ID

VAR-200601-0326


CVE

CVE-2006-0368


TITLE

Cisco CallManager Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2006-003845

DESCRIPTION

Cisco CallManager 3.2 and earlier, 3.3 before 3.3(5)SR1, 4.0 before 4.0(2a)SR2c, and 4.1 before 4.1(3)SR2 allow remote attackers to (1) cause a denial of service (CPU and memory consumption) via a large number of open TCP connections to port 2000 and (2) cause a denial of service (fill the Windows Service Manager communication queue) via a large number of TCP connections to port 2001, 2002, or 7727. Cisco CallManager There is a service disruption (DoS) There are vulnerabilities that are put into a state.Service disruption by a third party (DoS) There is a possibility of being put into a state. CallManager is susceptible to multiple remote denial of service vulnerabilities. These issues are documented in Cisco bugs CSCea53907, CSCsa86197, CSCsb16635 and CSCsb64161, which are available to Cisco customers. Attackers may exploit these vulnerabilities to crash the affected service, effectively denying service to legitimate users. Cisco CallManager (CCM) is a set of call processing components based on the Cisco Unified Communications solution of Cisco. Under certain circumstances, CCM will keep the TCP connection open indefinitely until the CCM service is restarted or the server is restarted. Successful exploitation of these vulnerabilities could result in a denial of service attack, causing high CPU usage, interrupting service, or restarting the server, which could then cause the phone to become unresponsive, log off the phone from the CCM, or restart the CCM. TITLE: Cisco CallManager Connection Handling Denial of Service SECUNIA ADVISORY ID: SA18494 VERIFY ADVISORY: http://secunia.com/advisories/18494/ CRITICAL: Less critical IMPACT: DoS WHERE: >From local network SOFTWARE: Cisco CallManager 3.x http://secunia.com/product/2805/ Cisco CallManager 4.x http://secunia.com/product/5363/ DESCRIPTION: Some vulnerabilities has been reported in Cisco CallManager, which can be exploited by malicious people to cause a DoS (Denial of Service). 2) An error in the processing of connections to ports 2001, 2002, and 7727 can be exploited to fill up the Windows message queue by establishing multiple connections. This further leads to the Cisco CallManager restarting after a 30 second timeout. The following versions are affected: * Cisco CallManager 3.2 and earlier * Cisco CallManager 3.3, versions earlier than 3.3(5)SR1a * Cisco CallManager 4.0, versions earlier than 4.0(2a)SR2c * Cisco CallManager 4.1, versions earlier than 4.1(3)SR2 SOLUTION: Fixes are available (see patch matrix): http://www.cisco.com/warp/public/707/cisco-sa-20060118-ccmdos.shtml#software PROVIDED AND/OR DISCOVERED BY: Reported by vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20060118-ccmdos.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2006-0368 // JVNDB: JVNDB-2006-003845 // BID: 16295 // VULHUB: VHN-16476 // PACKETSTORM: 43184

AFFECTED PRODUCTS

vendor:ciscomodel:call managerscope:eqversion:3.1

Trust: 2.2

vendor:ciscomodel:call managerscope:eqversion:3.3

Trust: 1.9

vendor:ciscomodel:call managerscope:eqversion:3.0

Trust: 1.9

vendor:ciscomodel:call managerscope:eqversion:4.1\(3\)es07

Trust: 1.6

vendor:ciscomodel:call managerscope:eqversion:4.1\(2\)es55

Trust: 1.6

vendor:ciscomodel:call managerscope:eqversion:4.0\(2a\)es62

Trust: 1.6

vendor:ciscomodel:call managerscope:eqversion:4.1\(3\)es32

Trust: 1.6

vendor:ciscomodel:call managerscope:eqversion:4.1\(2\)es33

Trust: 1.6

vendor:ciscomodel:call managerscope:eqversion:4.0\(2a\)sr2b

Trust: 1.6

vendor:ciscomodel:call managerscope:eqversion:4.1\(3\)sr1

Trust: 1.6

vendor:ciscomodel:call managerscope:eqversion:4.0

Trust: 1.3

vendor:ciscomodel:call managerscope:eqversion:3.2

Trust: 1.3

vendor:ciscomodel:call managerscope:eqversion:2.0

Trust: 1.3

vendor:ciscomodel:call managerscope:eqversion:1.0

Trust: 1.3

vendor:ciscomodel:call managerscope:eqversion:3.3\(5\)es30

Trust: 1.0

vendor:ciscomodel:call managerscope:eqversion:3.3\(5\)

