Cisco wraps up against VoIP DoS bugs | The Register

Skip to content

Security:

News Tools

Reg Shops

Top Stories

Read more top stories

Related Whitepapers

Making Green IT a Reality
Customer Perspectives on the Impact of Storage Vendor Decisions on Power, Cooling, & Space in Enterprise Data Centers
The Botnet Threat
Targeting Your Busines
Enabling the Data Center Metamorphosis
From Fixed To Fluid
Search Engine Link Spam
Risks, Threats, Solution
The Perfect (Virtual) Marriage
Deduplication and VMware
Eliminating the Security Risk of Sending Confidential Information by Email
Email Encryption

The Register » Security » Enterprise Security »

Cisco wraps up against VoIP DoS bugs

You've been served

By John Leyden → More by this author

Published Thursday 29th March 2007 11:50 GMT

Cisco has updated its Unified CallManager and Presence Server software following the discovery of flaws that might be used to crash vulnerable systems.

CallManager versions 3.3, 4.1, 4.2 and 5.0, as well as Presence Server version 1.0, are affected by a number of security bugs. The vulnerabilities involve unspecified errors in the handling of large amounts of ICMP Echo packets and within IPSec Manager service, both of which might be used to launch denial of service attacks against vulnerable Cisco Unified CallManager and Presence Server software installations.

A separate bug means that CallManager software PBX systems might be taken down by port scanning.

Users are advised to update their software to guard against attack or to filter traffic as described in an advisory here. A summary from security notification firm Secunia can be found here. ®

Email Encryption report: Eliminating the Security Risk of Sending Confidential Information by Email

Track this type of story as a custom Atom/RSS feed or by email.

Related stories

Cisco VoIP bug poses eavesdropping risk (29 November 2007)
Crash bug blights Cisco IP phones (22 August 2007)
Cisco patches serious holes in voice-enabled offerings (8 August 2007)
Peer-to-peer networks co-opted for DOS attacks (30 May 2007)
Cisco wireless products suffer multiple vulns (13 April 2007)
Cisco goes for small, small business (4 April 2007)
Day dawns for Metasploit 3.0 (2 April 2007)
VoIP hacking exposed (3 August 2006)
Cisco details Black Hat vuln fix (1 August 2005)
Juniper and Avaya team up against Cisco (3 May 2005)
Cisco overhauls security line-up (16 February 2005)
Cisco patches VoIP vuln (25 January 2005)
Cisco adds scrambler to IP telephony (25 October 2004)
Cisco gets into video conferencing (19 February 2004)

Post to Slashdot

Add to del.icio.us

Previous Article

From small embedded OS to the world's most used open mobile OS

whitepaper title

Making Green IT a Reality

Customer Perspectives on the Impact of Storage Vendor Decisions on Power, Cooling, & Space in Enterprise Data Centers.

whitepaper title

The Botnet Threat

In this whitepaper you will learn about the danger that botnets pose to your business, and how they are evolving to elude traditional security defenses.

Whitepapers	Jobs
Creating Cross-Platform Visualization UIs with Qt and OpenGL Making mobility manageable Strategies for Deploying Blade Servers in Existing Data Centers [WP125] The Data Governance Maturity Model	PERL / SQL Perl Developer Perl / Sybase Developer - Tax and Regulatory Reporting Group - Investment Bank Senior Perl Programmer, Telecom ASP mod-Perl Developer

Top 20 stories • All The Week’s Headlines • Archive • Search