SecureTest has reported a vulnerability in Cisco IOS, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an error within the processing of control protocol messages and can be exploited to reload a vulnerable network device via a specially crafted control protocol message sent to the SCCP (Skinny Call Control Protocol) service.
The vulnerability affects the 12.1YD, 12.2T, 12.3, and 12.3T release trains configured for Cisco IOS Telephony Service (ITS), Cisco CallManager Express (CME), or Survivable Remote Site Telephony (SRST).
OPERATING SYSTEM:
Cisco IOS R12.x
Cisco IOS 12.x
SOLUTION:
See the patch matrix in the vendor advisory for information about fixes.
http://www.cisco.com/warp/public/707/cisco-sa-20050119-itscme.shtml#software
PROVIDED AND/OR DISCOVERED BY:
SecureTest
ORIGINAL ADVISORY:
Cisco:
http://www.cisco.com/warp/public/707/cisco-sa-20050119-itscme.shtml
VERIFY ADVISORY:
http://secunia.com/advisories/13913/
Secunia Security Advisories
http://community.securityteam.us/article.php/20050207100249732