Thaiadmin

Cisco Unified CallManager SIP Buffer Overflow and Local Privilege Escalation

0 สมาชิก และ 1 บุคคลทั่วไป กำลังดูหัวข้อนี้

ออฟไลน์ ColVIpTeCh

  • Union Relationship Leader
  • *****
  • 7,407
  • 169
  • เพศ: ชาย
  • ท่านพอใจเรายินดี ผิดพลาดสิ่งใดขออภัย จากใจจริง ^_^
    • กลุ่มผู้ดูแลระบบแห่งประเทศไทย - ColVlpTeCh
Cisco Unified CallManager SIP Buffer Overflow and Local Privilege Escalation
« เมื่อ: 14 กรกฎาคม 2006, 00:59:59 »
High Risk  : Cisco Unified CallManager SIP Buffer Overflow and Local Privilege Escalation Vulnerabilities
 
CVE ID : GENERIC-MAP-NOMATCH
Rated as : High Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2006-07-12


Technical Description

Multiple vulnerabilities have been identified in Cisco Unified CallManager, which could be exploited by attackers to execute arbitrary commands or cause a denial of service, or by malicious users to bypass security restrictions and obtain elevated privileges.

The first issue is due to a buffer overflow error in the SIP (Session Initiation Protocol) implementation when handling SIP requests containing malformed hostnames, which could be exploited by attackers to execute arbitrary commands or cause a denial of service.

The second flaw is due to an error in the Command Line Interface (CLI) when handling certain commands, which could be exploited by authenticated users to access the base operating system and execute arbitrary commands with root privileges.

The third vulnerability is due to an error in the Command Line Interface (CLI) that allows command output to be redirected to a file folder, which could be exploited by authenticated users to modify or overwrite any file on the filesystem with root privileges.

Affected Products

Cisco Unified CallManager (CUCM) version 5.0(1)
Cisco Unified CallManager (CUCM) version 5.0(2)
Cisco Unified CallManager (CUCM) version 5.0(3)
Cisco Unified CallManager (CUCM) version 5.0(3a)

Solution

Upgrade to Cisco Unified CallManager version 5.0(4) :
http://www.cisco.com/pcgi-bin/tablebuild.pl/callmgr-50

References

http://www.cisco.com/warp/public/707/cisco-sa-20060712-cucm.shtml

Credits

Vulnerabilities reported by the vendor
- ขออภัย หากมิได้ตอบข้อความส่วนตัว
- ขอความร่วมมือและโปรดใช้ Thank You ในทุกๆ ข้อความที่ท่านต้องการขอบคุณ
^
^
งด SPAM mail ทุกชนิด - protect@mict.mail.go.th
^

LebnPhold

Maxalt fdvaefbfbldEmoxyBtjApotau
« ตอบกลับ #1 เมื่อ: 3 พฤษภาคม 2021, 21:14:59 »
mexican online pharmacies https://xlnpharmacy.com/ Xeloda

FmrfPhold

viagra efectos colaterales fhwsbbolthdEmoxyBtjApotab
« ตอบกลับ #2 เมื่อ: 5 พฤษภาคม 2021, 02:36:43 »
cialis tadalafil. au https://cialisee.com/ cialis and pay pal