Memory Leak Vulnerability in Cisco Systems' CallManager 3.1

Reported March 27, 2002, by Cisco Systems.

VERSION AFFECTED

  • Cisco CallManager 3.1

DESCRIPTION
When a user logs on to his or her account through the IMail Server Web interface, the application uses a unique URL to maintain the session authentication. A vulnerability exists in Cisco Systems' CallManager 3.1 that can cause a memory leak in the computer telephony integration (CTI) framework authentication. This memory leak can cause the server to crash and reload. An attacker can exploit this vulnerability to create a Denial of Service (DoS) condition.


VENDOR RESPONSE

The vendor, Cisco Systems, has issued a notice about this vulnerability and recommends that users obtain an upgrade of the software through regular support channels.


CREDIT
Discovered by Cisco Systems.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish