CVE-2008-4609
https://notcve.org/view.php?id=CVE-2008-4609
The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress. La implementación del protocolo TCP en (1) Linux, (2) plataformas basadas en BSD Unix, (3) Microsoft Windows, (4) productos Cisco, y probablemente otros sistemas operativos, permite a atacantes remotos provocar una denegación de servicio (agotamiento de cola de conexión) a través de múltiples vectores que manipulan información en la tabla de estados del TCP, como lo demuestra sockstress. • http://blog.robertlee.name/2008/10/conjecture-speculation.html http://insecure.org/stf/tcp-dos-attack-explained.html http://lists.immunitysec.com/pipermail/dailydave/2008-October/005360.html http://marc.info/?l=bugtraq&m=125856010926699&w=2 http://searchsecurity.techtarget.com.au/articles/27154-TCP-is-fundamentally-borked http://www.cisco.com/en/US/products/products_security_advisory09186a0080af511d.shtml http://www.cisco.com/en/US/products/products_security_response09186a0080a15120.html http://www.cpni • CWE-16: Configuration •
CVE-2008-3800
https://notcve.org/view.php?id=CVE-2008-3800
Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsu38644, a different vulnerability than CVE-2008-3801 and CVE-2008-3802. Vulnerabilidad no especificada en la implementación de la Session Initiation Protocol en Cisco IOS v12.2 a la v12.4 y Unified Communications Manager v4.1 a la v6.1, cuando VoIP está configurada, permite a atacantes remotos provocar una denegación de servicio (reinicio de proceso o de dispositivo) a través de mensajes SIP válidos no especificados, también conocidos como "Cisco Bug ID CSCsu38644". Vulnerabilidad distinta de CVE-2008-3800 y CVE-2008-3802. • http://secunia.com/advisories/31990 http://secunia.com/advisories/32013 http://www.cisco.com/en/US/products/products_security_advisory09186a0080a01562.shtml http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0156a.shtml http://www.securityfocus.com/bid/31367 http://www.securitytracker.com/id?1020939 http://www.securitytracker.com/id?1020942 http://www.vupen.com/english/advisories/2008/2670 http://www.vupen.com/english/advisories/2008/2671 https://oval.cisecurity.org/re •
CVE-2008-3801
https://notcve.org/view.php?id=CVE-2008-3801
Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsm46064, a different vulnerability than CVE-2008-3800 and CVE-2008-3802. Vulnerabilidad no especificada en la implementación de la Session Initiation Protocol en Cisco IOS v12.2 a la v12.4 y Unified Communications Manager v4.1 a la v6.1, cuando VoIP está configurada, permite a atacantes remotos provocar una denegación de servicio (reinicio de proceso o de dispositivo) a través de mensajes SIP válidos no especificados. Vulnerabilidad distinta de CVE-2008-3800 y CVE-2008-3802. • http://secunia.com/advisories/31990 http://secunia.com/advisories/32013 http://www.cisco.com/en/US/products/products_security_advisory09186a0080a01562.shtml http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0156a.shtml http://www.securityfocus.com/bid/31367 http://www.securitytracker.com/id?1020939 http://www.securitytracker.com/id?1020942 http://www.vupen.com/english/advisories/2008/2670 http://www.vupen.com/english/advisories/2008/2671 https://oval.cisecurity.org/re •
CVE-2008-1150
https://notcve.org/view.php?id=CVE-2008-1150
The virtual private dial-up network (VPDN) component in Cisco IOS before 12.3 allows remote attackers to cause a denial of service (resource exhaustion) via a series of PPTP sessions, related to the persistence of interface descriptor block (IDB) data structures after process termination, aka bug ID CSCdv59309. La componente red privada virtual dial-up (VPDN) de Cisco IOS versiones anteriores a 12.3 permite a atacantes remotos provocar una denegación de servicio (agotamiento de recursos) a través de una serie de sesiones PPTP, en relación con la persistencia de las estructuras de datos de la interfaz de descriptor de bloque (BID) después de la terminación proceso, también conocido como bug CSCdv59309 ID. • http://secunia.com/advisories/29507 http://securitytracker.com/id?1019714 http://www.cisco.com/en/US/products/products_security_advisory09186a0080969862.shtml http://www.securityfocus.com/bid/28460 http://www.us-cert.gov/cas/techalerts/TA08-087B.html http://www.vupen.com/english/advisories/2008/1006/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41484 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5598 • CWE-399: Resource Management Errors •
CVE-2008-1151
https://notcve.org/view.php?id=CVE-2008-1151
Memory leak in the virtual private dial-up network (VPDN) component in Cisco IOS before 12.3 allows remote attackers to cause a denial of service (memory consumption) via a series of PPTP sessions, related to "dead memory" that remains allocated after process termination, aka bug ID CSCsj58566. Fugas de memoria en la componente de red privada virtual dial-up (VPDN) en Cisco IOS versiones anteriores a 12.3 permite a atacantes remotos provocar una denegación de servicio (consumo de memoria) a través de una serie de sesiones PPTP, en relación a "dead memory" que permanece asignado después de la finalización del proceso, también conocido como bug ID CSCsj58566. • http://secunia.com/advisories/29507 http://securitytracker.com/id?1019714 http://www.cisco.com/en/US/products/products_security_advisory09186a0080969862.shtml http://www.securityfocus.com/bid/28460 http://www.us-cert.gov/cas/techalerts/TA08-087B.html http://www.vupen.com/english/advisories/2008/1006/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41483 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5287 • CWE-399: Resource Management Errors •