发布日期：2011-09-28
更新日期：2011-09-28

受影响系统：

Cisco IOS 15.x
Cisco IOS 12.x
Cisco Unified Communications Manager 8.x
Cisco Unified Communications Manager 7.x

不受影响系统：

Cisco IOS Cisco IOS 15.1(4)M1
Cisco IOS Cisco IOS 15.1(3)T2
Cisco IOS Cisco IOS 15.1(2)T4
Cisco IOS Cisco IOS 15.0(1)M7
Cisco IOS Cisco IOS 12.4(9)XG3
Cisco IOS Cisco IOS 12.4(9)XG1
Cisco IOS Cisco IOS 12.4(6)MR1
Cisco IOS Cisco IOS 12.4(24)T6
Cisco IOS Cisco IOS 12.4(24)GC4
Cisco IOS Cisco IOS 12.4(15)XM3
Cisco IOS Cisco IOS 12.4(15)XM
Cisco IOS Cisco IOS 12.4(15)T16
Cisco IOS 15.1(4)XB5
Cisco Unified Communications Manager 8.5(1)SU2
Cisco Unified Communications Manager 7.1(5b)SU4

描述：

---

BUGTRAQ  ID: 49820
CVE ID: CVE-2011-2072

Cisco的网际操作系统（IOS）是一个网际互连优化的复杂操作系统。数据流交互功能DLSw可以实现在IP网络上传输IBM SNA和网络BIOS流量。Cisco Unified Communications Manager是Cisco IP Telephony的呼叫处理组件。

Cisco Unified Communications Manager在处理畸形SIP消息时在实现上存在内存泄露漏洞，远程攻击者可利用这些漏洞造成声音服务中断或造成受影响设备重载，拒绝服务合法用户。

此漏洞源于在处理畸形SIP消息时，Cisco Unified Communications Manager可泄露会话控制缓冲区。

<*来源：Cisco
  
  链接：http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d58.shtml
*>

建议：

---

厂商补丁：

Cisco
-----
Cisco已经为此发布了一个安全公告（cisco-sa-20110928-cucm）以及相应补丁:

cisco-sa-20110928-cucm：Cisco Unified Communications Manager Session Initiation Protocol Memory Leak Vulnerability

链接：http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d58.shtml

浏览次数：2362
严重程度：0（网友投票）