[ news_security_news ]
Cisco Security Patches
John Stith
Staff Writer
2006-01-20
 Insider Reports RSS Feed
Cisco Systems cut loose two new security advisories and the appropriate patches for vulnerabilities in its CallManager software product. CallManager is Cisco's software-based IP telephony call-processing module of their Media Convergence Server.
There were two vulnerabilities involved. The first one reported would allow attackers using specially crafted URLs to gain administrative privileges. The limit on this flaw is that it can only be done to users who already have read-only administrative privileges.
The other issue is a bit nastier because it involves denial-of-service (DoS) attacks. Unpatched versions of the CallManager do not "manage TCP connections and Windows messages aggressively," according to Cisco's statement. This allows nasty users to attack specific ports, generating the DoS attacks.
According to the VirusList blog, the vulnerabilities weren't publicized before the patch releases and Cisco isn't aware of any vulnerabilities. Based on the way things went in 2005 though, it could come. IT folks need to be exceptionally vigilant for the coming year as the attacks come viciously.
Add to | DiggThis | Yahoo My Web
About the Author:
John is a staff writer for SecurityProNews covering cyber security.
More news_security_news Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
