● Asterisk X100P FXOHelicomm ZigBee PlatformHome WiFi NetworksIEEE 802.11New Taiwan Hwa Yao TekNexTone RentalRF Linx WLAN RadiosVoIP PSTN GatewayWi-FiWiMAXWirelessWireless securityWirelessGRID Bridgesz LinksZigbee / IEEE802.15.4

Router and VoIP bugs zapped by Cisco

Navigation: Main page

Author: WildC@rd

Flaws in Cisco software for routers and Internet telephony could be a conduit for attacks on enterprise networks, the company has warned. On Wednesday, it released two security alerts along with fixes for Cisco CallManager, which runs VoIP services. Two flaws exist in the software: one could allow an attacker to paralyse a Cisco IP telephony installation, the other could allow someone with read-only access to the system to gain full privileges, according to the alerts. VoIP technology allows companies to send voice traffic over the same infrastructure they use for data traffic such as email. The technology has been growing in popularity over the past few years, because it helps businesses save on phone costs and provides more flexibility to employees. The denial-of-service problem in CallManager exists because the software does not manage certain network connections well, leaving it vulnerable to attacks. According to the company's advisory: "This may then lead to phones not responding, phones unregistering from the Cisco CallManager, or Cisco CallManager restarting," according to the company's advisory. The second flaw only affects CallManager systems that have multilevel administration enabled. This bug could allow an administrative user with restricted, read-only access to gain full administrative privileges by using a special URL, Cisco said in an alert. Both flaws affect CallManager 3.2 and earlier, as well as certain versions of CallManager 3.3, 4.0 and 4.1. Cisco has fixes available. Cisco also patched a vulnerability in its Internetwork Operating System, which runs the routers and switches that make up much of the plumbing of corporate networks and the Internet. A feature called the Stack Group Bidding Protocol in certain versions of IOS is vulnerable to a remotely exploitable denial of service condition, according to a company advisory. An attacker could exploit the security hole by crafting a special network packet and sending that to a vulnerable Cisco system. Cisco said: "Sending such a packet to port 9900 of an affected device will cause it to freeze and stop responding to, or passing traffic." After a delay, the device will reset, the company said. Devices that do not support or have not enabled the SGBP protocol are not affected by this vulnerability. None of the vulnerabilities were disclosed before the advisories and Cisco said it is not aware of any malicious use of the flaws.
Alpha Telecom

Intel puts Nokia's HSDPA inside
Intel's next-generation laptop will have an integrated 3G chip from Nokia and improved graphics supp...

Wanadoo's VoIP service falls over
Wanadoo, which claims to be the UK's largest VoIP outfit with more than 80,000 users, has apologised...

SOYO G668 VoIP Telephone
The Soyo-G668 IP phone is an advanced IP device, allowing its users to experience superb voice commu...