Results 1 to 4 of 4

Thread: Cisco admits hole could let hackers in

  1. #1
    Senior Member
    Join Date
    Aug 2001

    Cisco admits hole could let hackers in

    This appears to be kind of old. About 5 days or so.

    From Silicon.com
    Cisco has warned that a vulnerability in one
    of its telephony products could let hackers launch denial of service attacks.

    How about IT managers inviting hackers through their firewalls?
    The Cisco CallManager product contains a vulnerability which can lead it to crash and reload in the event of a memory leak in the CTI Framework authentication, according to a report on the company's website.

    The vulnerability can be exploited by a malicious hacker to initiate a denial of service attack.

    Cisco said workarounds are available to fix the vulnerability, which affects versions 3.0 and 3.1 of the software.
    From: Vulnerability Details

    A memory leak in the Cisco CallManager has been attributed to the failure of a user to properly authenticate when using Computer Telephony Integration (CTI). This behavior is most commonly seen on CallManager systems immediately following the integration with a customer directory such as Active Directory (AD) or Netscape. The most common cause in this scenario is that the WebAttendant user, CTI Framework (CTIFW), has not been configured with a valid password in the customer directory. Please note that this problem will occur even on systems that do not utilize the WebAttendant since the Telephony Call Dispatch (TCD) service is always enabled by default. The CCMAdmin->Global Directory and "Add a New User" configuration pages stop working if CTIFW user is not configured or the CTI user's password is incorrect. Various other components such as RIS Data Collector may also fail to function properly.
    savIRC :: The Multi-Platform IRC Client v. 1.8 [Released 9.04.02]

  2. #2
    Priapistic Monk KorpDeath's Avatar
    Join Date
    Dec 2001
    But Cisco never has any problems. Their products are the 'best'. How could such a nasty thing happen?
    Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
    - Samuel Johnson

  3. #3
    Senior Member
    Join Date
    Dec 2001
    have you actually looked at the output of an sniffer outside and inside a netowrk protected by a pix and see a cisco remote connection appeared ? check it out ....
    assembly.... digital dna ?

  4. #4
    Senior Member
    Join Date
    Sep 2001
    link wont work

    What models does this affect?

    Try this

    [gloworange]\"A hacker is someone who has a passion for technology, someone who is possessed by a desire to figure out how things work.\" [/gloworange]

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts