- The 10 dumbest mistakes network managers make
- Six Windows 7 features admins will actually care about
- Why the iPhone can't be "killed"
- Nortel enterprise chief wants to bring back Bay
- More porn sneaks onto the iPhone
Cisco Wednesday released its first new security alert of the year: a warning that its Cisco Unified Communications Manager - formerly CallManager - contains a heap overflow vulnerability in the Certificate Trust List that could allow a hacker to cause a denial-of-service attack or execute arbitrary code.
Cisco has made available a free software fix for affected customers, and a workaround is available in its security advisory.
The products that are vulnerable are:
* Cisco Unified CallManager 4.0
* Cisco Unified CallManager 4.1 Versions prior to 4.1(3)SR5c
* Cisco Unified Communications Manager 4.2 Versions prior to 4.2(3) SR3
* Cisco Unified Communications Manager 4.3 Versions prior to 4.3(1) SR1
Cisco says it is not aware of any public announcements or malicious use of the vulnerability, which was reported to Cisco from TippingPoint.(Learn more about IP PBX products from our IP PBX Buyer's Guide.)
Comments (1)
Cisco warns of CallManager heap overflow vulnerabilityBy Cisco Subnet on January 16, 2008, 6:54 pmCisco has released its first new security alert of the year: a warning that its Cisco Unified Communications Manager - formerly CallManager - contains a heap overflow...
Reply | Read entire comment
View all comments