Cisco CallManager Call Telephony Integration Authentication DoS

2004-04-08T23:13:23
ID OSVDB:5277
Type osvdb
Reporter OSVDB
Modified 2004-04-08T23:13:23

Description

Vulnerability Description

Cisco CallManager contains a flaw that may allow a remote denial of service. The issue is triggered when a user fails to properly authenticate using Telephony Integration Authentication causing a memory leak within CallManager, and will result in loss of availability for the server.

Solution Description

Upgrade to version 3.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Cisco CallManager contains a flaw that may allow a remote denial of service. The issue is triggered when a user fails to properly authenticate using Telephony Integration Authentication causing a memory leak within CallManager, and will result in loss of availability for the server.

References:

Vendor Specific Advisory URL ISS X-Force ID: 8655 CVE-2002-0505 CERT VU: 495275 Bugtraq ID: 4370