| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20050720020642.31177.qmail@securityfocus.com>
Date: 20 Jul 2005 02:06:42 -0000
From: vames@...chadvisor.com
To: bugtraq@...urityfocus.com
Subject: PatchAdvisor Vulnerability Alert - Cisco CallManager Remote
Denial of Service Vulnerability
PatchAdvisor, Inc. www.patchadvisor.com
PATCHADVISOR VULNERABILITY ALERT
Cisco CallManager CTI Manager Remote Denial Of Service Vulnerability
VULNERABILITY NAME
==================
Cisco CallManager CTI Manager Remote Denial Of Service Vulnerability
PUBLISHED DATE
==============
12-JUL-05
UPDATED DATE
============
19-JUL-05
BACKGROUND
==========
Cisco Call Manager (CCM) is the software-based call-processing component of the
Cisco IP telephony solution which extends enterprise telephony features and
functions to packet telephony network devices such as IP phones, media processing
devices, voice-over-IP (VoIP) gateways, and multimedia applications.
More information about the product is available here:
http://www.cisco.com/en/US/products/sw/voicesw/ps556/index.html
DESCRIPTION
===========
Cisco Call Manager may restart when more than 1GB of memory is used. Sending
specially crafted packets to the CCM will cause the CCM to use more than 1 gigabyte
of virtual memory.
An example of how to send a specially crafted packet is:
wget http://victim:2000
Cisco has allocated CSCee00116 for this vulnerability. Their bulletin is available here:
http://www.cisco.com/warp/public/707/cisco-sa-20050712-ccm.shtml
IMPACT
======
Successful exploitation of the vulnerability may result in resource starvation resulting
in high CPU utilization, unresponsive terminal services, the inability to run CCM
Admin or to map drives. This may subsequently lead to phones not responding, phones
unregistering from the Cisco CallManager, or Cisco CallManager restarting. In
extreme examples, all VoIP phones may restart after only 1 packet being sent to the
CCM.
VERSIONS AFFECTED
=================
Cisco CallManager 3.2 and earlier
Cisco CallManager 3.3, versions earlier than 3.3(5)
Cisco CallManager 4.0, versions earlier than 4.0(2a)SR2b
Cisco CallManager 4.1, versions earlier than 4.1(3)SR1
SOLUTION
========
Upgrade to version Call Manager 3.3(5) or 4.1(4)
Vulnerability History
=====================
21 April 2005 Identified by Jeff Fay of PatchAdvisor
21 April 2005 Issue disclosed to Cisco
25 April 2005 Vulnerability confirmed Cisco
12 July 2005 Cisco Public Disclosure
UPDATES
=======
Further updates to this notice will be posted to the PatchAdvisor site http://www.patchadvisor.com
CREDIT
======
Jeff Fay of PatchAdvisor (Jeff@...chadvisor.com)
ABOUT PATCHADVISOR
==================
PatchAdvisor, Inc. was founded in 2003 and is based in Alexandria, Virginia with
offices in Maryland and Florida. Our corporate philosophy is simple, we empower
clients with the knowledge and tools they need to secure their environment. Our
products and services go beyond the rest by providing not only an understanding of
security issues, but also providing lasting solutions tailored for each unique
environment so clients can quickly focus on the task of securing their environment.
Request a free trial of our vulnerability alerting solution by clicking here:
http://www.patchadvisor.com/Products/Default.aspx
DISCLAIMER
==========
This information is provided in an AS IS condition and may change without notice. There are no warranties with regard to this information. Neither PatchAdvisor nor the author are liable for any consequences arising from either following or not following this information.
Copyright 2005 PatchAdvisor Inc. All rights reserved. www.patchadvisor.com
Powered by blists - more mailing lists