Trust: 1.0

vendor:ciscomodel:call managerscope:eqversion:3.3\(3\)es61

Trust: 1.0

vendor:ciscomodel:call managerscope:eqversion:3.3\(3\)

Trust: 1.0

vendor:ciscomodel:call managerscope:eqversion:4.0\(2a\)es40

Trust: 1.0

vendor:ciscomodel:call managerscope:eqversion:*

Trust: 1.0

vendor:ciscomodel:call managerscope:eqversion:3.3\(4\)es25

Trust: 1.0

vendor:ciscomodel:call managerscope:eqversion:3.1\(2\)

Trust: 1.0

vendor:ciscomodel:call managerscope:eqversion:3.1\(3a\)

Trust: 1.0

vendor:ciscomodel:call managerscope:ltversion:3.3

Trust: 0.8

vendor:ciscomodel:call managerscope:eqversion:4.0(2a)sr2c

Trust: 0.8

vendor:ciscomodel:call managerscope:lteversion:3.2 and earlier

Trust: 0.8

vendor:ciscomodel:call managerscope:ltversion:4.0

Trust: 0.8

vendor:ciscomodel:call managerscope:eqversion:4.1(3)sr2

Trust: 0.8

vendor:ciscomodel:call managerscope:eqversion:3.3(5)sr1

Trust: 0.8

vendor:ciscomodel:call managerscope:ltversion:4.1

Trust: 0.8

vendor:ciscomodel:call manager sr1scope:eqversion:4.1

Trust: 0.3

vendor:ciscomodel:call manager es32scope:eqversion:4.1

Trust: 0.3

vendor:ciscomodel:call manager es07scope:eqversion:4.1

Trust: 0.3

vendor:ciscomodel:call manager es55scope:eqversion:4.1

Trust: 0.3

vendor:ciscomodel:call manager es33scope:eqversion:4.1

Trust: 0.3

vendor:ciscomodel:call manager sr2bscope:eqversion:4.0

Trust: 0.3

vendor:ciscomodel:call manager es62scope:eqversion:4.0

Trust: 0.3

vendor:ciscomodel:call manager es40scope:eqversion:4.0

Trust: 0.3

vendor:ciscomodel:call manager es30scope:eqversion:3.3

Trust: 0.3

vendor:ciscomodel:call managerscope:eqversion:3.3(5)

Trust: 0.3

vendor:ciscomodel:call manager es25scope:eqversion:3.3

Trust: 0.3

vendor:ciscomodel:call manager es61scope:eqversion:3.3

Trust: 0.3

vendor:ciscomodel:call managerscope:eqversion:3.3(3)

Trust: 0.3

vendor:ciscomodel:call managerscope:eqversion:3.1(2)

Trust: 0.3

vendor:ciscomodel:call managerscope: - version: -

Trust: 0.3

vendor:ciscomodel:call manager sr2scope:neversion:4.1

Trust: 0.3

vendor:ciscomodel:call manager sr1scope:neversion:4.1

Trust: 0.3

vendor:ciscomodel:call manager es24scope:neversion:4.1

Trust: 0.3

vendor:ciscomodel:call manager es07scope:neversion:4.1

Trust: 0.3

vendor:ciscomodel:call manager es50scope:neversion:4.1

Trust: 0.3

vendor:ciscomodel:call manager es33scope:neversion:4.1

Trust: 0.3

vendor:ciscomodel:call manager sr2cscope:neversion:4.0

Trust: 0.3

vendor:ciscomodel:call manager sr2bscope:neversion:4.0

Trust: 0.3

vendor:ciscomodel:call manager es56scope:neversion:4.0

Trust: 0.3

vendor:ciscomodel:call manager es40scope:neversion:4.0

Trust: 0.3

vendor:ciscomodel:call manager sr1ascope:neversion:3.3

Trust: 0.3

vendor:ciscomodel:call manager es24scope:neversion:3.3

Trust: 0.3

vendor:ciscomodel:call managerscope:neversion:3.3(5)

Trust: 0.3

vendor:ciscomodel:call manager es25scope:neversion:3.3

Trust: 0.3

vendor:ciscomodel:call manager es61scope:neversion:3.3

Trust: 0.3

sources: BID: 16295 // JVNDB: JVNDB-2006-003845 // CNNVD: CNNVD-200601-276 // NVD: CVE-2006-0368

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-0368
value: HIGH

Trust: 1.0

NVD: CVE-2006-0368
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200601-276
value: HIGH

Trust: 0.6

VULHUB: VHN-16476
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2006-0368
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-16476
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-16476 // JVNDB: JVNDB-2006-003845 // CNNVD: CNNVD-200601-276 // NVD: CVE-2006-0368

