Guest

Cisco Unity

Field Notice: Messages May Be Compromised in Cisco Unity 3.X and 4.X Using Unity Message Repository (UMR) Mode


April 12, 2004


Products Affected

  • Unity 3.X

  • Unity 4.X

Problem Description

If Unity goes into Unity Message Repository (UMR) mode, subscribers can listen to other subscriber's messages if the first few characters of their aliases match.

Background

The wildcards used in the string for searching for subscriber messages in the MTA is incorrect. That string is contructed using the alias of the subscriber along with some other formatting in order to find the text file portion of the MTA message. With an example Alias of "test", the search string is similar to this...

test*_*_*_*_*
The "*" are wildcards and that allows the user with the alias 
of "test" to have an MTA message iterator containg messages from other example users.
testA
testB
testIShouldNotHearThis

and so on

A simple change to the formatting of the search string should take care of this.

Problem Symptoms

The following behavior is seen on a Unity system for two users configured as "Tom" and "Tomg":

  1. "Tom" can hear voice mails in unityMta directory for "Tomg" and himself.

  2. "Tomg" could only hear his own.

Workaround/Solution

The following files can be used to prevent this behavior from occurring:

For More Information

If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:

Receive Email Notification For New Field Notices

Product Alert Tool - Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.