Denial of Service Vulnerability in Cisco CallManager
CVE-2005-2241

Currently unrated

Key Information:

Vendor: Cisco
Status: Call Manager
Vendor: CVE Published:; 12 July 2005

Summary

In Cisco CallManager versions 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 before 4.1(3)SR1, a vulnerability exists that results from inadequate timeout settings for Realtime Information Server Data Collection (RISDC) sockets. This misconfiguration can lead to a resource leak, enabling remote attackers to exploit the issue, causing denial of service by exhausting system memory and connection resources. The affected RisDC.exe operates inefficiently under attack, significantly impacting service availability.

References

http://www.cisco.com/warp/public/707/cisco-sa-20050712-cc...

vendor-advisoryx_refsource_CISCO

http://www.securityfocus.com/bid/14250

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Jul 12, 2005
Vulnerability Reserved
Jul 12, 2005