Cisco Systems
Cisco has alerted users to problems with its Call Manager software

Cisco patches Call Manager VoIP flaws

Vulnerabilities could lead to DoS attack and extension of privileges

Iain Thomson

vnunet.com, 19 Jan 2006

Cisco Systems has issued two patches for problems with its Call Manager VoIP software.

The first flaw was picked up by a customer and could have allowed hackers to launch a denial of service attack against the user's systems. All versions of Call Manager are vulnerable to the attack.

Advertisement

"Vulnerable versions of Call Manager do not manage TCP connections and Windows messages aggressively, leaving some well-known, published ports vulnerable to DoS attacks," stated the Cisco advisory

"Call Manager does not time-out TCP connections to port 2000 aggressively enough, leading to a scenario where memory and CPU resources are consumed with enough open connections.

"In specific scenarios, Call Manager will leave the TCP connection open indefinitely until either the Call Manager service is restarted or the server is rebooted."

The second advisory covers a flaw that could allow a user with read-only access to gain full administrator privileges. This could be particularly serious if a hacker gained control of a computer and then used the flaw to obtain total access. 

Cisco has made patches available on its website and is urging users to fix the flaws as soon as possible.

  • Have your say
  • Send to a friend
  • Print
  • Digg
  • Reddit
  • Share

Tags:

Do you agree?

Have your say on this article

Further reading

Cisco warns of HTTP flaw

No fix available yet

Denial of service attack alert

Cisco warns of DoS flaw in IOS

Users advised to update immediately

Cisco under fire for VPN vulnerability

Groupname enumeration flaw disclosed today

Related whitepapers

Related jobs

Most watched

iPhone

Video Review: iPhone 3GS

We put Apple's latest iPhone through its paces

V3.co.uk weekly debrief, 5 Feb 2010

This week we cover the continuing controversy surrounding the Orange T-Mobile deal

More video

Analysis and Reports

Using managed services to protect mobile data users from the latest security threats

Counting the cost of data security: the benefits of secured mobile services

Shifting Disaster Recovery targets with SharePoint and SQL server configurations

Using a hostbased recovery system for mission-critical systems

Poll

Adobe Flash poll

Adobe Flash poll

Do you agree with Steve Jobs about Flash being buggy?

View poll results

Advertisement

White paper library

Keep up to date with the latest products, services and technologies from the world's leading IT companies; IThound.com brings you over 6,000 white papers, case studies and analyst reports.

Advertisement

Newsletter signup

Sign up for our range of FREE newsletters:

  • More available - 'submit' to view

Existing User

Newsletter user login:

Enter email address to edit your newsletter preferences

Job of the week

More IT jobs

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Hiring now on ComputingCareers:

Related IT jobs

More IT jobs

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Advertisement

Spotlight

Windows 7

Microsoft denies Windows 7 battery problems

Replacement warning functioning normally, claims software giant

Safer Internet Day

Safer Internet Day highlights online threats

Annual initiative warns of phishing, ID theft and social network...

AMD Fusion

AMD details Fusion innovations at ISSCC

Forthcoming chip with four CPU and one GPU cores will...

MSI Wind U135

Review: MSI Wind U135 netbook

A decent netbook incorporating the latest Intel technology in a...

Primary Navigation