---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Cisco Unified Communications Manager Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA38754 VERIFY ADVISORY: http://secunia.com/advisories/38754/ DESCRIPTION: Some vulnerabilities have been reported in Cisco Unified Communications Manager, which can be exploited by malicious people to cause a DoS (Denial of Service). 1) An error in the processing of SCCP packets can be exploited to disrupt voice services via a specially crafted SCCP message. 2) An additional error in the processing of SCCP packets can be exploited to disrupt voice services via a specially crafted SCCP message. 3) Two errors in the processing of SIP messages can be exploited to disrupt voice services via a specially crafted SIP message. 4) An error in the CTI Manager can be exploited to interrupt CTI applications via a specially crafted packet sent to TCP port 2748. Please see the vendor's advisory for details on affected versions. SOLUTION: Cisco Unified Communications Manager 4.x: Update to version 4.3(2)SR2. Cisco Unified Communications Manager 6.x: Update to version 6.1(5). Cisco Unified Communications Manager 7.x: Update to version 7.1(3b)SU2. PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Sipera VIPER Lab. 2-4) Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20100303-cucm.shtml OTHER REFERENCES: http://www.cisco.com/warp/public/707/cisco-amb-20100303-cucm.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------