SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (VoIP)  >   Cisco Unified Communications Manager (CallManager) Vendors:   Cisco
(Cisco Issues Advisory for Cisco Unified Communications Manager) NTP Buffer Overflows Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1031446
SecurityTracker URL:  http://securitytracker.com/id/1031446
CVE Reference:   CVE-2014-9295   (Links to External Site)
Date:  Dec 25 2014
Impact:   Execution of arbitrary code via network, User access via network
Vendor Confirmed:  Yes  

Description:   Several vulnerabilities were reported in NTP. A remote user can execute arbitrary code on the target system. Cisco Unified Communications Manager is affected.

A remote user can send specially crafted data to trigger a buffer overflow and execute arbitrary code on the target system. The code will run with the privileges of the target ntpd process.

A buffer overflow may occur in crypto_recv() when Autokey Authentication is enabled.

A buffer overflow may occur in ctl_putdata().

A buffer overflow may occur in configure().

Stephen Roettger of the Google Security Team reported these vulnerabilities.

Impact:   A remote user can execute arbitrary code on the target system with the privileges of the ntpd process.
Solution:   Cisco Unified Communications Manager (CUCM) is affected. No solution was available at the time of this entry.

Cisco has assigned bug ID CSCus26858 to this vulnerability.

The Cisco advisory is available at:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd

Cause:   Boundary error

Message History:   This archive entry is a follow-up to the message listed below.
Dec 20 2014 NTP Buffer Overflows Let Remote Users Execute Arbitrary Code



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC