« Two new Asterisk security advisories…
Asterisk “hack” to show blocked Caller-ID points to larger trust issues with SIP »

Asking The Cisco Systems IPICS Expert: Questions 6-10

July 23rd, 2008 by shawnmer

“Hello? Is there anybody out there?”

So, it’s been a few business days since I posted “Asking the Cisco Systems’ IPICS Expert: Questions 1-5″ and while I haven’t heard anything back from the IPICS Expert either via email or comment on the blog post, it is somewhat amusing, and perhaps a bit disturbing, that a Google search for “IPICS Expert” leads back to VOIPSA…go figure.

Anyway, as with the previous post, this post continues focusing on Cisco Systems’ IPICS (IP Interoperability and Collaboration System) Server, the “heart” of the IPICS solution, with five more questions for the Cisco IPICS Expert:


Question 6: Early versions of the IPICS Server documentation refer to the operating system as Red Hat Linux, while a later version of documentation refer to the operating system as “Cisco Linux” and the latest version of documentation states “Linux” — Is the IPICS Server still based on Red Hat? If so, what version of Red Hat (enterprise, etc.)?

Cisco Answer


Question 7: Does the IPICS Server have any kind of file-integrity assurance program like, for example, Open Source Tripwire?

Cisco Answer

Question 8: Is the “Cisco Security Agent” provided at no cost for the IPICS Server, or is there an extra cost for this piece of software “protection?”

Cisco Answer

Question 9: The IPICS Server uses the IBM Informix database. According to documentation, IPICS Server 2.1(1) uses IBM Informix Dynamic Server Version 10.00.UC1. In 2008 several vulnerabilities were released concerning Informix, such as CVE-2008-0949, CVE-2008-0727, CVE-2008-0768 , CVE-2008-0369 , and CVE-2008-0368. If applicable to the IPICS Server 2.1(1) and earlier versions, have these vulnerabilities been addressed and patched in the IPICS Server? There seems to be nothing at the Cisco PSIRT site addressing these vulnerabilities. Am I missing something here?

Cisco Answer


Question 10: For IPICS Server 2.1(1), please provide a listing of all installed RPM packages, their version, and indication of known vulnerabilities in each RPM package.

Cisco Answer

As with my previous five (as yet unanswered) questions, I thank you and look forward to your answers.

Shawn Merdinger
Security Researcher

This entry was posted on Wednesday, July 23rd, 2008 at 12:27 am and is filed under VoIP Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “Asking The Cisco Systems IPICS Expert: Questions 6-10”

  1. Voice of VOIPSA » Blog Archive » Asking The Cisco Systems IPICS Expert: Questions 11-15 Says:
    August 2nd, 2008 at 8:29 pm

    [...] So, it’s been a couple of weeks now and I’ve still not heard any answers from the IPICS Expert on either of the two previous posts: Asking The Cisco Systems IPICS Expert: Questions 1-5 and Asking The Cisco Systems IPICS Expert: Questions 6-10. [...]

Leave a Reply