Ciscohas issued two security alerts
for itsunified communicationsproducts - the
third unified communications-related alert of this
year.
One of the alerts issued this month concern flaws in
Cisco's Unified IP Phone models, specifically related to the
company's Skinny Call Control Protocol (SCCP, or "Skinny") and
Session Initiation Protocol (Sip), while the other relates to an
SQL Injection attack that could affect Cisco's Unified
Communications Manager - formerly CallManager.
According to Cisco, a number of its IP phones contain multiple
overflow and denial-of-service vulnerabilities. Certain phones
running SCCP and/or Sip firmware are vulnerable (see the list at
the Cisco advisory). SCCP- and Sip-based phones contain a buffer
overflow vulnerability in the handling of DNS responses. A
specially-crafted DNS response may be able to trigger a buffer
overflow and execute arbitrary code on a vulnerable phone, says
Cisco. The hole is fixed in SCCP firmware version 8.0(8) and Sip
firmware version 8.8(0).
There are also three vulnerabilities affecting Cisco's Sip
devices: a Sip Multipurpose Internet Mail Extensions (MIME)
boundary overflow a Telnet Server overflow, and a Sip Proxy
Response overflow.
The company also warned that its Unified Communications Manager
is vulnerable to an SQL Injection attack in the parameter key of
the admin and user interface pages.
A successful attack could allow an authenticated attacker to
access information such as usernames and password hashes that are
stored in the database, according to this Cisco advisory. Cisco has
released free software updates that address this vulnerability.
In January, Cisco warned that its Cisco Unified Communications
Manager contains a heap overflow vulnerability in the Certificate
Trust List that could allow a hacker to cause a denial-of-service
attack or execute arbitrary code.