CVE-2008-0027

Heap-based buffer overflow in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM) 4.2 before 4.2(3)SR3 and 4.3 before 4.3(1)SR1, and CallManager 4.0 and 4.1 before 4.1(3)SR5c, allows remote attackers to cause a denial of service or execute arbitrary code via a long request.

Published: Jan 17, 2008
Updated: Apr 13, 2023
CVE: CVE-2008-0027
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
cisco / unified_communications_manager	4.2.3sr2	4.2.3sr2.x
cisco / unified_communications_manager	4.2	4.2.x
cisco / unified_communications_manager	4.3	4.3.x
cisco / unified_callmanager	4.1	4.1.x
cisco / unified_callmanager	4.1(3)sr5	4.1(3)sr5.x
cisco / unified_callmanager	4.1(3)sr4	4.1(3)sr4.x
cisco / unified_callmanager	4.1(3)sr5b	4.1(3)sr5b.x
cisco / unified_communications_manager	4.2.3sr2b	4.2.3sr2b.x
cisco / unified_callmanager	4.0	4.0.x

http://dvlabs.tippingpoint.com/advisory/TPTI-08-02
http://secunia.com/advisories/28530
http://securityreason.com/securityalert/3551
http://www.cisco.com/en/US/products/products_security_advisory09186a0080932c61.shtml
http://www.securityfocus.com/archive/1/486432/100/0/threaded
http://www.securityfocus.com/bid/27313
http://www.securitytracker.com/id?1019223
http://www.vupen.com/english/advisories/2008/0171
https://exchange.xforce.ibmcloud.com/vulnerabilities/39704

Vulnerability Database

289,599

CVE-2008-0027