[cisco-voip] Cisco Vulnerability?
Miller, Steve
MillerS at DicksteinShapiro.COM
Fri May 30 08:06:18 EDT 2008
A colleague sent me this "heads up". Does anyone know about how real
this risk is?
"This is from the CERTStation Newswire - not sure if it applies to what
we have, passing along just in case.
Network appliance vendor Cisco has reported several vulnerabilities in
its Unified Presence and Unified Communications Manager products. The
bugs can be exploited for denial of service attacks. The Content
Switching Module also contains such vulnerability. When the module is
configured for layer 7 load balancing this allows TCP packets containing
certain unspecified flags to trigger memory leaks. As a consequence, the
system is paralyzed if the module is unable to make balancing decisions
because the servers behind it are overloaded. The flaw has been fixed in
software version 4.2.9. Administrators can find suggestions about how to
make their devices secure without software updates in Cisco's security
advisories. In addition, Cisco has made software updates available for
registered users. Administrators are advised to download and install the
updates at their earliest convenience".
Steve Miller
Telecom Engineer
Dickstein Shapiro LLP
1825 Eye Street NW | Washington, DC 20006
Tel (202) 420-3370| Fax (202) 330-5607
MillerS at dicksteinshapiro.com
--------------------------------------------------------
This e-mail message and any attached files are confidential
and are intended solely for the use of the addressee(s)
named above. This communication may contain material
protected by attorney-client, work product, or other
privileges. If you are not the intended recipient or person
responsible for delivering this confidential communication
to the intended recipient, you have received this
communication in error, and any review, use, dissemination,
forwarding, printing, copying, or other distribution of
this e-mail message and any attached files is strictly
prohibited. Dickstein Shapiro reserves the right to monitor
any communication that is created, received, or sent on its
network. If you have received this confidential
communication in error, please notify the sender
immediately by reply e-mail message and permanently delete
the original message.
To reply to our email administrator directly, send an email
to postmaster at dicksteinshapiro.com
Dickstein Shapiro LLP
http://www.DicksteinShapiro.com
==============================================================================
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20080530/4eb3765b/attachment.html>
More information about the cisco-voip
mailing list