Cisco targets IP phone flaw

Software flaw causes the company's IP telephones to crash

Cisco Systems on Tuesday reacted to a warning from the U.K.'s National Infrastructure Security Co-ordination Centre (NISCC) that it had discovered a software flaw capable of causing the company's IP (Internet Protocol) telephones to crash.

The San Jose, California, company issued a patch for the DNS (domain name system) protocol vulnerability, as well as free software, to fix the problem. The NISCC, also on Tuesday, categorized the flaw, which makes IP phones vulnerable to DOS (denial of service) attacks, as a moderate risk that also affects other software.

In its warning, the NISCC said that under certain circumstances, it is possible to cause both DNS servers and DNS clients to terminate abnormally by sending malformed messages.

Cisco said it knew of no products performing DNS server functions, or DNS packet inspection, which the vulnerability affects. The company also said that the problem only seemed to concern DNS clients running on its IP phones and content-networking products. Cisco's list of affected products included Cisco IP Phones 7902/7905/7912, Cisco ATA (Analog Telephone Adaptor) 186/188, as well as several Cisco Unity Express and Cisco ACNS (Application and Content Networking System) devices.


Copyright © 2005 IDG Communications, Inc.