Cisco wraps up against VoIP DoS bugs

You've been served

Cisco has updated its Unified CallManager and Presence Server software following the discovery of flaws that might be used to crash vulnerable systems.

CallManager versions 3.3, 4.1, 4.2 and 5.0, as well as Presence Server version 1.0, are affected by a number of security bugs. The vulnerabilities involve unspecified errors in the handling of large amounts of ICMP Echo packets and within IPSec Manager service, both of which might be used to launch denial of service attacks against vulnerable Cisco Unified CallManager and Presence Server software installations.

A separate bug means that CallManager software PBX systems might be taken down by port scanning.

Users are advised to update their software to guard against attack or to filter traffic as described in an advisory here. A summary from security notification firm Secunia can be found here. ®

Sponsored: 10 ways wire data helps conquer IT complexity