CVE-2011-0946

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

SecuriTeam™
Beyond Security®

SecuriTeam™ Home
Ask the Team
Mailing Lists
Advertising Info
Blogs

	SecuriTeam™ in Your Inbox

	E-mail this CVE-2011-0946 to a friend

New vulnerability?
New tool?
Tell us

Credit:
The original article can be found at: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0946

Website Security Scan	Code Vulnerability Test	Network Assessment Tool
Detect hidden vulnerabilities	Exhaustive automated testing	Real-time, continuous security
Get guidance from professionals	of internal or 3rd party code.	scanning for your entire network

Check for CVE-2011-0946

Vulnerability Assessment and Management.
Automated Pen Testing for 50 to 50,000 nodes
beyondsecurity.com/vulnerability-scanner

.Vulnerable Systems:
* Cisco IOS Software NetMeeting Directory NAT (LDAP on TCP port 389)

LDAP is a protocol for querying and modifying data of directory services implemented in IP networks. NAT for NetMeeting Directory, also known as the Internet Locator Service (ILS), translates LDAP packets on TCP port 389. The inspected port is not configurable.

This vulnerability is triggered by malformed transit LDAP traffic that needs to be processed by the NAT for NetMeeting Directory feature.

Vendor Status:
Cisco has issued an update to correct this vulnerability

Patch Availability:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20110928-nat

CVE Information:
CVE-2011-0946

Disclosure Timeline:
2012-Feb-17 Updated information in Ciso IOS Software table for Cisco IOS 12.2SXH.
2011-Oct-21 Corrected back-end information regarding CSCtd10712. No change made in the Security Advisory itself.
2011-Sep-30 Updated information in fixed Cisco IOS Software table for releases 12.2MRB, 12.2SXH, 12.2SXI, 12.2SXJ, and 12.2SY.
2011-Sep-28 Initial public release.

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus