<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2900.3314" name=GENERATOR></HEAD>
<BODY>
<DIV><SPAN class=133290412-30052008><FONT face=Arial size=2>A colleague sent me
this "heads up". Does anyone know about how real this risk
is?</FONT></SPAN></DIV>
<DIV><SPAN class=133290412-30052008><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=133290412-30052008><FONT size=2><FONT face=Arial>"<SPAN
class=986333319-23052008><FONT size=2>This is from the CERTStation Newswire -
not sure if it applies to what we have, passing along just in
case.</FONT></SPAN></FONT>
<DIV><SPAN class=986333319-23052008><FONT size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=986333319-23052008>
<P><FONT face=Arial><FONT size=3>Network appliance vendor Cisco has reported
several vulnerabilities in its Unified Presence and Unified Communications
Manager products. The bugs can be exploited for denial of service attacks. The
Content Switching Module also contains such vulnerability. When the module is
configured for layer 7 load balancing this allows TCP packets containing certain
unspecified flags to trigger memory leaks. As a consequence, the system is
paralyzed if the module is unable to make balancing decisions because the
servers behind it are overloaded. The flaw has been fixed in software version
4.2.9. Administrators can find suggestions about how to make their devices
secure without software updates in Cisco's security advisories. In addition,
Cisco has made software updates available for registered users. Administrators
are advised to download and install the updates at their earliest
convenience<SPAN
class=133290412-30052008>".</SPAN></FONT></FONT></SPAN></FONT></SPAN></P></DIV></DIV><!-- Converted from text/rtf format -->
<P align=left><STRONG>Steve Miller</STRONG><BR>Telecom Engineer<BR>Dickstein
Shapiro LLP<BR>1825 Eye Street NW | Washington, DC 20006<BR>Tel (202) 420-3370|
Fax (202) 330-5607<BR><A
href="mailto:MillerS@dicksteinshapiro.com">MillerS@dicksteinshapiro.com</A><FONT
face=Arial> </FONT></P>
<DIV> </DIV>
<P><pre wrap>--------------------------------------------------------
This e-mail message and any attached files are confidential
and are intended solely for the use of the addressee(s)
named above. This communication may contain material
protected by attorney-client, work product, or other
privileges. If you are not the intended recipient or person
responsible for delivering this confidential communication
to the intended recipient, you have received this
communication in error, and any review, use, dissemination,
forwarding, printing, copying, or other distribution of
this e-mail message and any attached files is strictly
prohibited. Dickstein Shapiro reserves the right to monitor
any communication that is created, received, or sent on its
network. If you have received this confidential
communication in error, please notify the sender
immediately by reply e-mail message and permanently delete
the original message.
To reply to our email administrator directly, send an email
to postmaster@dicksteinshapiro.com
Dickstein Shapiro LLP
http://www.DicksteinShapiro.com
==============================================================================
</pre></P></BODY></HTML>