29 March 2007, 14:32

Cisco patches holes in IP telephony software

Cisco has reported several vulnerabilities with its IP telephony products which could result in functionality failures. The components affected are Cisco Unified CallManager (CUCM), and Cisco Unified Presence Server (CUPS). Skinny Call Control Protocol (SCCP) processing services may be crashed by sending a series of specially-crafted packets; Secure SCCP (SCCPS) is also affected by this problem. The bug can be found in CUCM 3.x, 4.x, and 5.0; CUPS is not affected. However, both CUCM and CUPS systems can be caused to fail by a large number of PING packets. Only CUCM version 5.0 and CUPS 1.0 appear vulnerable.

In addition, a bug in IPSec Manager causes the service to crash when a specific UDP packet is sent to port 8500. This will impact call forwarding, but according to Cisco doesn't affect normal telephone operation. CUCM 5.0 and CUPS 1.0 are vulnerable. Updates have been made available for all these vulnerabilities. There is no workaround solution although it may help to filter system accesses.

Also on The H:

Share this article

Cisco patches holes in IP telephony software

Also on The H:

Microsoft's struggle against bugs

CSI:Internet - Open heart surgery

CSI:Internet - A trip into RAM

The H Update Check

Internet Toolkit

Monopoly madness

What's new in Linux 3.4

A Practical Internet of Things

Booting up: Tools and tips for systemd

Kernel Log: Coming in 3.4 (Part 3) - Graphics drivers

Control Centre: The systemd Linux init system

Kernel Log: Coming in 3.4 (Part 2) - Filesystems, storage and drivers

Kernel Log: Coming in 3.4 (Part 1) - Infrastructure

What's new in Linux 3.3

Building a GSM network with open source

CSI:Internet - Controlled from the beyond

Price Insight Top 10 powered by Skinflint

The H

The H open source

The H Security

The H Internet Toolkit