---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. The Full Featured Secunia Network Software Inspector (NSI) is now available: http://secunia.com/network_software_inspector/ The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications. ---------------------------------------------------------------------- TITLE: Cisco Unified Communications Manager and Presence Server Security Bypass SECUNIA ADVISORY ID: SA26039 VERIFY ADVISORY: http://secunia.com/advisories/26039/ CRITICAL: Less critical IMPACT: Security Bypass WHERE: >From remote SOFTWARE: Cisco Unified CallManager 5.x http://secunia.com/product/12535/ Cisco Unified Communications Manager 5.x http://secunia.com/product/11019/ Cisco Unified Presence Server 1.x http://secunia.com/product/12424/ DESCRIPTION: Two vulnerabilities have been reported in Cisco Unified Communications Manager (CUCM, formerly CallManager) and Cisco Unified Presence Server (CUPS), which can be exploited by malicious users to bypass certain security restrictions. The vulnerabilities are caused due to unspecified errors and can be exploited by an unauthorized administrator to e.g. activate and terminate system services or to view SNMP configuration information in a CUCM/CUPS cluster environment. The vulnerabilities affect the following versions: * Cisco Unified CallManager 5.0 and Communications Manager 5.1 versions up to and including 5.1(2) * Cisco Unified Presence Server versions 1.0 to 1.0(3) SOLUTION: Apply updates. CUCM 5.0/5.1: Update to CUCM 5.1(2a) - http://www.cisco.com/pcgi-bin/tablebuild.pl/callmgr-51?psrtdcat20e2 CUPS 1.0: Upgrade to CUPS 6.0(1) - http://www.cisco.com/pcgi-bin/tablebuild.pl/cups-60?psrtdcat20e2 Version 1.0 is reportedly discontinued. The vendor recommends users to upgrade to version 6. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20070711-voip.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------