Re: [cisco-ttl] Cisco Security Advisory: Cisco Security Advisory: Microsoft SQL Server 2000 Vulnerabilities in Cisco Products - MS02-061

From: Onur Temizsoylu (onurt@ulakbim.gov.tr)
Date: Sun Jan 26 2003 - 10:00:17 GMT

  • Next message: ekremoral : "[cisco-ttl] GRE ile olusturulan tunelde ic agdaki farkli router?"

            Cumartesi sabah 1434e filtre koyduk. Onun disinda bir olayimiz olmadi.
            
    On Sun, 26 Jan 2003 12:37:10 +0100
    "Ilker Temir" <itemir@cisco.com> wrote:

    > -----BEGIN PGP SIGNED MESSAGE-----
    > Hash: SHA1
    >
    > Cisco Security Advisory: Microsoft SQL Server 2000 Vulnerabilities in Cisco
    > Products - MS02-061
    >
    > Revision 1.0 INTERIM
    > ====================
    >
    > For Public Release 2003 January 26 05:30 GMT
    >
    > - --------------------------------------------------------------------------
    > ---
    >
    > Please provide your feedback on this document.
    >
    > - --------------------------------------------------------------------------
    > ---
    >
    > Contents
    > ========
    >
    > Summary
    > Affected Products
    > Details
    > Impact
    > Software Versions and Fixes
    > Obtaining Fixed Software
    > Workarounds
    > Exploitation and Public Announcements
    > Status of This Notice
    > Distribution
    > Revision History
    > Cisco Security Procedures
    >
    > - --------------------------------------------------------------------------
    > ---
    >
    > Summary
    > =======
    >
    > This advisory describes a vulnerability that affects Cisco products and
    > applications that are installed on Microsoft operating systems incorporating
    > the use of the Microsoft SQL Server 2000 and is based on the vulnerability
    > of
    > SQL Server 2000, not due to a defect of the Cisco product or application.
    >
    > A number of vulnerabilities that have been discovered that enable an
    > attacker
    > to execute arbitrary code or perform a denial of service against the server.
    > These vulnerabilities were discovered and publicly announced by Microsoft in
    > their Microsoft Security Bulletins MS02-039, MS02-056, and MS02-061.
    >
    > All Cisco products and applications that are using unpatched Microsoft SQL
    > Server 2000 are considered vulnerable.
    >
    > This advisory is available at
    > http://www.cisco.com/warp/public/707/cisco-sa-20030126-ms02-061.shtml.
    >
    > Affected Products
    > =================
    >
    > To determine if a product is vulnerable, review the list below. If the
    > software
    > versions or configuration information are provided, then only those
    > combinations are vulnerable.
    >
    > * Cisco CallManager 3.3(x)
    > * Cisco Unity 3.x, 4.x
    > * Cisco Intelligent Contact Management (ICM) 5.0
    > * Cisco E-Mail Manager (CeM)
    > * Cisco Building Broadband Service Manager 5.0, 5.1
    >
    > No other Cisco product is currently known to be affected by this
    > vulnerability.
    >
    > Details
    > =======
    >
    > Implementations of the Microsoft SQL Server 2000 are vulnerable to buffer
    > overflows and denial of service attacks. These vulnerabilities can be
    > exploited
    > to execute arbitrary code on a computer system or to disrupt normal
    > operation
    > of the server.
    >
    > The vulnerabilities have been described in more detail at
    > http://www.microsoft.com/technet/security/bulletin/MS02-039.asp
    > http://www.microsoft.com/technet/security/bulletin/MS02-056.asp
    > http://www.microsoft.com/technet/security/bulletin/MS02-061.asp
    >
    > Impact
    > ======
    >
    > According to Microsoft, the vulnerabilities range from an attacker gaining
    > additional privileges on a SQL server to gaining control over the SQL
    > Server.
    > Additionally the MS SQL "Sapphire" Worm is known to exploit this same
    > vulnerability which can result in degraded network performance as the worm
    > attempts to propagate.
    >
    > Software Versions and Fixes
    > ===========================
    >
    > Cisco CallManager
    >
    > Customers running version 3.3(x) should install Cisco's cumulative SQL
