Tuesday, July 12, 2005

Cisco CallManager Memory Handling Vulnerabilities

Via the Cisco website.

Cisco CallManager (CCM) is the software-based call-processing component of the Cisco IP telephony solution which extends enterprise telephony features and functions to packet telephony network devices such as IP phones, media processing devices, voice-over-IP (VoIP) gateways, and multimedia applications. Cisco CallManager 3.3 and earlier, 4.0, and 4.1 are vulnerable to Denial of Service (DoS) attacks, memory leaks, and memory corruption which may result in services being interrupted, servers rebooting, or arbitrary code being executed.

Cisco has made free software available to address these vulnerabilities.

Vulnerable Products

  • Cisco CallManager 3.2 and earlier
  • Cisco CallManager 3.3, versions earlier than 3.3(5)
  • Cisco CallManager 4.0, versions earlier than 4.0(2a)SR2b
  • Cisco CallManager 4.1, versions earlier than 4.1(3)SR1

Products Confirmed Not Vulnerable

No other Cisco products are currently known to be affected by these vulnerabilities.



0 Comments:

Post a Comment

<< Home