1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Attack: Avaya Portable Device Manager 2

Attack: Avaya Portable Device Manager 2

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit a buffer overflow vulnerability in Avaya application which may result in arbitrary code execution.

Additional Information

AvayaWinPDM (Windows Portable Device Manager) is an application that is used to configure Avaya IP DECT phones.

AvayaWinPDM is prone to multiple buffer-overflow vulnerabilities because it fails to perform adequate checks on user-supplied input.

1. A stack-based buffer-overflow vulnerability occurs in the 'UniteHostRouter.exe' file when processing an overly large string in the 'To:' field sent to UDP port 3217.

2. A heap-based buffer-overflow vulnerability occurs in the 'UspCsi.exe' file when processing an overly large string sent to UDP port 10136.

3. A heap-based buffer-overflow vulnerability occurs in the 'CuspSerialCsi.exe' file when processing an overly large string sent to UDP port 10158.

4. A heap-based buffer-overflow vulnerability occurs in the 'MwpCsi.exe' file when processing an overly large string sent to UDP port 10137.

4. A heap-based buffer-overflow vulnerability occurs in the 'PMServer.exe' file when processing an overly large sent to UDP port 10138.

Successful exploits may allow attackers to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

Affected

  • AvayaWinPDM versions prior to 3.8.5 are vulnerable.

Additional References

  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube