Details of VAR-200601-0326

ID

VAR-200601-0326

CVE

CVE-2006-0368

TITLE

Cisco CallManager Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2006-003845

DESCRIPTION

Cisco CallManager 3.2 and earlier, 3.3 before 3.3(5)SR1, 4.0 before 4.0(2a)SR2c, and 4.1 before 4.1(3)SR2 allow remote attackers to (1) cause a denial of service (CPU and memory consumption) via a large number of open TCP connections to port 2000 and (2) cause a denial of service (fill the Windows Service Manager communication queue) via a large number of TCP connections to port 2001, 2002, or 7727. Cisco CallManager There is a service disruption (DoS) There are vulnerabilities that are put into a state.Service disruption by a third party (DoS) There is a possibility of being put into a state. CallManager is susceptible to multiple remote denial of service vulnerabilities. These issues are documented in Cisco bugs CSCea53907, CSCsa86197, CSCsb16635 and CSCsb64161, which are available to Cisco customers. Attackers may exploit these vulnerabilities to crash the affected service, effectively denying service to legitimate users. Cisco CallManager (CCM) is a set of call processing components based on the Cisco Unified Communications solution of Cisco. Under certain circumstances, CCM will keep the TCP connection open indefinitely until the CCM service is restarted or the server is restarted. Successful exploitation of these vulnerabilities could result in a denial of service attack, causing high CPU usage, interrupting service, or restarting the server, which could then cause the phone to become unresponsive, log off the phone from the CCM, or restart the CCM. TITLE: Cisco CallManager Connection Handling Denial of Service SECUNIA ADVISORY ID: SA18494 VERIFY ADVISORY: http://secunia.com/advisories/18494/ CRITICAL: Less critical IMPACT: DoS WHERE: >From local network SOFTWARE: Cisco CallManager 3.x http://secunia.com/product/2805/ Cisco CallManager 4.x http://secunia.com/product/5363/ DESCRIPTION: Some vulnerabilities has been reported in Cisco CallManager, which can be exploited by malicious people to cause a DoS (Denial of Service). 2) An error in the processing of connections to ports 2001, 2002, and 7727 can be exploited to fill up the Windows message queue by establishing multiple connections. This further leads to the Cisco CallManager restarting after a 30 second timeout. The following versions are affected: * Cisco CallManager 3.2 and earlier * Cisco CallManager 3.3, versions earlier than 3.3(5)SR1a * Cisco CallManager 4.0, versions earlier than 4.0(2a)SR2c * Cisco CallManager 4.1, versions earlier than 4.1(3)SR2 SOLUTION: Fixes are available (see patch matrix): http://www.cisco.com/warp/public/707/cisco-sa-20060118-ccmdos.shtml#software PROVIDED AND/OR DISCOVERED BY: Reported by vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20060118-ccmdos.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2006-0368 // JVNDB: JVNDB-2006-003845 // BID: 16295 // VULHUB: VHN-16476 // PACKETSTORM: 43184

