Heap overflow in Cisco Unified Communications Manager
Cisco has warned of a vulnerability in its Unified Communications Manager, also known as Call Manager, which manages calls in Cisco's IP telephony products. The vulnerability allows remote attackers to execute arbitrary code or initiate a denial of service attack. Authentication is not required to exploit this vulnerability.
The flaw exists within the Certificate Trust List Provider Service (CTLProvider.exe), which authenticates and distributes certificates. It normally binds to TCP port 2444 over an SSL encrypted transport. Due to a flaw in the way data is received in a loop, it can overflow its heap allocation allowing arbitrary code execution. No specific details of the flaw have been provided.
The problem affects Version 4.2 of Unified Communication Manager prior to 4.2(3)SR3 and Version 4.3 prior to 4.3(1)SR1, as well as Unified Call Manager 4.0 and 4.1 prior to 4.1(3)SR5c. Cisco has provided links to software updates in its security advisory. No update is available for Unified Call Manager 4.0 and Cisco recommends upgrading to Version 4.1. Administrators should apply these updates as soon as possible.
- Cisco Unified Communications Manager CTL Provider Heap Overflow, Cisco security advisory
- Cisco Call Manager CTLProvider Heap Overflow Vulnerability, TippingPoint security advisory