CVE-2008-0027: Buffer Overflow
First published: Thu Jan 17 2008(Updated: )
Heap-based buffer overflow in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM) 4.2 before 4.2(3)SR3 and 4.3 before 4.3(1)SR1, and CallManager 4.0 and 4.1 before 4.1(3)SR5c, allows remote attackers to cause a denial of service or execute arbitrary code via a long request.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Unified Communications Manager Session Management Edition | =4.2.3sr2 | |
| Cisco Unified Communications Manager Session Management Edition | =4.2 | |
| Cisco Unified Communications Manager Session Management Edition | =4.3 | |
| Cisco Unified Communications Manager | =4.1 | |
| Cisco Unified Communications Manager | =4.1\(3\)sr5 | |
| Cisco Unified Communications Manager | =4.1\(3\)sr4 | |
| Cisco Unified Communications Manager | =4.1\(3\)sr5b | |
| Cisco Unified Communications Manager Session Management Edition | =4.2.3sr2b | |
| Cisco Unified Communications Manager | =4.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://dvlabs.tippingpoint.com/advisory/TPTI-08-02
- http://www.cisco.com/en/US/products/products_security_advisory09186a0080932c61.shtml
- http://www.securityfocus.com/bid/27313
- http://www.securitytracker.com/id?1019223
- http://secunia.com/advisories/28530
- http://securityreason.com/securityalert/3551
- http://www.vupen.com/english/advisories/2008/0171
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39704
- http://www.securityfocus.com/archive/1/486432/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2008-0027?
CVE-2008-0027 has a high severity rating due to its potential to cause denial of service and remote code execution.
How do I fix CVE-2008-0027?
To fix CVE-2008-0027, upgrade your Cisco Unified Communications Manager to the patched versions: 4.2(3)SR3 or 4.3(1)SR1.
What versions of Cisco Unified Communications Manager are affected by CVE-2008-0027?
CVE-2008-0027 affects Cisco Unified Communications Manager versions 4.0, 4.1, and 4.2 prior to specific patch releases.
What is the exploit vector for CVE-2008-0027?
The exploit vector for CVE-2008-0027 is remote attackers targeting the Certificate Trust List Provider service.
What impact does CVE-2008-0027 have on my system?
CVE-2008-0027 can lead to a denial of service, allowing attackers to crash the service or potentially execute arbitrary code.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/last-modified-date
- agent/references
- agent/severity
- agent/author
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/cisco
- canonical/cisco unified communications manager session management edition
- version/cisco unified communications manager session management edition/4.2.3sr2
- version/cisco unified communications manager session management edition/4.2
- version/cisco unified communications manager session management edition/4.3
- canonical/cisco unified communications manager
- version/cisco unified communications manager/4.1
- version/cisco unified communications manager/4.1\(3\)sr5
- version/cisco unified communications manager/4.1\(3\)sr4
- version/cisco unified communications manager/4.1\(3\)sr5b
- version/cisco unified communications manager session management edition/4.2.3sr2b
- version/cisco unified communications manager/4.0