[cisco-voip] Is the CCM CSA vulnerable to CSCsa85175?
Voll, Scott
Scott.Voll at wesd.org
Mon Jul 18 16:55:09 EDT 2005
I'm assuming the new one they just release takes care of that bug based
on date of release for both the CSA client and the bug.
Scott
-----Original Message-----
From: cisco-voip-bounces at puck.nether.net
[mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Mike Armstrong
Sent: Monday, July 18, 2005 1:44 PM
To: cisco-voip at puck.nether.net
Subject: [cisco-voip] Is the CCM CSA vulnerable to CSCsa85175?
Cisco recently announced
(http://www.cisco.com/warp/public/707/cisco-sa-20050713-csa.shtml), a
vulnerability in CSA 4.5 (Bug CSCsa85175). Does this apply to the
stand-alone agent CSA-4.5.573-2.0(1)? The Security Advisory said it was
"fixed with CSA hotfix version 4.5.0.573 or later..." which is
promising,
but that specific bug isn't listed in the CCM-version "Defects Fixed"
list
(http://www.cisco.com/cgi-bin/Software/Tablebuild/doftp.pl?ftpfile=cisco
/crypto/3DES/voice/cmva/CiscoCM-CSA-4.5.0.573-2.0.1-Readme.htm&app=Table
build&status=showC2A).
I assume we can't replace the specially-crafted CSA for CCM with any of
the
run-of-the-mill CSAs listed in the Security Advisory.
Mike Armstrong
UF/IFAS CREC
Lake Alfred, FL
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip
More information about the cisco-voip
mailing list