Cisco Session Border Controller 3.0(1)
Cisco会话边界控制器远程拒绝服务漏洞
SEBUG-ID:4872
SEBUG-Appdir:Cisco
Published:2009-03-05
Vulnerable:
Discription:
BUGTRAQ ID: 33975 CVE(CAN) ID: CVE-2009-0619 会话边界控制器(SBC)是位于网络边界的多媒体设备,控制到该网络的呼叫准入。 Cisco SBC中存在漏洞,未经认证的攻击者可以通过在2000端口上发送特制的TCP报文导致Cisco SBC卡重载。反复攻击可导致持续的拒绝服务情况。
SEBUG Solution:
临时解决方法:
* 在RP的信令/媒体VLAN配置ACL。以下示例显示如何将VLAN 140配置为信令/媒体VLAN。
Cisco SBC配置
interface vlan 140
ip address 10.140.1.90 255.255.255.0
alias 10.140.1.100 255.255.255.0
peer ip address 10.140.1.8 255.255.255.0
!
ft interface vlan 77
ip address 192.168.1.1 255.255.255.0
peer ip address 192.168.1. 255.255.255.0
RP配置
!- ACL blocking all TCP port 2000 traffic to the 10.140.1.0 internal network
!
access-list 100 deny tcp any host 10.140.1.100 eq 2000
access-list 100 permit ip any any
!
interface Vlan140
ip address 10.140.1.1 255.255.255.0
!- ACL is applied to the VLAN interface to egress traffic
ip access-group 100 out
!
厂商补丁:
Cisco
-----
Cisco已经为此发布了一个安全公告(cisco-sa-20090304-sbc)以及相应补丁:
cisco-sa-20090304-sbc:Cisco 7600 Series Router Session Border Controller Denial of Service Vulnerability
链接:http://www.cisco.com/warp/public/707/cisco-sa-20090304-sbc.shtml
补丁下载:
http://www.cisco.com/pcgi-bin/tablebuild.pl/sbc-7600-crypto
// sebug.net [2009-03-05]