SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (VoIP)  >   Cisco Unified Communications Manager (CallManager) Vendors:   Cisco
(Cisco Issues Advisory for Cisco Unified Communications Manager) NTP Logic Error in the receive() Function in 'ntp_proto.c' May Let Remote Users Deny Service
SecurityTracker Alert ID:  1031447
SecurityTracker URL:  http://securitytracker.com/id/1031447
CVE Reference:   CVE-2014-9296   (Links to External Site)
Date:  Dec 25 2014
Impact:   Denial of service via network
Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in NTP. A remote user may be able to cause denial of service conditions. Cisco Unified Communications Manager is affected.

A remote user may be able to trigger a certain and rare error to exploit a logic error in ntp_proto.c:receive() and adversely affect system integrity.

The vulnerability occurs due to a missing return statement.

[Editor's note: The vendor indicates that they have not be able to identify a method to affect system integrity.]

Stephen Roettger of the Google Security Team reported this vulnerability.

Impact:   A remote user may be able to adversely affect system integrity.
Solution:   Cisco Unified Communications Manager (CUCM) is affected. No solution was available at the time of this entry.

Cisco has assigned bug ID CSCus26858 to this vulnerability.

The Cisco advisory is available at:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd

Vendor URL:  support.ntp.org/bin/view/Main/SecurityNotice (Links to External Site)
Cause:   State error

Message History:   This archive entry is a follow-up to the message listed below.
Dec 20 2014 NTP Logic Error in the receive() Function in 'ntp_proto.c' May Let Remote Users Deny Service



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC