Cisco IP telephony DNS bug
by Nikola Strahija on May 27th, 2005 Cisco is advising users of its IP telephony kit to update their software following the discovery of a flaw that might allow hackers to mount denial of service attacks.
It involves flaws in the processing of maliciously crafted DNS packets and also affects some of Cisco's content networking and secure router products.
Only Cisco products running DNS clients are vulnerable.
Cisco has made a series of free software upgrades available to address the vulnerability. The range of the vulnerability and the number of products affected a serious problem for Cisco, so users are advised to scope out remedial work.
More technical details (but not a list of affected vendors) can be found in a UK government UNIRAS alert.