Disaster recovery bug hangs up Cisco comms kit
Failover falls over
Posted in Data Networking, 7th April 2008 11:08 GMT
Free whitepaper – Deploying high-density zones in a low-density data center
There's trouble with the Disaster Recovery Framework (DRF) Master component in a number of unified communications products from Cisco.
The flaw, which the networking giant patched late last week, enables hackers to compromise vulnerable systems. Cisco Emergency Responder, Cisco Unified Communications Manager versions 5 and 6, and Cisco Unified Presence 6.x are affected.
Failure to properly authentic requests by the DRF component means miscreants might be able to execute arbitrary commands on affected systems. Denial of service attacks are also a possibility.
Cisco's advisory can be found here.
The network giant credits VoIPshield Systems with discovering the vulnerability. VoIPshield, which markets VoIP security application products, created a splash last week with claims that it had unearthed previously-undiscovered vulnerabilities and exploits associated with products from Cisco, Nortel, Avaya, and other leading vendors in the area.
It claims its knowledge of these bugs gives it the edge in protecting its clients' IP telephony systems from hacking attacks using a product called VoIPguard, which it describes as an intrusion prevention system for IP telephony systems. ®
Free whitepaper – Fundamental Principles of Air Conditioners for Information Technology

Analyst Keynote: The Register Agile Data Center Summit
Seven ways to lower storage costs
Dell PowerEdge M710 with Dell EqualLogic storage vs. HP ProLiant BL685c with HP StorageWorks EVA 4400
Analyst Keynote: The Register Agile Data Center Summit

OpenOffice.org pushes gamers' buttons with OOMouse
Windows 7 kills two thirds of active Vista initiatives
Big Iron, big data, big networks, big problems
HP scores SMB storage hat-trick