Advertisement
Promo

Security management Toolkit in association with http://ad.doubleclick.net/clk;214682528;14505427;f?http://uk.blackberry.com/ataglance/security/

Cisco flags Unified Comms flaw

Tom Espiner ZDNet.co.uk

Published: 17 Jan 2008 12:52 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Networking giant Cisco has warned of a flaw in its Unified Communications Manager software that could allow a remote, unauthenticated user to cause a denial of service condition or execute arbitrary code.

In a security advisory published on Wednesday, Cisco said its Unified Communications Manager (CUCM), formerly CallManager, contains a heap overflow vulnerability in its Certificate Trust List (CTL) provider service.

A CTL is used by Cisco Unified IP Phone devices to verify the identity of CUCM servers. The heap overflow vulnerability lies in Cisco's Certificate Trust List Provider service client, and its interaction with TCP port 2444, which the Certificate Trust List Provider service client listens to by default. The port can be modified by a user.

Cisco said it had released software updates and workarounds that address the vulnerability. Links to the updates are in the advisory.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?


In association with Network Liberation Movement

Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security management


Company/Topic Alerts

Create a new alert from the list below:






Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

INIFiles: Getting those legacy files i...

Handling INI files can be a little tricky these days when you have to consider new security restrictions, virtualized environment restrictions (App-V and Citrix) and legacy applications... More

Post a comment

Motorola Droid Drops Today: Happy Droi...

Motorola Droid Drops Today: Happy Droid Day America! Author: Eric Everson, Mobile Security Expert If you’re wondering what all of the buzz is about with words like Droid and Android... More

Post a comment

Mobile Security Profile: BlackBerry St...

Mobile Security Profile: BlackBerry Storm2 Author: Eric Everson BlackBerry handsets are a staple of office culture; from syncing calendars to sharing business-related data,... More

Post a comment

Featured Talkback

In association with Network Liberation Movement
It seems to me this is a burden being placed on the wrong shoulders. There is not an It system in the world that can stop an individual taking information in their heads and spewing out at the nearest undesirable third party.

By: RonaldWilkins

Read full story:
Deloitte: People are still weakest security link


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters