|
|
|
 |
Vulnerability Note VU#495275Cisco CallManager contains memory leakOverviewThe Cisco Call Manager contains a vulnerability that could permit an intruder to crash the Call Manager.I. DescriptionThe Cisco Call Manageris software to manage telephone calls in a mixed data and voice environment. Specifically the Cisco Call Manager "extends enterprise telephony features and functions to packet telephony network devices such as IP phones, media processing devices, voice-over-IP (VoIP) gateways, and multimedia applications.1" The software contains a vulnerability that allows could permit an intruder to consume memory until the system crashes. Quoting from Cisco's Security Advisory:The Cisco CallManager, running certain software releases, has a vulnerability wherein a memory leak in the CTI Framework authentication can cause the server to crash and result in a reload. This vulnerability can be exploited to initiate a denial of service (DoS) attack. It may be possible for the vulnerability to be triggered accidentally. For more information, see the vendor statement from Cisco below. II. ImpactAn intruder could interrupt the normal function of the Cisco Call Manager, causing it to crash and reload.III. SolutionUpgrade to a more recent version of Cisco Call Manager, as described in http://www.cisco.com/warp/public/707/callmanager-ctifw-leak-pub.shtml.
References
Thanks to Cisco Systems Product Security Incident Response Team for reporting this vulnerability. This document was written by Shawn V Hernan, based on information provided by Cisco Systems.
If you have feedback, comments, or additional information about this vulnerability, please send us
email. |
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
Get Adobe Reader