lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200507192203241.SM01204@MrHanky>
Date: Wed Jul 20 08:31:34 2005
From: vicky at patchadvisor.com (Vicky Ames)
Subject: PatchAdvisor Vulnerability Alert - Cisco
	CallManager Remote Denial of Service Vulnerability 

 
PatchAdvisor, Inc.
www.patchadvisor.com

 
============================================================================
=                     PATCHADVISOR VULNERABILITY ALERT                     =
=   Cisco CallManager CTI Manager Remote Denial Of Service Vulnerability   =
============================================================================
 
VULNERABILITY NAME
==================
Cisco CallManager CTI Manager Remote Denial Of Service Vulnerability
 
PUBLISHED DATE
==============
12-JUL-05
 
UPDATED DATE
============
19-JUL-05
 

BACKGROUND
==========
Cisco Call Manager (CCM) is the software-based call-processing component of
the 
Cisco IP telephony solution which extends enterprise telephony features and 
functions to packet telephony network devices such as IP phones, media
processing 
devices, voice-over-IP (VoIP) gateways, and multimedia applications.
 
More information about the product is available here: 
http://www.cisco.com/en/US/products/sw/voicesw/ps556/index.html
 
DESCRIPTION
===========
Cisco Call Manager may restart when more than 1GB of memory is used. Sending

specially crafted packets to the CCM will cause the CCM to use more than 1
gigabyte 
of virtual memory. 
 
An example of how to send a specially crafted packet is:
 
wget http://victim:2000
 
Cisco has allocated CSCee00116 for this vulnerability. Their bulletin is
available here:
http://www.cisco.com/warp/public/707/cisco-sa-20050712-ccm.shtml
 
IMPACT
======
Successful exploitation of the vulnerability may result in resource
starvation resulting 
in high CPU utilization, unresponsive terminal services, the inability to
run CCM 
Admin or to map drives. This may subsequently lead to phones not responding,
phones 
unregistering from the Cisco CallManager, or Cisco CallManager restarting.
In 
extreme examples, all VoIP phones may restart after only 1 packet being sent
to the 
CCM.
 
VERSIONS AFFECTED
=================
Cisco CallManager 3.2 and earlier 
Cisco CallManager 3.3, versions earlier than 3.3(5)
Cisco CallManager 4.0, versions earlier than 4.0(2a)SR2b
Cisco CallManager 4.1, versions earlier than 4.1(3)SR1
 
SOLUTION
========
Upgrade to version Call Manager 3.3(5) or 4.1(4)
 
Vulnerability History
=====================
21 April 2005 Identified by Jeff Fay of PatchAdvisor
21 April 2005 Issue disclosed to Cisco 
25 April 2005 Vulnerability confirmed Cisco
12 July 2005 Cisco Public Disclosure
 
UPDATES
=======
 
Further updates to this notice will be posted to the PatchAdvisor site
http://www.patchadvisor.com
 
CREDIT
======
Jeff Fay of PatchAdvisor (Jeff@...chadvisor.com)
 
ABOUT PATCHADVISOR
==================
PatchAdvisor, Inc. was founded in 2003 and is based in Alexandria, Virginia
with 
offices in Maryland and Florida.  Our corporate philosophy is simple, we
empower 
clients with the knowledge and tools they need to secure their environment.
Our 
products and services go beyond the rest by providing not only an
understanding of 
security issues, but also providing lasting solutions tailored for each
unique 
environment so clients can quickly focus on the task of securing their
environment.
 
Request a free trial of our vulnerability alerting solution by clicking
here: 
http://www.patchadvisor.com/Products/Default.aspx
 
DISCLAIMER
==========
 
This information is provided in an AS IS condition and may change without
notice. There are no warranties with regard to this information. Neither
PatchAdvisor nor the author are liable for any consequences arising from
either following or not following this information.
 

 
Copyright 2005 PatchAdvisor Inc.  All rights reserved. www.patchadvisor.com
 

Powered by blists - more mailing lists