Tech

Cisco posts workaround for Communications Manager DoS vulnerability

Cisco says it has now posted a workaround for a security vulnerability in Cisco Unified Communications Manager.The vulnerability could allow a remote, unauthenticated user to cause a denial of service (DoS) condition or execute arbitrary code.

Written by Russell Shaw, Contributor July 16, 2007 at 4:19 a.m. PT

Cisco says it has now posted a workaround for a security vulnerability in Cisco Unified Communications Manager.

The vulnerability could allow a remote, unauthenticated user to cause a denial of service (DoS) condition or execute arbitrary code.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070711-cucm.shtml.

We're talking here about an issue in which:

The Certificate Trust List (CTL) Provider service of CUCM contains a heap overflow vulnerability that could allow a remote, unauthenticated user to cause a DoS condition or execute arbitrary code. The CTL Provider service listens on TCP port 2444 by default, but the port is user-configurable.

This vulnerability is corrected in CUCM versions 4.1(3)SR5, 4.2(3)SR2, 4.3(1)SR1 and 5.1(2). CUCM 3.x versions are not affected by this vulnerability. This issue is documented in Cisco Bug ID CSCsi03042.

Fixes are posted for download near the bottom of this page.

Editorial standards

Show Comments

I did not expect this $170 Android tablet to be as impressive as it is

Best Buy Essentials TV antenna review | Best TV antenna

The best indoor TV antenna you can buy: Expert tested

Makita Impact XPS Mag Boost and a set of Wera Screw Grippers

Cisco posts workaround for Communications Manager DoS vulnerability

Related

I did not expect this $170 Android tablet to be as impressive as it is

The best indoor TV antenna you can buy: Expert tested

My 2 must-have tools to make DIY projects a lot less frustrating (and they're cheap)