Multiple Cisco TelePresence product Buffer Overflow Vulnerabilities

Release date:
Updated on:

Affected Systems:
Cisco Telepresence Recording Server 1.6.1
Cisco Telepresence Recording Server 1.6
Cisco CTMS: Cisco CTMS 1.6
Cisco CTMS: Cisco CTMS 1.5
Cisco CTMS: Cisco CTMS 1.1
Cisco CTMS: Cisco CTMS 1.0
Cisco TelePresence Manager 1.6
Cisco TelePresence Manager 1.6
Cisco TelePresence Manager 1.5
Cisco TelePresence Manager 1.5
Cisco TelePresence Manager 1.4
Cisco TelePresence Manager 1.4
Cisco TelePresence Manager 1.3
Cisco TelePresence Manager 1.3
Cisco TelePresence Manager 1.2
Cisco TelePresence Endpoint 1.
Cisco TelePresence Endpoint 1.
Cisco TelePresence Endpoint 1.
Cisco TelePresence Endpoint 1.
Cisco TelePresence Endpoint 1.
Unaffected system:
Cisco Telepresence Recording Server 1.6.2
Cisco CTMS: Cisco CTMS 1.7
Cisco TelePresence Manager 1.7
Cisco TelePresence Endpoint 1.
Description:
--------------------------------------------------------------------------------
Bugtraq id: 46514
Cve id: CVE-2011-0379

Cisco TelePresence is a Cisco TelePresence solution that collaborates with colleagues, partners, and customers around the world in a timely manner.

Cisco TelePresence has a buffer overflow vulnerability in implementation. Attackers can exploit this vulnerability to execute arbitrary code with system-level permissions and completely control the affected computers, resulting in DOS.

This vulnerability occurs because the application fails to perform a boundary check on user input.

<**>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

Cisco
-----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://www.cisco.com/warp/public/707/advisory.html