Advisory ID: cisco-sa-20080116-cucmctl http://www.cisco.com/warp/public/707/cisco-sa-20080116-cucmctl.shtml Revision 1.0 For Public Release 2008 January 16 1600 UTC (GMT)
Contents Summary Affected Products Details Vulnerability Scoring Details Impact Software Versions and Fixes Workarounds Obtaining Fixed Software Exploitation and Public Announcements Status of This Notice: FINAL Distribution Revision History Cisco Security Procedures
Summary Cisco Unified Communications Manager (CUCM), formerly CallManager, contains a heap overflow vulnerability in the Certificate Trust List (CTL) Provider service that could allow a remote, unauthenticated user to cause a denial of service (DoS) condition or execute arbitrary code. There is a workaround for this vulnerability.
Cisco has made free software available to address these vulnerabilities for affected customers.
Common Vulnerabilities and Exposures (CVE) identifier CVE-2008-0027 has been assigned to this vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080116-cucmctl.shtml.
[Expand all sections] [Collapse all sections] Affected Products Note: Cisco Unified CallManager Versions 4.2, 4.3, 5.1 and 6.0 have been renamed as Cisco Unified Communications Manager. CUCM Versions 3.3, 4.0, 4.1 and 5.0 retain the Cisco Unified CallManager name.
Vulnerable Products These products are vulnerable:
Cisco Unified CallManager 4.0
Cisco Unified CallManager 4.1 Versions prior to 4.1(3)SR5c
Cisco Unified Communications Manager 4.2 Versions prior to 4.2(3)SR3
Cisco Unified Communications Manager 4.3 Versions prior to 4.3(1)SR1
The version of software running on a CUCM 4.x system can be determined by navigating to Help > About Cisco Unified CallManager and selecting the Details button via the CUCM Administration interface.
Products Confirmed Not Vulnerable CUCM Versions 3.3, 5.0, 5.1, 6.0, 6.1 and Cisco CallManager Express are not affected by this vulnerability. No other Cisco products are currently known to be affected by this vulnerability.
Top of the section Close Section Details Cisco Unified Communications Manager (CUCM) is the call processing component of the Cisco IP telephony solution that extends enterprise telephony features and functions to packet telephony network devices, such as IP phones, media processing devices, voice-over-IP (VoIP) gateways, and multimedia applications.
When a CUCM server is deployed in secure mode, a Certificate Trust List (CTL) is used by Cisco Unified IP Phone devices to verify the identity of CUCM servers. The CTL contains public keys and other information to allow the Cisco IP Phone devices to establish a trusted relationship with a CUCM server. The CTL is provisioned using the CTL Provider service on a CUCM server and with the CTL Provider client on an administrator workstation. The CTL Provider service needs to be enabled during the initial configuration of a CUCM server/cluster or when changes are required to the CTL. Please consult the Workarounds section of this advisory for information on how to determine if the CTL Provider service is enabled on a CUCM server.
The CTL Provider service of the CUCM contains a heap overflow vulnerability that could allow a remote, unauthenticated user to cause a DoS condition or execute arbitrary code. The CTL Provider service listens on TCP port 2444 by default, but the port can be modified by the user. This issue is documented in Cisco Bug ID CSCsj22605.