You are here

T-629: Avaya WinPDM Multiple Buffer Overflow Vulnerabilities

May 24, 2011 - 3:35pm

Addthis

PROBLEM:

Avaya WinPDM Multiple Buffer Overflow Vulnerabilities.

PLATFORM:

Avaya versions prior to 3.8.5 (confirmed in 3.8.2)

ABSTRACT:

Vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user.

refrence LINKS:

Avaya Security Advisory: ASA-2011-143
Secunia Advisory: SA44062
Securelist ID: SA44062
Vulnerability Report: Avaya WinPDM 3.x

IMPACT ASSESSMENT:

High

Discussion:

Multiple vulnerabilities in Avaya WinPDM, which can be exploited by malicious people to compromise a vulnerable system.
1) A boundary error in the Unite Host Router service (UniteHostRouter.exe) when processing certain requests can be exploited to cause a stack-based buffer overflow via an overly long string in the "To:" field sent to UDP port 3217.
2) A boundary error in UspCsi.exe when processing certain requests can be exploited to cause a heap-based buffer overflow via a specially crafted overly long string sent to UDP port 10136.
Successful exploitation of these vulnerabilities allows execution of arbitrary code.
3) A boundary error in CuspSerialCsi.exe when processing certain requests can be exploited to cause a heap-based buffer overflow via a specially crafted overly long string sent to UDP port 10158.
4) A boundary error in MwpCsi.exe when processing certain requests can be exploited to cause a heap-based buffer overflow via a specially crafted overly long string sent to UDP port 10137.
5) A boundary error in PMServer.exe when processing certain requests can be exploited to cause a heap-based buffer overflow via a specially crafted overly long string sent to UDP port 10138.
Successful exploitation of vulnerabilities #3 through #5 may allow execution of arbitrary code.

Solution:

Avaya solution update to version 3.8.5.

Avaya support and download
 

Addthis