gstudios
April 3rd, 2002, 08:04 PM
This appears to be kind of old. About 5 days or so.
From Silicon.com (http://www.silicon.com/bin/bladerunner?30REQEVENT=&REQAU)
----
Cisco has warned that a vulnerability in one
of its telephony products could let hackers launch denial of service attacks.
How about IT managers inviting hackers through their firewalls?
The Cisco CallManager product contains a vulnerability which can lead it to crash and reload in the event of a memory leak in the CTI Framework authentication, according to a report on the company's website.
The vulnerability can be exploited by a malicious hacker to initiate a denial of service attack.
Cisco said workarounds are available to fix the vulnerability, which affects versions 3.0 and 3.1 of the software.
-----------------------------------------------
From: Vulnerability Details (www.cisco.com/warp/public/707/callmanager-ctifw-leak- pub.shtml)
A memory leak in the Cisco CallManager has been attributed to the failure of a user to properly authenticate when using Computer Telephony Integration (CTI). This behavior is most commonly seen on CallManager systems immediately following the integration with a customer directory such as Active Directory (AD) or Netscape. The most common cause in this scenario is that the WebAttendant user, CTI Framework (CTIFW), has not been configured with a valid password in the customer directory. Please note that this problem will occur even on systems that do not utilize the WebAttendant since the Telephony Call Dispatch (TCD) service is always enabled by default. The CCMAdmin->Global Directory and "Add a New User" configuration pages stop working if CTIFW user is not configured or the CTI user's password is incorrect. Various other components such as RIS Data Collector may also fail to function properly.
From Silicon.com (http://www.silicon.com/bin/bladerunner?30REQEVENT=&REQAU)
----
Cisco has warned that a vulnerability in one
of its telephony products could let hackers launch denial of service attacks.
How about IT managers inviting hackers through their firewalls?
The Cisco CallManager product contains a vulnerability which can lead it to crash and reload in the event of a memory leak in the CTI Framework authentication, according to a report on the company's website.
The vulnerability can be exploited by a malicious hacker to initiate a denial of service attack.
Cisco said workarounds are available to fix the vulnerability, which affects versions 3.0 and 3.1 of the software.
-----------------------------------------------
From: Vulnerability Details (www.cisco.com/warp/public/707/callmanager-ctifw-leak- pub.shtml)
A memory leak in the Cisco CallManager has been attributed to the failure of a user to properly authenticate when using Computer Telephony Integration (CTI). This behavior is most commonly seen on CallManager systems immediately following the integration with a customer directory such as Active Directory (AD) or Netscape. The most common cause in this scenario is that the WebAttendant user, CTI Framework (CTIFW), has not been configured with a valid password in the customer directory. Please note that this problem will occur even on systems that do not utilize the WebAttendant since the Telephony Call Dispatch (TCD) service is always enabled by default. The CCMAdmin->Global Directory and "Add a New User" configuration pages stop working if CTIFW user is not configured or the CTI user's password is incorrect. Various other components such as RIS Data Collector may also fail to function properly.