exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 2 of 2 RSS Feed

CVE-2008-0027

Status Candidate

Overview

Heap-based buffer overflow in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM) 4.2 before 4.2(3)SR3 and 4.3 before 4.3(1)SR1, and CallManager 4.0 and 4.1 before 4.1(3)SR5c, allows remote attackers to cause a denial of service or execute arbitrary code via a long request.

Related Files

TPTI-08-02.txt
Posted Jan 17, 2008
Authored by Cody Pierce | Site tippingpoint.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco CallManager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CTL Provider Service, CTLProvider.exe, which binds to TCP port 2444. The service operates over a SSL encrypted transport. Due to a logic flaw in the way data is received in a loop a heap allocation can be arbitrarily overflown resulting in the control of subsequent heap chunks. This can lead to arbitrary code execution. Version 4.1(3) is affected.

tags | advisory, remote, overflow, arbitrary, tcp, code execution
systems | cisco
advisories | CVE-2008-0027
SHA-256 | d1adddda0bed4abbd64d6b58766d7cbc90bbbd0ab44c72ddd31afb9f5483c8ee
Cisco Security Advisory 20080116-cucmctl
Posted Jan 17, 2008
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco Unified Communications Manager (CUCM), formerly CallManager, contains a heap overflow vulnerability in the Certificate Trust List (CTL) Provider service that could allow a remote, unauthenticated user to cause a denial of service (DoS) condition or execute arbitrary code. There is a workaround for this vulnerability.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | cisco
advisories | CVE-2008-0027
SHA-256 | 52f72ec33d9e80d1f5ccfe6b8f9bc28ae3aa05d9dabf8b942304ad24a75f4b86
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close