SISCO OSI Stack Malformed Packet Remote Denial of Service Vulnerability

Bugtraq ID:	22095
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2006-6489
Remote:	Yes
Local:	No
Published:	Jan 17 2007 12:00AM
Updated:	Jan 18 2007 06:40PM
Credit:	Matthew D. Franz is credited with discovering this issue.
Vulnerable:	SISCO MMS-EASE 8.03 SISCO MMS-EASE 7.10 SISCO ISO Stack 3 SISCO ICCP Toolkit for MMS-EASE 5.03 SISCO ICCP Toolkit for MMS-EASE 4.10 SISCO AX-S4 MMS 5.02 SISCO AX-S4 MMS 5.01 SISCO AX-S4 ICCP 3.0155 SISCO AX-S4 ICCP 3.0103
Not Vulnerable:

SISCO OSI Stack Malformed Packet Remote Denial of Service Vulnerability

The SISCO OSI stack for Windows is prone to a remote denial-of-service vulnerability because the software fails to properly handle malformed network packets.

A valid connection is required for attackers to exploit this issue.

Exploiting this issue allows remote attackers to crash affected applications, denying further service to legitimate users.

The SISCO OSI stack for Windows product is used in these products:

MMS_EASE
ICCP Toolkit for MMS_EASE
AX-S4 MMS
AX-S4 ICCP

SISCO OSI Stack Malformed Packet Remote Denial of Service Vulnerability

An attacker may exploit this issue through readily available networking tools.

SISCO OSI Stack Malformed Packet Remote Denial of Service Vulnerability

Solution:
Reports indicate that the vendor released fixes to address this issue. Symantec has not confirmed this.

Please contact the vendor for more information.

SISCO OSI Stack Malformed Packet Remote Denial of Service Vulnerability

References:

• SISCO Homepage (SISCO)
  
• Vulnerability Note VU#145825 (CERT)