发布日期：2008-06-25
更新日期：2008-06-26

受影响系统：

Cisco Unified Communications Manager 6.x
Cisco Unified Communications Manager 5.x

不受影响系统：

Cisco Unified Communications Manager 6.1(2)
Cisco Unified Communications Manager 5.1(3c)

描述：

---

BUGTRAQ  ID: 29933
CVE(CAN) ID: CVE-2008-2061

Cisco Unified Communications Manager（CUCM，之前被称为CallManager）是Cisco IP电话解决方案中的呼叫处理组件。

CUCM的计算机电话集成（CTI）管理器服务在处理畸形输入时存在拒绝服务漏洞，远程攻击者可以通过向默认的TCP 2748监听端口发送恶意报文导致语音服务中断。

<*来源：VoIPshield
  
  链接：http://www.voipshield.com/component/option,com_fabrik/Itemid,203/task,viewTableRowDetails/fabrik,1/rowid,64/_cursor,49/_total,94/tableid,1/
        http://secunia.com/advisories/30848/
        http://www.cisco.com/warp/public/707/cisco-sa-20080625-cucm.shtml
*>

建议：

---

临时解决方法：

* 仅允许来自包含有运行启用了CTI应用的网络对TCP 2748端口的访问。

厂商补丁：

Cisco
-----
Cisco已经为此发布了一个安全公告（cisco-sa-20080625-cucm）以及相应补丁:
cisco-sa-20080625-cucm：Cisco Unified Communications Manager Denial of Service and Authentication Bypass Vulnerabilities
链接：http://www.cisco.com/warp/public/707/cisco-sa-20080625-cucm.shtml

补丁下载：
http://tools.cisco.com/support/downloads/go/ReleaseType.x?optPlat=null&isPlatform=Y&mdfid=280735907&sftType=Unified%20Communications%20Manager%20Updates&treeName=Voice%20and%20Unified%20Communications&modelName=Cisco%20Unified%20Communications%20Manager%20Version%205.1&mdfLevel=Software%20Version/Option&treeMdfId=278875240&modifmdfid=null&imname=null&hybrid=Y&imst=N
http://tools.cisco.com/support/downloads/go/PlatformList.x?sftType=Unified%20Communications%20Manager%20Updates&mdfid=281023410&treeName=Voice%20and%20Unified%20Communications&mdfLevel=Software%20Version/Option&url=null&modelName=Cisco%20Unified%20Communications%20Manager%20Version%206.1&isPlatform=N&treeMdfId=278875240&modifmdfid=null&imname=null&hybrid=Y&imst=N

浏览次数：2694
严重程度：0（网友投票）