All products and all releases that are running on top of Solaris OS are
vulnerable because the vulnerability is within Solaris and not within the other
The following products are affected:
Media Gateway Controller (MGC) and Related
Products running on Solaris 2.5.1 are vulnerable unless CSCOh008.pkg
release 1.0(8) has been installed. The product that is based on this version of
Solaris is Signaling Controller 2200 (SC2200).
Products running on Solaris 2.6 are vulnerable unless CSCOh007.pkg
release 1.0(7) has been installed. The products that are based on this version
of Solaris are:
- Cisco Virtual Switch Controller (VSC3000)
- Cisco PGW2200 Public Switched Telephone Network (PSTN) Gateway
- Cisco Billing and Management Server (BAMS)
- Cisco Voice Services Provisioning Tool (VSPT)
All releases of Cisco Secure Intrusion Detection System (IDS,
formerly Netranger) up to, but excluding, 3.0(5)Sx, where "5" is the Service
Pack and not the Signature Update field.
Other Cisco software applications may run on Solaris platforms and
where those products have not specifically been identified, customers should
install security patches regularly in accordance with their normal maintenance
We are investigating other Solaris-based products.
PGW2200 release 9.2(2) running on Solaris 2.8 is not affected. The
installation CD set contains the package CSCOh015, version 2.0.1, that includes
the patch for this issue.
No other Cisco products are currently known to be affected by these