Name:
Cisco.Call.Manager.CTLProvider.Heap.Overflow
Released Date:
Feb 29 2008
Severity:
critical
CVE:
2008-0027
Bugtraq:
27313

FortiGuard Center > Vulnerability Encyclopedia


In-Depth Analysis

Description
This indicates an attempt to exploit a buffer overflow vulnerability in Cisco Unified Communications Manager and CallManager.

The vulnerability is caused by a heap-based buffer overflow in the Certificate Trust List (CTL) Provider service. It allows remote attackers to cause a denial of service or execute arbitrary code via an excessively long request.
 
Impact
System compromise: remote code execution.
Denial of service.
 
Affected Products
Unified CallManager 4.0 and 4.1 prior to 4.1(3)SR5c
Unified Communications Manager 4.2 prior to 4.2(3)SR3
Unified Communications Manager 4.3 prior to 4.3(1)SR1
Aliases
Cisco.Call.Manager.CTLProvider.Heap.Overflow
References
http://www.securityfocus.com/bid/27313
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-0027
http://dvlabs.tippingpoint.com/advisory/TPTI-08-02
http://www.cisco.com/warp/public/707/cisco-sa-20080116-cucmctl.shtml
Recommended Actions
Please refer to the following URL to address this issue:
http://www.cisco.com/en/US/products/products_security_advisory09186a0080932c61.shtml

 
 
SITE MAP  |  LEGAL NOTICES

      © 2003 FORTINET INC. ALL RIGHTS RESERVED