    > 2000
    > Hotfix, SQL2K-MS02-061.exe, from
    > http://www.cisco.com/tacpage/sw-center/telephony/crypto/voice-apps/.
    >
    > Cisco Unity
    >
    > Customers should install the Microsoft SQL 2000 Service Pack 2 (SP2) and
    > Security Rollup 1 (SRP1) "Q323875_SQL2000_SP2_en.EXE". Both are
    > available
    > on the Microsoft website at the following location:
    > http://support.microsoft.com/default.aspx?scid=kb;en-us;Q316333&sd=tech
    >
    > Cisco Intelligent Contact Management
    >
    > Customers should install the Microsoft SQL 2000 Service Pack 3 (SP3). It
    > is
    > available on the Microsoft website at the following location:
    > http://www.microsoft.com/sql/downloads/2000/sp3.asp
    >
    > Cisco E-Mail Manager
    >
    > Customers should install the Microsoft SQL 2000 Service Pack 3 (SP3). It
    > is
    > available on the Microsoft website at the following location:
    > http://www.microsoft.com/sql/downloads/2000/sp3.asp
    >
    > Cisco Building Broadband Service Manager
    >
    > This section will be updated within 24 hours with more details on patch
    > availability.
    >
    > Obtaining Fixed Software
    > ========================
    >
    > Where Cisco provides the operating system bundled with the product, Cisco is
    > offering free software upgrades to address these vulnerabilities for all
    > affected customers. Customers may only install and expect support for the
    > feature sets they have purchased.
    >
    > Customers with service contracts should contact their regular update
    > channels
    > to obtain any software release containing the feature sets they have
    > purchased.
    > For most customers with service contracts, this means that upgrades should
    > be
    > obtained through the Software Center on Cisco's Worldwide Web site at
    > http://www.cisco.com/tacpage/sw-center/.
    >
    > Customers whose Cisco products are provided or maintained through a prior or
    > existing agreement with third-party support organizations such as Cisco
    > Partners, authorized resellers, or service providers should contact that
    > support organization for assistance with obtaining the free software upgrade
    > (s).
    >
    > Customers who purchased directly from Cisco but who do not hold a Cisco
    > service
    > contract, and customers who purchase through third party vendors but are
    > unsuccessful at obtaining fixed software through their point of sale, should
    > obtain fixed software by contacting the Cisco Technical Assistance Center
    > (TAC)
    > using the contact information listed below. In these cases, customers are
    > entitled to obtain an upgrade to a later version of the same release or as
    > indicated by the applicable row in the Software Versions and Fixes table
    > (noted
    > above).
    >
    > Cisco TAC contacts are as follows:
    >
    > * +1 800 553 2447 (toll free from within North America)
    > * +1 408 526 7209 (toll call from anywhere in the world)
    > * e-mail: tac@cisco.com
    >
    > See http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml for
    > additional
    > TAC contact information, including special localized telephone numbers and
    > instructions and e-mail addresses for use in various languages.
    >
    > Please have your product serial number available and give the URL of this
    > notice as evidence of your entitlement to a free upgrade.
    >
    > Please do not contact either "psirt@cisco.com" or "security-alert@cisco.com"
    > for software upgrades.
    >
    > Workarounds
    > ===========
    >
    > Cisco has published a companion document at
    > http://www.cisco.com/warp/public/707/cisco-sn-20030125-worm.shtml
    > which provides network based workarounds to mitigate the effects of these
    > vulnerabilities. Cisco also recommends applying the software based fixes to
    > affected devices to completely resolve the vulnerability.
    >
    > Exploitation and Public Announcements
    > =====================================
    >
    > This issue is being exploited actively and has been discussed in numerous
    > public announcements and messages.
