Cisco has updated its Unified CallManager and Presence Server software following the discovery of flaws that might be used to crash vulnerable systems.

CallManager versions 3.3, 4.1, 4.2 and 5.0, as well as Presence Server version 1.0, are affected by a number of security bugs. The vulnerabilities involve unspecified errors in the handling of large amounts of ICMP Echo packets and within IPSec Manager service, both of which might be used to launch denial of service attacks against vulnerable Cisco Unified CallManager and Presence Server software installations.

A separate bug means that CallManager software PBX systems might be taken down by port scanning.

Users are advised to update their software to guard against attack or to filter traffic as described in an advisory here. A summary from security notification firm Secunia can be found here. ®

Related stories

• Man faces $52k bill after voicemail breach (19 December 2008)
• Enterprise VoIP soars despite Meltdown (16 December 2008)
• Cisco VoIP bug poses eavesdropping risk (29 November 2007)
• Crash bug blights Cisco IP phones (22 August 2007)
• Cisco patches serious holes in voice-enabled offerings (8 August 2007)
• Peer-to-peer networks co-opted for DOS attacks (30 May 2007)
• Cisco wireless products suffer multiple vulns (13 April 2007)
• Cisco goes for small, small business (4 April 2007)
• Interview Day dawns for Metasploit 3.0 (2 April 2007)
• VoIP hacking exposed (3 August 2006)
• Cisco details Black Hat vuln fix (1 August 2005)
• Juniper and Avaya team up against Cisco (3 May 2005)
• RSA 2005 Cisco overhauls security line-up (16 February 2005)
• Cisco patches VoIP vuln (25 January 2005)
• Cisco adds scrambler to IP telephony (25 October 2004)
• Cisco gets into video conferencing (19 February 2004)