Cisco Systems is providing free software to fix a variety of security holes that leave CallManager, ONS 15216 OADM and Security Agent open to denial-of-service attacks and malicious code execution.
Here's a summary of the advisories the San Jose, Calif.-based networking giant issued this week:
Multiple flaws in CallManager
Attackers could cause a denial of service, corrupt memory and launch malicious code by exploiting multiple security holes in Cisco CallManager [CCM], the software-based call-processing component of the Cisco IP telephony product. CallManager extends enterprise telephony features and functions to packet telephony network devices such as IP phones, media processing devices, Voice over IP (VoIP) gateways and multimedia applications, Cisco said.
- RISDC (Realtime Information Server Data Collection) sockets are not timed out aggressively enough, which can be exploited to cause "RisDC.exe" to consume large amounts of memory and ports.
- The CTI Manager [ctimgr.exe] may restart when using more than 1GB of memory. This can be exploited by continuously sending
Security Seven Awards
TechTarget's Information Security magazine, SearchSecurity.com and Information Security Decisions have created the Security Seven Awards to recognize the achievements of leading information security practitioners in seven vertical industries. Winners will be chosen from the financial services, telecommunications, manufacturing, energy, government, education and health care industries. To nominate an individual for the Security Seven Awards, please complete the form and return it to email@example.com by Aug. 1, 2005..
- An error within the handling of specially crafted packets can be exploited to cause CallManager to allocate 500MB of memory to the ccm.exe process. This can be exploited to exhaust memory and cause CallManager to restart when under a heavy load.
- A memory leak within the login handling for the Admin Service Tool when MLA [Multi Level Admin] is enabled [disabled by default] can be exploited to exhaust memory resources.
- A boundary error in the aupair service (aupair.exe) can be exploited by specially crafted packets to cause a buffer overflow.
DOS vulnerability in ONS 15216 OADM
Cisco said a vulnerability in its ONS 15216 OADM [Optical Add/Drop Multiplexer] occurs during processing of a specially crafted data stream sent to a Telnet session. Attackers could exploit it to cause a denial-of-service condition in the management plane, the company said. ONS15216 OADMs allow service providers to add and drop single to multiple wavelengths from their optical transport network, Cisco said. Cisco said only the ONS 15216 OADM running software release 2.2.2 and earlier is affected.
DOS flaw in Cisco Security Agent
And Cisco said attackers could cause a sustained denial of service by sending a crafted IP packet to a Windows workstation or server running Cisco Security Agent [CSA] 4.5, a network security software agent that provides threat protection for server and desktop computing systems.
"If a crafted IP packet with certain characteristics is sent to a Windows platform running CSA 4.5, Windows will halt with a blue screen and system crash," Cisco said. "When exploited, the affected machine will require a reboot to become operational again." The flaw affects Cisco CSA version 4.5 running on any Microsoft Windows platforms except Windows XP.