    >
    > Status of This Notice: Interim
    > ==============================
    >
    > This is a Interim advisory. Although Cisco cannot guarantee the accuracy of
    > all
    > statements in this notice, all of the facts have been checked to the best of
    > our ability. Cisco does not anticipate issuing updated versions of this
    > advisory unless there is some material change in the facts. Should there be
    > a
    > significant change in the facts, Cisco may update this advisory.
    >
    > Distribution
    > ============
    >
    > This notice will be posted on Cisco's Worldwide Web site at
    > http://www.cisco.com/warp/public/707/cisco-sa-20030126-ms02-061.shtml.
    > In addition to Worldwide Web posting, a text version of this notice is
    > clear-signed with the Cisco PSIRT PGP key and is posted to the following
    > e-mail and Usenet news recipients:
    >
    > * cust-security-announce@cisco.com
    > * bugtraq@securityfocus.com
    > * full-disclosure@lists.netsys.com
    > * first-teams@first.org (includes CERT/CC)
    > * cisco@spot.colorado.edu
    > * cisco-nsp@puck.nether.net
    > * comp.dcom.sys.cisco
    > * firewalls@lists.gnac.com
    > * Various internal Cisco mailing lists
    >
    > Future updates of this notice, if any, will be placed on Cisco's Worldwide
    > Web
    > server, but may or may not be actively announced on mailing lists or
    > newsgroups. Users concerned about this problem are encouraged to check the
    > URL
    > given above for any updates.
    >
    > Revision History
    > ================
    >
    > +-------------------------------------------------------------------------+
    > |Revision Number |1.0 |Initial Public Release |
    > +-------------------------------------------------------------------------+
    >
    > Cisco Product Security Procedures
    > =================================
    >
    > Complete information on reporting security vulnerabilities in Cisco
    > products,
    > obtaining assistance with security incidents, and registering to receive
    > security information from Cisco, is available on Cisco's Worldwide Web site
    > at
    > http://www.cisco.com/warp/public/707/sec_incident_response.shtml. This
    > includes
    > instructions for press inquiries regarding Cisco security notices. All Cisco
    > Security Advisories are available at http://www.cisco.com/go/psirt/.
    >
    > - --------------------------------------------------------------------------
    > ---
    >
    > This notice is Copyright 2003 by Cisco Systems, Inc. This notice may be
    > redistributed freely after the release date given at the top of the text,
    > provided that redistributed copies are complete and unmodified, and include
    > all
    > date and version information.
    >
    > - --------------------------------------------------------------------------
    > ---
    >
    > All contents are Copyright © 1992--2003 Cisco Systems, Inc. All rights
    > reserved. Important Notices and Privacy Statement.
    >
    > -----BEGIN PGP SIGNATURE-----
    > Version: PGP 6.5.2
    >
    > iQA/AwUBPjORvpPS/wbyNnWcEQLIoQCgzh3vE4au+eI7b6nHXJqguWi8T3kAn0er
    > N2aoe/tTKGEembZ7BhgoixkK
    > =UYzd
    > -----END PGP SIGNATURE-----
    >
    > _______________________________________________
    > cisco-nsp mailing list cisco-nsp@puck.nether.net
    > http://puck.nether.net/mailman/listinfo/cisco-nsp
    > archive at http://puck.nether.net/pipermail/cisco-nsp/
    >
    >
    > Bu listden çıkmak için cisco-ttl-unsubscribe@yahoogroups.com adresine bir e-posta göndermeniz yeterlidir.
    >
    >
    >
    > Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
    >
    >

    -----
                                                    Onur TEMIZSOYLU
                                                    TUBITAK ULAKBIM
                                                    

    Bu listden çıkmak için cisco-ttl-unsubscribe@yahoogroups.com adresine bir e-posta göndermeniz yeterlidir.

     

    Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/



    This archive was generated by hypermail 2.1.5 : Sun Jan 26 2003 - 14:03:35 GMT