Intrusion Prevention

Cisco.CallManager.CTLProvider.Heap.Overflow

Description

This indicates an attempt to exploit a buffer overflow vulnerability in Cisco Unified Communications Manager and CallManager.
The vulnerability is caused by a heap-based buffer overflow in the Certificate Trust List (CTL) Provider service. It allows remote attackers to cause a denial of service or execute arbitrary code via an excessively long request.

Affected Products

Unified CallManager 4.0 and 4.1 prior to 4.1(3)SR5c
Unified Communications Manager 4.2 prior to 4.2(3)SR3
Unified Communications Manager 4.3 prior to 4.3(1)SR1

Impact

System compromise: remote code execution.
Denial of service.

Recommended Actions

Please refer to the following URL to address this issue:
http://www.cisco.com/en/US/products/products_security_advisory09186a0080932c61.shtml

CVE References

CVE-2008-0027