Cisco Unified Communications Manager CTLProvider.exe buffer overflow (SSL_Voip_Data_Collector_BO)

About this signature or vulnerability

Proventia Server IPS for Linux technology, Proventia Network IPS, Proventia Desktop, Proventia-G 1.1 and earlier, Proventia Network MFS, BlackICE Server Protection, Proventia Server IPS for Microsoft Windows technology, BlackICE PC Protection, RealSecure Network, RealSecure Server Sensor:

This signature looks for a large CUCM data collector string.


Default risk level

High risk vulnerability  High

Sensors that have this signature

Proventia Server IPS for Linux technology: 1.95, Proventia Network IPS: XPU 1.95, Proventia Desktop: 1960, Proventia-G 1.1 and earlier: XPU 24.56, Proventia Network MFS: XPU 1.95, BlackICE Server Protection: 3.6.cqb, Proventia Server IPS for Microsoft Windows technology: 1.0.914.1960, BlackICE PC Protection: 3.6cqb, RealSecure Network: XPU 24.56, RealSecure Server Sensor: XPU 24.56

Systems affected

Cisco Unified CallManager: 5.0, Cisco Unified CallManager: 3.3(5)SR2, Cisco Unified CallManager: 4.1(3)SR4, Cisco Unified CallManager: 4.2(3)SR1, Cisco Unified Communications Manager: 4.3(1), Cisco Unified Communications Manager: 5.1(1)

Type

Unauthorized Access Attempt

Vulnerability description

The Certificate Trust List (CTL) Provider service (CTLProvider.exe) of the Cisco Unified Communications Manager (CUCM), formerly Cisco CallManager, is vulnerable to a heap-based buffer overflow caused by an off-by-one error. By sending a specially-crafted packet containing a negative value, a remote attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system or cause the service to crash.

How to remove this vulnerability

Refer to cisco-sa-20070711-cucm for patch, upgrade, or suggested workaround information. See References.

References

cisco-sa-20070711-cucm
Cisco Security Advisory: Cisco Unified Communications Manager Overflow Vulnerabilities
http://www.cisco.com/warp/public/707/cisco-sa-20070711-cucm.shtml

IBM Internet Security Systems Protection Advisory July 11, 2007
Cisco Call Manager CTLProvider.exe Remote Code Execution
http://www.iss.net/threats/270.html

ISS X-Force
Cisco Unified Communications Manager CTLProvider.exe buffer overflow
http://www.iss.net/security_center/static/31437.php

CVE
CVE-2006-5277
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5277