April 3rd, 2002, 07:04 PM
Cisco admits hole could let hackers in
This appears to be kind of old. About 5 days or so.
Cisco has warned that a vulnerability in one
of its telephony products could let hackers launch denial of service attacks.
How about IT managers inviting hackers through their firewalls?
The Cisco CallManager product contains a vulnerability which can lead it to crash and reload in the event of a memory leak in the CTI Framework authentication, according to a report on the company's website.
The vulnerability can be exploited by a malicious hacker to initiate a denial of service attack.
Cisco said workarounds are available to fix the vulnerability, which affects versions 3.0 and 3.1 of the software.
From: Vulnerability Details
A memory leak in the Cisco CallManager has been attributed to the failure of a user to properly authenticate when using Computer Telephony Integration (CTI). This behavior is most commonly seen on CallManager systems immediately following the integration with a customer directory such as Active Directory (AD) or Netscape. The most common cause in this scenario is that the WebAttendant user, CTI Framework (CTIFW), has not been configured with a valid password in the customer directory. Please note that this problem will occur even on systems that do not utilize the WebAttendant since the Telephony Call Dispatch (TCD) service is always enabled by default. The CCMAdmin->Global Directory and "Add a New User" configuration pages stop working if CTIFW user is not configured or the CTI user's password is incorrect. Various other components such as RIS Data Collector may also fail to function properly.
April 8th, 2002, 07:40 PM
But Cisco never has any problems. Their products are the 'best'. How could such a nasty thing happen?
Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
- Samuel Johnson
April 10th, 2002, 05:14 PM
have you actually looked at the output of an sniffer outside and inside a netowrk protected by a pix and see a cisco remote connection appeared ? check it out ....
assembly.... digital dna ?
April 10th, 2002, 05:35 PM
link wont work
What models does this affect?
[gloworange]\"A hacker is someone who has a passion for technology, someone who is possessed by a desire to figure out how things work.\" [/gloworange]