January 18, 2006 3:01 PM PST
Cisco squashes VoIP, router bugs
On Wednesday, it released two security alerts along with fixes for Cisco CallManager, which runs Internet-based phone calling. Two flaws exist in the software: One could allow an attacker to paralyze a Cisco IP telephony installation, the other could allow someone with read-only access to the system to gain full privileges, according to the alerts.
VoIP technology allows companies to send voice traffic over the same infrastructure they use for data traffic, such as e-mail. The technology has been growing in popularity over the past few years, because it helps businesses save on phone costs and provides more flexibility to employees.
The denial-of-service problem in CallManager exists because the software does not manage certain network connections well, leaving it vulnerable to attacks. "This may then lead to phones not responding, phones unregistering from the Cisco CallManager, or Cisco CallManager restarting," according to the company's advisory.
The second flaw affects only CallManager systems that have multilevel administration enabled. This bug could allow an administrative user with restricted, read-only access to gain full administrative privileges by using a special URL, Cisco said in an alert.
Both flaws affect CallManager 3.2 and earlier, as well as certain versions of CallManager 3.3, 4.0 and 4.1. Cisco has fixes available.
Cisco also patched a vulnerability in its Internetwork Operating System, which runs the routers and switches that make up much of the plumbing of corporate networks and the Internet. A feature called the Stack Group Bidding Protocol in certain versions of IOS is vulnerable to a remotely-exploitable denial of service condition, according to a company advisory.
An attacker could exploit the security hole by crafting a special network packet and sending that to a vulnerable Cisco system.
"Sending such a packet to port 9900 of an affected device will cause it to freeze and stop responding to, or passing traffic," Cisco said. After a delay, the device will reset, the company said. Devices that do not support or have not enabled the SGBP protocol are not affected by this vulnerability.
None of the vulnerabilities were disclosed before the advisories, and Cisco said it is not aware of any malicious use of the flaws.