TippingPoint | DVLabs |

TippingPoint Digital Vaccine Laboratories

Contact Us

DID YOU KNOW... DVLabs and our Zero Day Initiative were credited with discovering 17 Microsoft vulnerabilities in 2006 alone.

Cisco Call Manager CTLProvider Heap Overflow Vulnerability

TPTI-08-02: January 16th, 2008

CVE ID

Affected Vendors

Affected Products

Cisco Call Manager

Vulnerability Details

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco CallManager. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the CTL Provider Service, CTLProvider.exe, which binds to TCP port 2444. The service operates over a SSL encrypted transport. Due to a logic flaw in the way data is received in a loop a heap allocation can be arbitrarily overflown resulting in the control of subsequent heap chunks. This can lead to arbitrary code execution.

Vendor Response

Cisco has issued an update to correct this vulnerability. More details can be found at:

http://www.cisco.com/warp/public/707/cisco-sa-20080116-cucmctl.shtml

Disclosure Timeline

Credit

This vulnerability was discovered by:

Cody Pierce, TippingPoint DVLabs

Published Advisories

TPTI-09-04: Apple

published 2009-06-02

TPTI-09-03: Apple

published 2009-06-02

TPTI-09-01: VMWare

published 2009-04-06

TPTI-09-02: VMWare

published 2009-04-06

TPTI-08-08: Microsoft

published 2008-12-09

Upcoming Advisories

reported 2009-05-11

reported 2009-04-01

reported 2009-03-13

reported 2008-08-12

Hewlett-Packard

reported 2007-07-09

Blog Entries

Exploiting MS Advisory 971778 - QuickTime DirectShow Vulnerability

2009-06-30 by Aaron Portnoy
(3 Comments)

What's Worse Than Finding a Bug in Your Apple?

2009-06-05 by Rob King
(2 Comments)

The iPhone 3.0 Conundrum

2009-06-04 by Cameron Hotchkies
(0 Comments)

Authoring a Technical Book

2009-06-03 by Pedram Amini
(2 Comments)

MindshaRE: Finding ActiveX Methods Dynamically

2009-06-01 by Cody Pierce
(5 Comments)