ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Prices
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


IT Jobs

Security management Toolkit

Cisco flags Unified Comms flaw

Tom Espiner ZDNet.co.uk

Published: 17 Jan 2008 12:52 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Networking giant Cisco has warned of a flaw in its Unified Communications Manager software that could allow a remote, unauthenticated user to cause a denial of service condition or execute arbitrary code.

In a security advisory published on Wednesday, Cisco said its Unified Communications Manager (CUCM), formerly CallManager, contains a heap overflow vulnerability in its Certificate Trust List (CTL) provider service.

A CTL is used by Cisco Unified IP Phone devices to verify the identity of CUCM servers. The heap overflow vulnerability lies in Cisco's Certificate Trust List Provider service client, and its interaction with TCP port 2444, which the Certificate Trust List Provider service client listens to by default. The port can be modified by a user.

Cisco said it had released software updates and workarounds that address the vulnerability. Links to the updates are in the advisory.

  • Email
  • Trackback
  • Clip Link
  • Print friendly Print with HP

Did you find this article useful?


Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security management



Company/Topic Alerts

Create a new alert from the list below:






Related Jobs

Senior Cisco Consultant, CCVP, IPCC,VOIP, Call Manager, London City

The right candidate will be able to deploy and implement the Unified Communications and associated voice technologies which will include CCM v4.0, ...

Cisco 2nd line IPT support - CIPT CCVP - Call Manager - Unity - URGENT

A fantastic opportunity to work within a specialist Unified Communications provider with a focus on the latest IPT technologies. Based in Berkshire ...

249098HD Service Delivery Manager Bishopsgate, London

QUALIFICATIONS - ITIL Foundation Certificate (appreciation, not mandatory) - Project Management appreciation (understand dynamics) KEY SKILLS, ...

Sentry Posts Blog

Mobile Linux Better For Mobile Busines...

Mobile Linux Better For Mobile Business Apps? Author: Eric Everson, MyMobiSafe.com As mobile Linux is carving it’s footprint on the future of mobile application development, the... More

Post a comment

DWP downplays security breach

The Department for Work and Pensions (DWP) has admitted that some of its staff have been forwarding passwords with password protected material. An email that was leaked on the 'Dizzy... More

Post a comment

How many headshots does one chairperso...

We got a strange request last week from the head of PR from Russian security experts Kaspersky. It seems although the company was very happy with the interview we recently carried with... More

Post a comment

Featured Talkback

It seems to me this is a burden being placed on the wrong shoulders. There is not an It system in the world that can stop an individual taking information in their heads and spewing out at the nearest undesirable third party.

By: RonaldWilkins

Read full story:
Deloitte: People are still weakest security link

DOWNLOAD

Security Essentials

Security Downloads

There are masses of security suites out there for small businesses. Here's a selection to get you started

Editor’s Rating
1 Norton 360™
2 AVG Anti-Virus Free Edition Rating: 10
3 PC Tools AntiVirus Free Edition
4 Kaspersky Internet Security

See All Software

In association with Symantec