049发布.更详细的漏洞内容介绍,使用以下连接地址
http://www.microsoft.com/technet/security/bulletin/MS03-049.asp
目前还没有发现有利用此漏洞的蠕虫病毒.尽管如此,用户可以通过访问控制列表(ACLS)来保护自身安全.
Cisco 产品相关的漏洞安全内容介绍.地址:
http://www.cisco.com/warp/public/707/cisco-sa-20040129-ms03-049.shtml
受影响产品:
* Cisco CallManager
* Cisco Building Broadband Service Manager (BBSM)
+ BBSM Version 5.2
+ HotSpot 1.0
* Cisco Customer Response Application Server (CRA)
* Cisco Personal Assistant (PA)
* Cisco Conference Connection (CCC)
* Cisco Emergency Responder (CER)
* Cisco IP Call Center Express (IPCC Express)
* Cisco Internet Service Node (ISN)
* Cisco Unity
* Cisco Building Broadband Service Manager (BBSM) versions 5.1 and
prior
* Cisco uOne Enterprise Edition
* Cisco Latitude products
* Cisco Network Registrar (CNR)
* Cisco Internet Service Node (ISN)
* Cisco Intelligent Contact Manager (ICM) (Hosted and Enterprise)
* Cisco IP Contact Center (IPCC) (Express and Enterprise)
* Cisco E-mail Manager (CEM)
* Cisco Collaboration Server (CCS)
* Cisco Dynamic Content Adapter (DCA)
* Cisco Media Blender (CMB)
* TrailHead (Part of the Web Gateway solution)
* Cisco Networking Services for Active Directory (CNS/AD)
* Cisco SN 5400 Series Storage Routers (driver to interface to
Windows server)
* CiscoWorks
+ CiscoWorks VPN/Security Management Solution (CWVMS)
+ User Registration Tool
+ Lan Management Solution
+ Routed WAN Management
+ Service Management
+ VPN/Security Management Solution
+ IP Telephony Environment Monitor
+ Small Network Management Solution
+ QoS Policy Manager
+ Voice Manager
* Cisco Transport Manager (CTM)
* Cisco Broadband Troubleshooter (CBT)
* DOCSIS CPE Configurator
* Cisco Secure Applications
+ Cisco Secure Scanner
+ Cisco Secure Policy Manager (CSPM)
+ Access Control Server (ACS)
* Videoconferencing Applications
+ IP/VC 3540 Video Rate Matching Module
+ IP/VC 3540 Application Server
* Cisco IP/TV Server
攻击方法:
暂无有效攻击代码
解决方案:
解决方案:
使用受影响的Cisco IP Telphony应用程序的客户,请使用 win-OS-Upgrade-k9.2000-2-5sr4.exe 或更新版本的升级包,连接如下:
http://www.cisco.com/pcgi-bin/tablebuild.pl/cmva-3des?psrtdcat20e2
Cisco Building Broadband Service Manager
如:BBSM Version 5.2, 请使用BBSM52SP2.exe 或更新版本的升级包,连接如下:
http://www.cisco.com/pcgi-bin/tablebuild.pl/bbsm52
Cisco HotSpot 1.0
如:Cisco HotSpot 1.0 ,应用Service Pack 1 升级包,连接地址:
http://www.cisco.com/pcgi-bin/tablebuild.pl/bbsmhs10
附加信息:
无
相关站点:
http://www.cisco.com/warp/public/707/cisco-sa-20040129-ms03-049.shtml
推荐
评论(0条)
