certfr_avis - CERTA-2009-AVI-008

CERTA-2009-AVI-008

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité affecte les produits Cisco Global Site Selector et permet à une personne malintentionnée d'effectuer un déni de service à distance.

Description

Cisco Global Site Selector est un logiciel permettant le déploiement de contenu au travers de plusieurs site de stockage des données. Une vulnérabilité affectant les produits Cisco Global Site Selector permet à une personne malintentionnée d'effectuer un déni de service à distance via une séquence de requêtes DNS spécialement conçue.

Les Cisco Global Site Selector configurés avec le logiciel optionnel Cisco Network Registrar ne sont pas vulnérables.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	N/A	Cisco GSS 4491 Global Site Selector ;
Cisco	N/A	Cisco GSS 4492R Global Site Selector ;
Cisco	N/A	Toutes les versions de Cisco Global Site Selector antérieures à la version 3.1.
Cisco	N/A	Cisco GSS 4490 Global Site Selector ;
Cisco	N/A	Cisco GSS 4480 Global Site Selector ;

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco 20090107-gss du 07 janvier 2009

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cisco GSS 4491 Global Site Selector ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco GSS 4492R Global Site Selector ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Toutes les versions de Cisco Global Site Selector ant\u00e9rieures \u00e0 la version 3.1.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco GSS 4490 Global Site Selector ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco GSS 4480 Global Site Selector ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nCisco Global Site Selector est un logiciel permettant le d\u00e9ploiement de\ncontenu au travers de plusieurs site de stockage des donn\u00e9es. Une\nvuln\u00e9rabilit\u00e9 affectant les produits Cisco Global Site Selector permet \u00e0\nune personne malintentionn\u00e9e d\u0027effectuer un d\u00e9ni de service \u00e0 distance\nvia une s\u00e9quence de requ\u00eates DNS sp\u00e9cialement con\u00e7ue.\n\nLes Cisco Global Site Selector configur\u00e9s avec le logiciel optionnel\nCisco Network Registrar ne sont pas vuln\u00e9rables.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-3819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3819"
    }
  ],
  "links": [],
  "reference": "CERTA-2009-AVI-008",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-01-08T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 affecte les produits Cisco Global Site Selector et\npermet \u00e0 une personne malintentionn\u00e9e d\u0027effectuer un d\u00e9ni de service \u00e0\ndistance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Cisco Global Site Selector",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco 20090107-gss du 07 janvier 2009",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20090107-gss.shtml"
    }
  ]
}

CVE-2008-3819 (GCVE-0-2008-3819)

Vulnerability from cvelistv5 – Published: 2009-01-08 19:00 – Updated: 2024-08-07 09:52

Summary

dnsserver in Cisco Application Control Engine Global Site Selector (GSS) before 3.0(1) allows remote attackers to cause a denial of service (daemon crash) via a series of crafted DNS requests, aka Bug ID CSCsj70093.

Severity ?

No CVSS data available.

CWE

Assigner

cisco

References

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.securityfocus.com/bid/33152	vdb-entryx_refsource_BID
	http://securitytracker.com/id?1021530	vdb-entryx_refsource_SECTRACK
	http://www.cisco.com/en/US/products/products_secu…	vendor-advisoryx_refsource_CISCO

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T09:52:59.866Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "cisco-gss-dnsrequests-dos(47787)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47787"
          },
          {
            "name": "33152",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/33152"
          },
          {
            "name": "1021530",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1021530"
          },
          {
            "name": "20090107 Cisco Global Site Selector Appliances DNS Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a57481.shtml"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-01-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "dnsserver in Cisco Application Control Engine Global Site Selector (GSS) before 3.0(1) allows remote attackers to cause a denial of service (daemon crash) via a series of crafted DNS requests, aka Bug ID CSCsj70093."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-gss-dnsrequests-dos(47787)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47787"
        },
        {
          "name": "33152",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/33152"
        },
        {
          "name": "1021530",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1021530"
        },
        {
          "name": "20090107 Cisco Global Site Selector Appliances DNS Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a57481.shtml"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2008-3819",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "dnsserver in Cisco Application Control Engine Global Site Selector (GSS) before 3.0(1) allows remote attackers to cause a denial of service (daemon crash) via a series of crafted DNS requests, aka Bug ID CSCsj70093."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "cisco-gss-dnsrequests-dos(47787)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47787"
            },
            {
              "name": "33152",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/33152"
            },
            {
              "name": "1021530",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1021530"
            },
            {
              "name": "20090107 Cisco Global Site Selector Appliances DNS Vulnerability",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a57481.shtml"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2008-3819",
    "datePublished": "2009-01-08T19:00:00",
    "dateReserved": "2008-08-27T00:00:00",
    "dateUpdated": "2024-08-07T09:52:59.866Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CERTA-2009-AVI-008

Description

Solution

CVE-2008-3819 (GCVE-0-2008-3819)

Tags

Sightings

Nomenclature