Cisco CUCM / CUPS Unspecified Cluster Services DoS

2007-07-11T18:07:39
ID OSVDB:36123
Type osvdb
Reporter OSVDB
Modified 2007-07-11T18:07:39

Description

Vulnerability Description

Cisco Unified Communications Manager and Unified Presence Server contain a flaw that may allow a remote denial of service. The issue is triggered by an unspecified flaw which allows an unauthorized user to start and stop arbitrary services, and will result in loss of availability for services.

Solution Description

Upgrade to CUCM version 5.1(2), or CUPS version 6.0(1) or higher, as they have been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Cisco Unified Communications Manager and Unified Presence Server contain a flaw that may allow a remote denial of service. The issue is triggered by an unspecified flaw which allows an unauthorized user to start and stop arbitrary services, and will result in loss of availability for services.

References:

Security Tracker: 1018368 Secunia Advisory ID:26039 Related OSVDB ID: 36124 Other Advisory URL: http://www.cisco.com/warp/public/707/cisco-sa-20070711-voip.shtml Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-07/0101.html Keyword: CSCsj09859 Keyword: CSCsj19985 Keyword: formerly CallManager ISS X-Force ID: 35341 FrSIRT Advisory: ADV-2007-2511 CVE-2007-3775 Bugtraq ID: 24867