Cisco Various Products Compressed DNS Messages Denial of Service

Apologies for responding to my own post, but Secunia
has released more details on this vulnerability alert,


A vulnerability has been reported in various Cisco products, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error in the DNS implementation during the decompression of compressed DNS messages and can be exploited via a specially crafted DNS packet containing invalid information in the compressed section.

Successful exploitation crashes a vulnerable device or causes it to function abnormally.

The vulnerability affects the following products:
* Cisco IP Phones 7902/7905/7912
* Cisco ATA (Analog Telephone Adaptor) 186/188
* Cisco Unity Express

The following Cisco ACNS (Application and Content Networking System) devices are also affected:
* Cisco 500 Series Content Engines
* Cisco 7300 Series Content Engines
* Cisco Content Routers 4400 series
* Cisco Content Distribution Manager 4600 series
* Cisco Content Engine Module for Cisco 2600, 2800, 3600, 3700, and 3800 series Integrated Service Routers.

See patch matrix in vendor advisory for information about fixes.

Provided and/or discovered by:
NISCC credits Dr. Steve Beaty.

Original Advisory:



- ferg