17 Jan 2008 11:33
Networking giant Cisco has warned of a flaw in its Unified Communications Manager software that could allow a remote, unauthenticated user to cause a denial of service condition or execute arbitrary code.
In a security advisory published on Wednesday, Cisco said its Unified Communications Manager (CUCM), formerly CallManager, contains a heap overflow vulnerability in its Certificate Trust List (CTL) provider service.
A CTL is used by Cisco Unified IP Phone devices to verify the identity of CUCM servers. The heap overflow vulnerability lies in Cisco's Certificate Trust List Provider service client, and its interaction with TCP port 2444, which the Certificate Trust List Provider service client listens to by default. The port can be modified by a user.
Cisco said it had released software updates and workarounds that address the vulnerability. Links to the updates are in the advisory.
Story URL: http://news.zdnet.co.uk/security/0,1000000189,39292223,00.htmCopyright © 1995-2009 CBS Interactive Limited. All rights reserved
ZDNET is a registered service mark of CBS Interactive Limited. ZDNET Logo is a service mark of CBS Interactive Limited.