funsec mailing list archives
Cisco Issues 3 Critical Vulnerability Advisories
From: "Fergie" <fergdawg () netzero net>
Date: Wed, 18 Jan 2006 17:19:31 GMT
Not picking on Cisco, but these are pretty important, especially the ones w.r.t. VoIP infrastructure: [snip] Cisco Call Manager Denial of Service Cisco CallManager (CCM) is the software-based call-processing component of the Cisco IP telephony solution which extends enterprise telephony features and functions to packet telephony network devices such as IP phones, media processing devices, voice-over-IP (VoIP) gateways, and multimedia applications. All Cisco CallManager versions are vulnerable to these Denial of Service (DoS) attacks, which may result in services being interrupted or servers rebooting. http://www.cisco.com/en/US/products/products_security_advisory09186a00805e8a55.shtml Cisco Call Manager Privilege Escalation Cisco CallManager (CCM) is the software-based call-processing component of the Cisco IP telephony solution which extends enterprise telephony features and functions to packet telephony network devices such as IP phones, media processing devices, voice-over-IP (VoIP) gateways, and multimedia applications. Cisco CallManager versions with Multi Level Administration (MLA) enabled may be vulnerable to privilege escalations, which may result in read-only users gaining administrative access. http://www.cisco.com/en/US/products/products_security_advisory09186a00805e8a5a.shtml IOS Stack Group Bidding Protocol Crafted Packet DoS The Cisco IOS Stack Group Bidding Protocol (SGBP) feature in certain versions of Cisco IOS software is vulnerable to a remotely-exploitable denial of service condition. Devices that do not support or have not enabled the SGBP protocol are not affected by this vulnerability. http://www.cisco.com/en/US/products/products_security_advisory09186a00805e8a63.shtml [snip] Also, I have noticed lately that there has been an escalaton of VoIP security issues -- anyone else? - ferg -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg () netzero net or fergdawg () sbcglobal net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Cisco Issues 3 Critical Vulnerability Advisories Fergie (Jan 18)
- Re: Cisco Issues 3 Critical Vulnerability Advisories David Lodge (Jan 18)