Technical Alerts

ABS will periodically post Technical Alerts for our customers in this location. If you are having a technical difficulty or emergency, please contact us by calling 757.466.0004.

1. Cisco Security Advisory: Cisco Unified Communications Manager CTL Provider

Heap Overflow (18 Jan 2008)

Cisco Unified Communications Manager (CUCM), formerly CallManager, contains a heap overflow vulnerability in the Certificate Trust List (CTL) Provider service that could allow a remote, unauthenticated user to cause a Denial of Service (DoS) condition or execute arbitrary code. There is a workaround for this vulnerability.
Cisco has made free software available to address these vulnerabilities for affected customers.
Common Vulnerabilities and Exposures (CVE) identifier CVE-2008-0027 has been assigned to this vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080116-cucmctl.shtml

2. Malware Outbreak Report: "Storm Love" (17 Jan 2008)

On January 15th, IronPort analysis labs detected a Valentines Day-themed attack that the Storm attack network is launching in advance of February 14th. This campaign uses a blended attack that combines both Email Spamming and malicious HTTP landing pages.
Over the past year, the Storm malware has continued to mutate and proliferate. January marks the one-year anniversary since the initial release of Storm. Storm continues to use events within popular culture to social engineer users into viewing the email and subsequently opening the malicious HTTP link.
IronPort stopped this most recent Storm attack within minutes through the combination of several technologies:
IronPort Reputation Filters: IronPort uses its SenderBase Network to assign reputation scores to Internet IP addresses based on their likelihood to send spam or host malicious websites. The Email Reputation system blocks 80% of spam at the gateway – including Storm Spam.
The IronPort Web Reputation blocks protected networks from connecting to the Storm HTTP landing pages and the DVS scan engine will block the download of an infected executable. This Storm version may also contain a Phishing component – and despite not being currently active, the Phishing URLs have been preemptively blocked to ensure ongoing customer protection.
SenderBase is aware of the majority of Storm infected PCs and blocked these suspicious senders from sending Storm Spam proactively.
For more detailed information about Storm please see IronPort's 2008 Internet Security Trends:
- http://www.ironport.com/securitytrends/

3. CSCsg28075-Administrator does not have ability to remove licenses from CallManager.

License is removed on reboot, license does not appear in CM. (Sept 2007)

Symptom: A CallManager administrator cannot remove a license file once it has been loaded onto the server. License is removed when CM is reloaded or License services stopped and restarted.
Conditions: Any uploaded license file will persist even if the local host MAC address has changed (server upgrade or motherboard replacement)
Workaround: Customer must call into TAC to have them remove the license manually. The reason to Call Cisco is you must gain ROOT access to the CM box command line. If you gain command line access the following should get the issue resolved. Login into CM via SSH and open VI to past the license file and set the correct permissions.
- To open VI type: "vi filename.lic"
- Once in VI type : "i" to insert text
- Copy and paste the text of the license file you need into VI
- Type: "ESC"
- Type: ":wq"
- Next from root prompt, you need to change the owner and group permission of the file you just created.
  - chown tomcat filename.lic
  - chgrp tomcat filename.lic
- If needed use "rm filename.lic" to remove a file.
- At any time you can type "ls –ls" to view files and permissions.