Cisco has released its first new security alert of the year: a warning that its Cisco Unified Communications Manager - formerly CallManager - contains a heap overflow vulnerability in the Certificate Trust List that could allow a hacker to cause a denial-of-service attack or execute arbitrary code. Cisco has made available a free software fix for affected customers, and a workaround is available in its security advisory.
These products are vulnerable:
* Cisco Unified CallManager 4.0
* Cisco Unified CallManager 4.1 Versions prior to 4.1(3)SR5c
* Cisco Unified Communications Manager 4.2 Versions prior to 4.2(3) SR3
* Cisco Unified Communications Manager 4.3 Versions prior to 4.3(1) SR1
Cisco says it is not aware of any public announcements or malicious use of the vulnerability, which was reported to Cisco from TippingPoint.
More from Cisco Subnet:
* Cisco souped up cable modem races at 1Gbps
* Another man pleads guilty to defrauding Cisco SMARTnet
* U.S. Supreme Court ruling stunning victory for Cisco and investors worldwide
* Insider view on finding stuff fast on cisco.com
* Win an iPod Touch; win a copy of 'Firewall Fundamentals' book
Go to Cisco Subnet for more Cisco news, blogs, discussion forums, security alerts, book giveaways, and more.
Network World's IT Buyer's Guide: Cisco products
Subscribe to Network World's Cisco Alert, which includes a weekly digest of all Cisco Subnet items
|
Does Verizon's Voyager stack up to the iPhone? |
|
|
5 IT skills that won't boost your salary 
[1,407]
Women 4 times more likely than men to cough up personal info [589]
Japan's 10 funniest tech-related commercials [Videos] [407]
Throwing away a promo CD is "unauthorized distribution"? [1,265]
Adults too quick to dismiss educational video games [682]
Attack of the iPhone clones [Slideshow] [578]
10 things IT needs to know about AJAX [1,258]
This Year's 25 Geekiest 25th Anniversaries [Slideshow] [409]
|
|
