Voice over IP Cisco - Is the CCM CSA vulnerable to CSCsa85175?

Author

Is the CCM CSA vulnerable to CSCsa85175?

Mike Armstrong

2005-07-18, 5:45 pm

Cisco recently announced
(http://www.cisco.com/warp/public/70...50713-csa.shtml), a
vulnerability in CSA 4.5 (Bug CSCsa85175). Does this apply to the
stand-alone agent CSA-4.5.573-2.0(1)? The Security Advisory said it was
"fixed with CSA hotfix version 4.5.0.573 or later..." which is promising,
but that specific bug isn't listed in the CCM-version "Defects Fixed" list
(http://www.cisco.com/cgi-bin/Softwa...&status=showC2A).
I assume we can't replace the specially-crafted CSA for CCM with any of the
run-of-the-mill CSAs listed in the Security Advisory.

Mike Armstrong
UF/IFAS CREC
Lake Alfred, FL

Voll, Scott

2005-07-18, 5:45 pm

I'm assuming the new one they just release takes care of that bug based
on date of release for both the CSA client and the bug.

Scott

-----Original Message-----
From: cisco-voip-bounces@puck.nether.net
[mailto:cisco-voip-bounces@puck.nether.net] On Behalf Of Mike Armstrong
Sent: Monday, July 18, 2005 1:44 PM
To: cisco-voip@puck.nether.net
Subject: [cisco-voip] Is the CCM CSA vulnerable to CSCsa85175?

Cisco recently announced
(http://www.cisco.com/warp/public/70...50713-csa.shtml), a
vulnerability in CSA 4.5 (Bug CSCsa85175). Does this apply to the
stand-alone agent CSA-4.5.573-2.0(1)? The Security Advisory said it was

"fixed with CSA hotfix version 4.5.0.573 or later..." which is
promising,
but that specific bug isn't listed in the CCM-version "Defects Fixed"
list
(http://www.cisco.com/cgi-bin/Softwa...l?ftpfile=cisco
/crypto/3DES/voice/cmva/CiscoCM-CSA-4.5.0.573-2.0.1-Readme.htm&app=Table
build&status=showC2A).
I assume we can't replace the specially-crafted CSA for CCM with any of
the
run-of-the-mill CSAs listed in the Security Advisory.

Mike Armstrong
UF/IFAS CREC
Lake Alfred, FL

________________________________________
_______
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip