Is the CCM CSA vulnerable to CSCsa85175?
Web Server forum
Back To The Forum Home!Search!Private Messaging System
Visit your User Control Panel!Register your FREE username now!Visit Our Calendar!View the Member List!Faqs!Search our Forums!

Web Server Talk Web Server Talk > WebserverTalk Community > Voice Over IP > Voice over IP Cisco > Is the CCM CSA vulnerable to CSCsa85175?




  Last Thread   Next Thread Next
  Show Printable Version Email this Page Subscribe to this Thread      Post New Thread    Post A Reply      

    Is the CCM CSA vulnerable to CSCsa85175?  
Mike Armstrong


View Ip Address Report This Message To A Moderator Edit/Delete Message


 
07-18-05 10:45 PM

Cisco recently announced
(http://www.cisco.com/warp/public/70...50713-csa.shtml), a
vulnerability in CSA 4.5 (Bug CSCsa85175).  Does this apply to the
stand-alone agent CSA-4.5.573-2.0(1)?  The Security Advisory said it was
"fixed with CSA hotfix version 4.5.0.573 or later..." which is promising,
but that specific bug isn't listed in the CCM-version "Defects Fixed" list
(http://www.cisco.com/cgi-bin/Softwa...showC2A
).
I assume we can't replace the specially-crafted CSA for CCM with any of the
run-of-the-mill CSAs listed in the Security Advisory.

Mike Armstrong
UF/IFAS CREC
Lake Alfred, FL




[ Post a follow-up to this message ]



    RE: Is the CCM CSA vulnerable to CSCsa85175?  
Voll, Scott


View Ip Address Report This Message To A Moderator Edit/Delete Message


 
07-18-05 10:45 PM

I'm assuming the new one they just release takes care of that bug based
on date of release for both the CSA client and the bug.

Scott

-----Original Message-----
From: cisco-voip-bounces@puck.nether.net
[mailto:cisco-voip-bounces@puck.nether.net] On Behalf Of Mike Armstrong
Sent: Monday, July 18, 2005 1:44 PM
To: cisco-voip@puck.nether.net
Subject: [cisco-voip] Is the CCM CSA vulnerable to CSCsa85175?

Cisco recently announced
(http://www.cisco.com/warp/public/70...50713-csa.shtml), a
vulnerability in CSA 4.5 (Bug CSCsa85175).  Does this apply to the
stand-alone agent CSA-4.5.573-2.0(1)?  The Security Advisory said it was

"fixed with CSA hotfix version 4.5.0.573 or later..." which is
promising,
but that specific bug isn't listed in the CCM-version "Defects Fixed"
list
(http://www.cisco.com/cgi-bin/Softwa...l?ftpfile=cisco
/crypto/3DES/voice/cmva/CiscoCM-CSA-4.5.0.573-2.0.1-Readme.htm&app=Table
build&status=showC2A).
I assume we can't replace the specially-crafted CSA for CCM with any of
the
run-of-the-mill CSAs listed in the Security Advisory.

Mike Armstrong
UF/IFAS CREC
Lake Alfred, FL

 ________________________________________
_______
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip




[ Post a follow-up to this message ]



    Sponsored Links  




 



   All times are GMT. The time now is 11:58 AM.      Post New Thread    Post A Reply      
  Last Thread   Next Thread Next


Most Popular forums 
Apache Server MySQL for Windows Sendmail
Red Hat Networking SuSe Linux Debian Linux
FreeBSD administration Sun Solaris administration Unix Shell programming
WebSphere Portal Server Exchange 2000 administration PostgreSQL administration
Linux Security Computer Security Firewalls

Forum Jump:
Rate This Thread:

Forum Rules:
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts 		HTML code is OFF
vB code is ON
Smilies are ON
[IMG] code is OFF
 
Medical and Health forum | Computer Games Reviews | Graphics design forum

Back To The Top
Home | Usercp | Faq | Register