---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: Cisco CallManager Multiple Memory Handling Vulnerabilities SECUNIA ADVISORY ID: SA16042 VERIFY ADVISORY: http://secunia.com/advisories/16042/ CRITICAL: Moderately critical IMPACT: DoS, System access WHERE: >From local network SOFTWARE: Cisco CallManager 3.x http://secunia.com/product/2805/ Cisco CallManager 4.x http://secunia.com/product/5363/ DESCRIPTION: Some vulnerabilities have been reported in Cisco CallManager, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. 1) RISDC (Realtime Information Server Data Collection) sockets are not timed out aggressively enough, which can be exploited to cause RisDC.exe to consume large amounts of memory and ports. 2) The CTI Manager (ctimgr.exe) may restart when using more than 1GB of memory. This can be exploited by continuously sending specially crafted packets causing the CTI Manager to allocate more than 1GB of memory. 3) An error within the handling of specially crafted packets can be exploited to cause CallManager to allocate 500MB of memory to the ccm.exe process. This can be exploited to exhaust memory and cause CallManager to restart when under a heavy load. 4) A memory leak within the login handling for the Admin Service Tool when MLA (Multi Level Admin) is enabled (disabled by default) can be exploited to exhaust memory resources. 5) A boundary error in the aupair service (aupair.exe) can be exploited via specially crafted packets to cause a buffer overflow. Successful exploitation allows execution of arbitrary code. The vulnerabilities affect versions 3.3 and prior and versions 4.0 and 4.1. SOLUTION: The vendor has issued updated versions (see patch matrix in vendor advisory). http://www.cisco.com/warp/public/707/cisco-sa-20050712-ccm.shtml#software PROVIDED AND/OR DISCOVERED BY: 2) The vendor credits Jeff Fay, PatchAdvisor. 5) The vendor credits Internet Security Systems. ORIGINAL ADVISORY: Cisco: http://www.cisco.com/warp/public/707/cisco-sa-20050712-ccm.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------