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-0368

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200601-276

TYPE

Design Error

Trust: 0.9

sources: BID: 16295 // CNNVD: CNNVD-200601-276

CONFIGURATIONS

sources: JVNDB: JVNDB-2006-003845

PATCH

title:18494url:http://secunia.com/advisories/18494

Trust: 0.8

sources: JVNDB: JVNDB-2006-003845

EXTERNAL IDS

db:NVDid:CVE-2006-0368

Trust: 2.5

db:BIDid:16295

Trust: 2.0

db:SECUNIAid:18494

Trust: 1.8

db:VUPENid:ADV-2006-0249

Trust: 1.7

db:OSVDBid:22622

Trust: 1.7

db:OSVDBid:22623

Trust: 1.7

db:SECTRACKid:1015503

Trust: 1.7

db:SREASONid:359

Trust: 1.7

db:JVNDBid:JVNDB-2006-003845

Trust: 0.8

db:CNNVDid:CNNVD-200601-276

Trust: 0.7

db:XFid:24180

Trust: 0.6

db:CISCOid:20060118 CISCO CALL MANAGER DENIAL OF SERVICE

Trust: 0.6

db:VULHUBid:VHN-16476

Trust: 0.1

db:PACKETSTORMid:43184

Trust: 0.1

sources: VULHUB: VHN-16476 // BID: 16295 // JVNDB: JVNDB-2006-003845 // PACKETSTORM: 43184 // CNNVD: CNNVD-200601-276 // NVD: CVE-2006-0368

REFERENCES

url:http://www.cisco.com/warp/public/707/cisco-sa-20060118-ccmdos.shtml

Trust: 2.1

url:http://www.securityfocus.com/bid/16295

Trust: 1.7

url:http://www.osvdb.org/22622

Trust: 1.7

url:http://www.osvdb.org/22623

Trust: 1.7

url:http://securitytracker.com/id?1015503

Trust: 1.7

url:http://secunia.com/advisories/18494

Trust: 1.7

url:http://securityreason.com/securityalert/359

Trust: 1.7

url:http://www.vupen.com/english/advisories/2006/0249

Trust: 1.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/24180

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-0368

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-0368

Trust: 0.8

url:http://www.frsirt.com/english/advisories/2006/0249

Trust: 0.6

url:http://xforce.iss.net/xforce/xfdb/24180

Trust: 0.6

url:http://www.cisco.com/en/us/products/sw/voicesw/ps556/index.html

Trust: 0.3

url:http://www.cisco.com/en/us/products/products_security_advisory09186a00804c0c26.shtml

Trust: 0.3

url:http://secunia.com/product/2805/

Trust: 0.1

url:http://secunia.com/secunia_security_advisories/

Trust: 0.1

url:http://www.cisco.com/warp/public/707/cisco-sa-20060118-ccmdos.shtml#software

Trust: 0.1

url:http://secunia.com/advisories/18494/

Trust: 0.1

url:http://secunia.com/product/5363/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/about_secunia_advisories/

Trust: 0.1

sources: VULHUB: VHN-16476 // BID: 16295 // JVNDB: JVNDB-2006-003845 // PACKETSTORM: 43184 // CNNVD: CNNVD-200601-276 // NVD: CVE-2006-0368

CREDITS

Cisco Security bulletin

Trust: 0.6

sources: CNNVD: CNNVD-200601-276

SOURCES

db:VULHUBid:VHN-16476
db:BIDid:16295
db:JVNDBid:JVNDB-2006-003845
db:PACKETSTORMid:43184
db:CNNVDid:CNNVD-200601-276
db:NVDid:CVE-2006-0368

LAST UPDATE DATE

2024-11-23T22:43:40.208000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-16476date:2017-07-20T00:00:00
db:BIDid:16295date:2006-02-07T20:54:00
db:JVNDBid:JVNDB-2006-003845date:2014-03-11T00:00:00
db:CNNVDid:CNNVD-200601-276date:2006-01-24T00:00:00
db:NVDid:CVE-2006-0368date:2024-11-21T00:06:18.237

SOURCES RELEASE DATE

db:VULHUBid:VHN-16476date:2006-01-22T00:00:00
db:BIDid:16295date:2006-01-18T00:00:00
db:JVNDBid:JVNDB-2006-003845date:2014-03-11T00:00:00
db:PACKETSTORMid:43184date:2006-01-19T17:33:40
db:CNNVDid:CNNVD-200601-276date:2006-01-22T00:00:00
db:NVDid:CVE-2006-0368date:2006-01-22T20:03:00