Cisco CallManager CTL Provider 远程堆溢出漏洞
程序员文章站
2022-06-28 09:36:38
受影响系统:
Cisco Unified CallManager 4.1
Cisco Unified CallManager 4.0
Cisco Unified Communications Manager 4.3
Cisco Unified Communications Manager 4.2
... 08-10-08...
受影响系统:
cisco unified callmanager 4.1
cisco unified callmanager 4.0
cisco unified communications manager 4.3
cisco unified communications manager 4.2 不受影响系统:
cisco unified callmanager 4.1(3)sr5c
cisco unified communications manager 4.3(1)sr1
cisco unified communications manager 4.2(3)sr3 描述:
cisco unified communications manager(cucm,之前被称为callmanager)是cisco ip电话解决方案中的呼叫处理组件。 cucm中默认绑定在tcp/2444端口上的ctl provider服务(ctlprovider.exe)存在堆溢出漏洞,远程攻击者可能利用此漏洞控制服务器。 该漏洞存在于接收套接字数据期间所使用的循环中的逻辑错误。 厂商补丁:
cisco已经为此发布了一个安全公告(cisco-sa-20080116-cucmctl)以及相应补丁:
cisco-sa-20080116-cucmctl:cisco unified communications manager ctl provider heap overflow
链接:http://www.cisco.com/warp/public/707/cisco-sa-20080116-cucmctl.sht
cisco unified callmanager 4.1
cisco unified callmanager 4.0
cisco unified communications manager 4.3
cisco unified communications manager 4.2 不受影响系统:
cisco unified callmanager 4.1(3)sr5c
cisco unified communications manager 4.3(1)sr1
cisco unified communications manager 4.2(3)sr3 描述:
cisco unified communications manager(cucm,之前被称为callmanager)是cisco ip电话解决方案中的呼叫处理组件。 cucm中默认绑定在tcp/2444端口上的ctl provider服务(ctlprovider.exe)存在堆溢出漏洞,远程攻击者可能利用此漏洞控制服务器。 该漏洞存在于接收套接字数据期间所使用的循环中的逻辑错误。 厂商补丁:
cisco已经为此发布了一个安全公告(cisco-sa-20080116-cucmctl)以及相应补丁:
cisco-sa-20080116-cucmctl:cisco unified communications manager ctl provider heap overflow
链接:http://www.cisco.com/warp/public/707/cisco-sa-20080116-cucmctl.sht