Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0027

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-0027
Last Modified 07 Mar 2011 10:03:48
Published 16 Jan 2008 10:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-0027

Summary

Heap-based buffer overflow in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM) 4.2 before 4.2(3)SR3 and 4.3 before 4.3(1)SR1, and CallManager 4.0 and 4.1 before 4.1(3)SR5c, allows remote attackers to cause a denial of service or execute arbitrary code via a long request.

Vulnerable Systems

Application

  • Cisco Unified Callmanager 4.0

  • Cisco Unified Callmanager 4.1

  • Cisco Unified Callmanager 4.1%283%29sr4

  • Cisco Unified Callmanager 4.1%283%29sr5

  • Cisco Unified Callmanager 4.1%283%29sr5b

  • Cisco Unified Communications Manager 4.2

  • Cisco Unified Communications Manager 4.2.3sr2

  • Cisco Unified Communications Manager 4.2.3sr2b

  • Cisco Unified Communications Manager 4.3


References

CISCO - 20080116 Cisco Unified Communications Manager CTL Provider Heap Overflow

XF - cisco-cucm-ctl-bo(39704)

VUPEN - ADV-2008-0171

BID - 27313

BUGTRAQ - 20080116 TPTI-08-02: Cisco Call Manager CTLProvider Heap Overflow Vulnerability

MISC - http://dvlabs.tippingpoint.com/advisory/TPTI-08-02

SECTRACK - 1019223

SREASON - 3551

SECUNIA - 28530


Last Updated: 27 May 2016 10:46:38