绿盟科技NSFOCUS安全漏洞系统

安全研究

安全漏洞

Cisco IOS Network Address Translation功能多个远程拒绝服务漏洞

发布日期：2011-09-28
更新日期：2011-09-28

受影响系统：

Cisco IOS 15.x
Cisco IOS 12.x
Cisco IOS XE 3.x

不受影响系统：

Cisco IOS Cisco IOS 15.1(4)M2
Cisco IOS Cisco IOS 15.1(3)T2
Cisco IOS Cisco IOS 15.1(3)S
Cisco IOS Cisco IOS 15.1(2)T4
Cisco IOS Cisco IOS 15.1(2)S2
Cisco IOS Cisco IOS 15.1(2)EY
Cisco IOS Cisco IOS 15.1(1)T4
Cisco IOS Cisco IOS 15.0(1)S4
Cisco IOS Cisco IOS 15.0(1)M7
Cisco IOS Cisco IOS 12.4(25f)
Cisco IOS Cisco IOS 12.4(24)YE7
Cisco IOS Cisco IOS 12.4(24)T6
Cisco IOS Cisco IOS 12.4(24)MDB3
Cisco IOS Cisco IOS 12.4(24)MDA7
Cisco IOS Cisco IOS 12.4(24)MD6
Cisco IOS Cisco IOS 12.4(24)GC4
Cisco IOS Cisco IOS 12.4(22)YE6
Cisco IOS Cisco IOS 12.4(2)XB12
Cisco IOS Cisco IOS 12.4(15)T16
Cisco IOS Cisco IOS 12.3(8)JK1
Cisco IOS Cisco IOS 12.3(2)JK3
Cisco IOS Cisco IOS 12.2(55)SE2
Cisco IOS Cisco IOS 12.2(55)EX
Cisco IOS Cisco IOS 12.2(54)XO
Cisco IOS Cisco IOS 12.2(53)SG4
Cisco IOS Cisco IOS 12.2(52)EY1b
Cisco IOS Cisco IOS 12.2(52)EY
Cisco IOS Cisco IOS 12.2(50)SY
Cisco IOS Cisco IOS 12.2(50)SQ3
Cisco IOS Cisco IOS 12.2(33)SXI4a
Cisco IOS Cisco IOS 12.2(33)SXI2
Cisco IOS Cisco IOS 12.2(33)SXH8a
Cisco IOS Cisco IOS 12.2(33)SXH6
Cisco IOS Cisco IOS 12.2(33)SRE3
Cisco IOS Cisco IOS 12.2(33)SRD6
Cisco IOS Cisco IOS 12.2(33)SCE1
Cisco IOS Cisco IOS 12.2(33)SCD7
Cisco IOS Cisco IOS 12.2(33)SCD6
Cisco IOS Cisco IOS 12.2(33)SCC7
Cisco IOS Cisco IOS 12.2(33)SB10
Cisco IOS Cisco IOS 12.2(33)MRB5
Cisco IOS Cisco IOS 12.2(33)IRE3
Cisco IOS Cisco IOS 12.2(33)IRD1
Cisco IOS Cisco IOS 12.2(31)SB20
Cisco IOS Cisco IOS 12.2(30)S
Cisco IOS Cisco IOS 12.2(29b)SV1
Cisco IOS Cisco IOS 12.2(25)SEG4
Cisco IOS Cisco IOS 12.2(20)EW4
Cisco IOS Cisco IOS 12.2(18)SXF17b
Cisco IOS XE 3.2.0SG

描述：

BUGTRAQ  ID: 49822
CVE ID: CVE-2011-0946,CVE-2011-3276,CVE-2011-3277,CVE-2011-3278,CVE-2011-3279,CVE-2011-3280

Cisco的网际操作系统（IOS）是一个网际互连优化的复杂操作系统。数据流交互功能DLSw可以实现在IP网络上传输IBM SNA和网络BIOS流量。

Cisco IOS的Network Address Translation功能在实现上存在多个远程拒绝服务漏洞，远程攻击者可利用此漏洞造成重载受影响设备，拒绝服务合法用户。

Cisco IOS设备的网络地址翻译功能在处理下列协议时存在多个拒绝服务漏洞：
* 网络会议目录(轻目录访问协议, LDAP)
* 会话启动协议(多个漏洞)
* H.323

<*来源：Cisco

  链接：http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d59.shtml
*>

建议：

厂商补丁：

Cisco
-----
Cisco已经为此发布了一个安全公告（cisco-sa-20110928-nat）以及相应补丁:

cisco-sa-20110928-nat：Cisco IOS Software Network Address Translation Vulnerabilities

链接：http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d4d.shtml

浏览次数：2362
严重程度：0（网友投票）

关于我们: 公司介绍; 公司荣誉; 公司新闻

联系我们: 公司总部; 分支机构; 海外机构

快速链接: 绿盟云; 绿盟威胁情报中心NTI; 技术博客