Secunia Security Advisory - Some vulnerabilities have been reported in Cisco Unified Communications Manager, which can be exploited by malicious people to cause a DoS (Denial of Service).
b22fc92e9fc9008a47b7c836d5044f71c15c35b509d2c6e208c3cc3d853f7df2
----------------------------------------------------------------------
Use WSUS to deploy 3rd party patches
Public BETA
http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/
----------------------------------------------------------------------
TITLE:
Cisco Unified Communications Manager Denial of Service
Vulnerabilities
SECUNIA ADVISORY ID:
SA38754
VERIFY ADVISORY:
http://secunia.com/advisories/38754/
DESCRIPTION:
Some vulnerabilities have been reported in Cisco Unified
Communications Manager, which can be exploited by malicious people to
cause a DoS (Denial of Service).
1) An error in the processing of SCCP packets can be exploited to
disrupt voice services via a specially crafted SCCP message.
2) An additional error in the processing of SCCP packets can be
exploited to disrupt voice services via a specially crafted SCCP
message.
3) Two errors in the processing of SIP messages can be exploited to
disrupt voice services via a specially crafted SIP message.
4) An error in the CTI Manager can be exploited to interrupt CTI
applications via a specially crafted packet sent to TCP port 2748.
Please see the vendor's advisory for details on affected versions.
SOLUTION:
Cisco Unified Communications Manager 4.x:
Update to version 4.3(2)SR2.
Cisco Unified Communications Manager 6.x:
Update to version 6.1(5).
Cisco Unified Communications Manager 7.x:
Update to version 7.1(3b)SU2.
PROVIDED AND/OR DISCOVERED BY:
1) The vendor credits Sipera VIPER Lab.
2-4) Reported by the vendor.
ORIGINAL ADVISORY:
http://www.cisco.com/warp/public/707/cisco-sa-20100303-cucm.shtml
OTHER REFERENCES:
http://www.cisco.com/warp/public/707/cisco-amb-20100303-cucm.shtml
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------