[cisco-voip] CCM Security Warning
Brian Duncan
duncanw at otc.edu
Tue Jul 18 09:05:03 EDT 2006
This doesn't apply to us, but I just found out about the problem today and
thought I would pass it along.
(13) HIGH: Cisco Unified CallManager Remote Buffer Overflow
Affected:
Cisco Unified CallManager versions 5.0(1), 5.0(2), 5.0(3), 5.0(3a)
Details: Cisco Unified Call Manager, Cisco's VoIP (Voice over Internet
Protocol) call processor, is vulnerable to a remotely-exploitable buffer
overflow. By sending a SIP request with an overly-long "hostname"
attribute, an attacker could execute arbitrary code on the CallManager
device. Note that technical details for this vulnerability have been
publicly posted.
Status: Cisco confirmed, updates available.
Council Site Actions: Only one of the responding council sites is using
the affected software and they are still considering which action they
will take.
References:
Cisco Security Advisory
http://www.cisco.com/warp/public/707/cisco-sa-20060712-cucm.shtml
Cisco Unified CallManager Home Page
http://www.cisco.com/en/US/products/sw/voicesw/ps556/index.html
SecurityFocus BID
http://www.securityfocus.com/bid/18952
Brian Duncan
Coordinator of Telecommunications
Ozarks Technical Community College
1001 E. Chestnut Expressway
Springfield, MO 65802
417-447-7505
duncanw at otc.edu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://puck.nether.net/pipermail/cisco-voip/attachments/20060718/df75d862/attachment.html
More information about the cisco-voip
mailing list