Cisco CallManager port connection denial of service

cisco-callmanager-port-connection-dos (24180) The risk level is classified as LowLow Risk

Description:

Cisco CallManager is vulnerable to a denial of service caused by improper handling of port connections. A remote attacker could establish multiple connections to TCP port 2000 consuming all available memory and CPU resources or establish multiple connections to TCP ports 2001, 2002, or 7727 to fill the Windows message queue causing services to be disrupted or the system to reboot.

Platforms Affected:

  • Cisco, CallManager 1.0
  • Cisco, CallManager 2.0
  • Cisco, CallManager 3.0
  • Cisco, CallManager 3.1
  • Cisco, CallManager 3.1(2)
  • Cisco, CallManager 3.1(3A)
  • Cisco, CallManager 3.2
  • Cisco, CallManager 3.3
  • Cisco, CallManager 3.3(3)
  • Cisco, CallManager 3.3(3)ES61
  • Cisco, CallManager 3.3(4)ES25
  • Cisco, CallManager 3.3(5)
  • Cisco, CallManager 3.3(5)ES30
  • Cisco, CallManager 4.0
  • Cisco, CallManager 4.0(2A)ES40
  • Cisco, CallManager 4.0(2A)ES62
  • Cisco, CallManager 4.0(2A)SR2b
  • Cisco, CallManager 4.1(2)ES33
  • Cisco, CallManager 4.1(2)ES55
  • Cisco, CallManager 4.1(3)ES07
  • Cisco, CallManager 4.1(3)ES32
  • Cisco, CallManager 4.1(3)SR1
  • Cisco, CallManager

Remedy:

Refer to Cisco Security Advisory cisco-sa-20060118-ccmpe for upgrade and workaround information. See References.

Consequences:

Denial of Service

References:

  • Cisco CallManager Web page, Introduction at http://www.cisco.com/en/US/products/sw/voicesw/ps556/.
  • cisco-sa-20060118-ccmdos, Cisco Security Advisory: Cisco Call Manager Denial of Service at http://www.cisco.com/warp/public/707/cisco-sa-20060118-ccmdos.shtml.
  • BID-16295: Cisco CallManager Multiple Remote Denial Of Service Vulnerabilities
  • CVE-2006-0368: Cisco CallManager 3.2 and earlier, 3.3 before 3.3(5)SR1, 4.0 before 4.0(2a)SR2c, and 4.1 before 4.1(3)SR2 allow remote attackers to (1) cause a denial of service (CPU and memory consumption) via a large number of open TCP connections to port 2000 and (2) cause a denial of service (fill the Windows Service Manager communication queue) via a large number of TCP connections to port 2001, 2002, or 7727.
  • OSVDB ID: 22622: Cisco CallManager Port 2000 Connection Saturation Resource Consumption DoS
  • OSVDB ID: 22623: Cisco CallManager Connection Saturation Window Message Queue Exhaustion DoS
  • SA18494: Cisco CallManager Connection Handling Denial of Service
  • SECTRACK ID: 1015503: Cisco CallManager TCP Connection Management Handling Lets Remote Users Deny Service
  • VUPEN/ADV-2006-0249: Cisco CallManager Connections Handling Denial of Service Vulnerabilities

Reported:

Jan 18, 2006

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page