Technical Description

A vulnerability has been identified in Cisco Unified CallManager and Unified Communications Manager, which could be exploited by remote attackers to cause a denial of service or take complete control of an affected system. This issue is caused by a heap overflow error in the CTL (Certificate Trust List) Provider service "CTLProvider.exe" (port 2444/TCP) when processing user-supplied data, which could be exploited by remote unauthenticated attackers to crash a vulnerable application or execute arbitrary code.

Affected Products

Cisco Unified CallManager version 4.0
Cisco Unified CallManager versions prior to 4.1(3)SR5c
Cisco Unified Communications Manager versions prior to 4.2(3)SR3
Cisco Unified Communications Manager versions prior to 4.3(1)SR1

Solution

Cisco Unified CallManager 4.0 - Upgrade to version 4.1(3)SR6.

Cisco Unified CallManager 4.1 - Upgrade to version 4.1(3)SR6 :
http://www.cisco.com/pcgi-bin/tablebuild.pl/callmgr-41?psrtdcat20e2

Cisco Unified Communications Manager 4.2 - Upgrade to version 4.2(3)SR3 :
http://www.cisco.com/pcgi-bin/tablebuild.pl/callmgr-42?psrtdcat20e2

Cisco Unified Communications Manager 4.3 - Upgrade to version 4.3(1)SR1a :
http://www.cisco.com/pcgi-bin/tablebuild.pl/callmgr-43?psrtdcat20e2

References

http://www.vupen.com/english/advisories/2008/0171
http://www.cisco.com/warp/public/707/cisco-sa-20080116-cucmctl.shtml
http://dvlabs.tippingpoint.com/advisory/TPTI-08-02

Credits

Vulnerability reported by Cody Pierce (TippingPoint DVLabs).

ChangeLog

2008-01-17 : Initial release

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.