Cisco has reacted to a warning from the National Infrastructure Security Co-ordination Centre (NISCC) that there is a software flaw capable of causing the company's IP phones to crash.
The company issued a patch for the DNS protocol vulnerability, as well as free software, to fix the problem. The NISCC categorised the flaw, which makes IP phones vulnerable to DoS attacks, as a moderate risk that also affects other software.
In its warning, the British security organisation said that under certain circumstances, it could be possible for DNS servers and DNS clients to terminate abnormally by sending malformed messages.
Cisco said it knew of no products performing DNS server functions, or DNS packet inspection, which the vulnerability affects. The company also said that the problem only seemed to concern DNS clients running on its IP phones and content-networking products. Cisco's list of affected products included Cisco IP Phones 7902/7905/7912, Cisco ATA (Analog Telephone Adaptor) 186/188, as well as several Cisco Unity Express and Cisco ACNS (Application and Content Networking System) devices.