[cisco-voip] Is the CCM CSA vulnerable to CSCsa85175?
Mike Armstrong
mfa at crec.ifas.ufl.edu
Mon Jul 18 16:43:49 EDT 2005
Cisco recently announced
(http://www.cisco.com/warp/public/707/cisco-sa-20050713-csa.shtml), a
vulnerability in CSA 4.5 (Bug CSCsa85175). Does this apply to the
stand-alone agent CSA-4.5.573-2.0(1)? The Security Advisory said it was
"fixed with CSA hotfix version 4.5.0.573 or later..." which is promising,
but that specific bug isn't listed in the CCM-version "Defects Fixed" list
(http://www.cisco.com/cgi-bin/Software/Tablebuild/doftp.pl?ftpfile=cisco/crypto/3DES/voice/cmva/CiscoCM-CSA-4.5.0.573-2.0.1-Readme.htm&app=Tablebuild&status=showC2A).
I assume we can't replace the specially-crafted CSA for CCM with any of the
run-of-the-mill CSAs listed in the Security Advisory.
Mike Armstrong
UF/IFAS CREC
Lake Alfred, FL
More information about the cisco-voip
mailing list