AFFECTED PRODUCTS

vendor:	cisco	model:	call manager	scope:	eq	version:	3.1	Trust: 2.2
vendor:	cisco	model:	call manager	scope:	eq	version:	3.3	Trust: 1.9
vendor:	cisco	model:	call manager	scope:	eq	version:	3.0	Trust: 1.9
vendor:	cisco	model:	call manager	scope:	eq	version:	4.1\(3\)es07	Trust: 1.6
vendor:	cisco	model:	call manager	scope:	eq	version:	4.1\(2\)es55	Trust: 1.6
vendor:	cisco	model:	call manager	scope:	eq	version:	4.0\(2a\)es62	Trust: 1.6
vendor:	cisco	model:	call manager	scope:	eq	version:	4.1\(3\)es32	Trust: 1.6
vendor:	cisco	model:	call manager	scope:	eq	version:	4.1\(2\)es33	Trust: 1.6
vendor:	cisco	model:	call manager	scope:	eq	version:	4.0\(2a\)sr2b	Trust: 1.6
vendor:	cisco	model:	call manager	scope:	eq	version:	4.1\(3\)sr1	Trust: 1.6
vendor:	cisco	model:	call manager	scope:	eq	version:	4.0	Trust: 1.3
vendor:	cisco	model:	call manager	scope:	eq	version:	3.2	Trust: 1.3
vendor:	cisco	model:	call manager	scope:	eq	version:	2.0	Trust: 1.3
vendor:	cisco	model:	call manager	scope:	eq	version:	1.0	Trust: 1.3
vendor:	cisco	model:	call manager	scope:	eq	version:	3.1\(2\)	Trust: 1.0
vendor:	cisco	model:	call manager	scope:	eq	version:	3.3\(5\)	Trust: 1.0
vendor:	cisco	model:	call manager	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	call manager	scope:	eq	version:	3.3\(5\)es30	Trust: 1.0
vendor:	cisco	model:	call manager	scope:	eq	version:	3.3\(3\)es61	Trust: 1.0
vendor:	cisco	model:	call manager	scope:	eq	version:	3.3\(3\)	Trust: 1.0
vendor:	cisco	model:	call manager	scope:	eq	version:	3.3\(4\)es25	Trust: 1.0
vendor:	cisco	model:	call manager	scope:	eq	version:	4.0\(2a\)es40	Trust: 1.0
vendor:	cisco	model:	call manager	scope:	eq	version:	3.1\(3a\)	Trust: 1.0
vendor:	cisco	model:	call manager	scope:	lt	version:	3.3	Trust: 0.8
vendor:	cisco	model:	call manager	scope:	eq	version:	4.0(2a)sr2c	Trust: 0.8
vendor:	cisco	model:	call manager	scope:	lte	version:	3.2 and earlier	Trust: 0.8
vendor:	cisco	model:	call manager	scope:	lt	version:	4.0	Trust: 0.8
vendor:	cisco	model:	call manager	scope:	eq	version:	4.1(3)sr2	Trust: 0.8
vendor:	cisco	model:	call manager	scope:	eq	version:	3.3(5)sr1	Trust: 0.8
vendor:	cisco	model:	call manager	scope:	lt	version:	4.1	Trust: 0.8
vendor:	cisco	model:	call manager sr1	scope:	eq	version:	4.1	Trust: 0.3
vendor:	cisco	model:	call manager es32	scope:	eq	version:	4.1	Trust: 0.3
vendor:	cisco	model:	call manager es07	scope:	eq	version:	4.1	Trust: 0.3
vendor:	cisco	model:	call manager es55	scope:	eq	version:	4.1	Trust: 0.3
vendor:	cisco	model:	call manager es33	scope:	eq	version:	4.1	Trust: 0.3
vendor:	cisco	model:	call manager sr2b	scope:	eq	version:	4.0	Trust: 0.3
vendor:	cisco	model:	call manager es62	scope:	eq	version:	4.0	Trust: 0.3
vendor:	cisco	model:	call manager es40	scope:	eq	version:	4.0	Trust: 0.3
vendor:	cisco	model:	call manager es30	scope:	eq	version:	3.3	Trust: 0.3
vendor:	cisco	model:	call manager	scope:	eq	version:	3.3(5)	Trust: 0.3
vendor:	cisco	model:	call manager es25	scope:	eq	version:	3.3	Trust: 0.3
vendor:	cisco	model:	call manager es61	scope:	eq	version:	3.3	Trust: 0.3
vendor:	cisco	model:	call manager	scope:	eq	version:	3.3(3)	Trust: 0.3
vendor:	cisco	model:	call manager	scope:	eq	version:	3.1(2)	Trust: 0.3
vendor:	cisco	model:	call manager	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	call manager sr2	scope:	ne	version:	4.1	Trust: 0.3
vendor:	cisco	model:	call manager sr1	scope:	ne	version:	4.1	Trust: 0.3
vendor:	cisco	model:	call manager es24	scope:	ne	version:	4.1	Trust: 0.3
vendor:	cisco	model:	call manager es07	scope:	ne	version:	4.1	Trust: 0.3
vendor:	cisco	model:	call manager es50	scope:	ne	version:	4.1	Trust: 0.3
vendor:	cisco	model:	call manager es33	scope:	ne	version:	4.1	Trust: 0.3
vendor:	cisco	model:	call manager sr2c	scope:	ne	version:	4.0	Trust: 0.3
vendor:	cisco	model:	call manager sr2b	scope:	ne	version:	4.0	Trust: 0.3
vendor:	cisco	model:	call manager es56	scope:	ne	version:	4.0	Trust: 0.3
vendor:	cisco	model:	call manager es40	scope:	ne	version:	4.0	Trust: 0.3
vendor:	cisco	model:	call manager sr1a	scope:	ne	version:	3.3	Trust: 0.3
vendor:	cisco	model:	call manager es24	scope:	ne	version:	3.3	Trust: 0.3
vendor:	cisco	model:	call manager	scope:	ne	version:	3.3(5)	Trust: 0.3
vendor:	cisco	model:	call manager es25	scope:	ne	version:	3.3	Trust: 0.3
vendor:	cisco	model:	call manager es61	scope:	ne	version:	3.3	Trust: 0.3

sources: BID: 16295 // JVNDB: JVNDB-2006-003845 // CNNVD: CNNVD-200601-276 // NVD: CVE-2006-0368

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2006-0368
value:	HIGH
Trust: 1.0
NVD:	CVE-2006-0368
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200601-276
value:	HIGH
Trust: 0.6
VULHUB:	VHN-16476
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2006-0368
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-16476
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-16476 // JVNDB: JVNDB-2006-003845 // CNNVD: CNNVD-200601-276 // NVD: CVE-2006-0368

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-0368

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200601-276

TYPE

Design Error

Trust: 0.9

sources: BID: 16295 // CNNVD: CNNVD-200601-276

CONFIGURATIONS

sources: JVNDB: JVNDB-2006-003845

PATCH

title:

18494

url:

http://secunia.com/advisories/18494

Trust: 0.8

sources: JVNDB: JVNDB-2006-003845

EXTERNAL IDS

db:	NVD	id:	CVE-2006-0368	Trust: 2.5
db:	BID	id:	16295	Trust: 2.0
db:	SECUNIA	id:	18494	Trust: 1.8
db:	VUPEN	id:	ADV-2006-0249	Trust: 1.7
db:	OSVDB	id:	22622	Trust: 1.7
db:	OSVDB	id:	22623	Trust: 1.7
db:	SECTRACK	id:	1015503	Trust: 1.7
db:	SREASON	id:	359	Trust: 1.7
db:	JVNDB	id:	JVNDB-2006-003845	Trust: 0.8
db:	CNNVD	id:	CNNVD-200601-276	Trust: 0.7
db:	XF	id:	24180	Trust: 0.6
db:	CISCO	id:	20060118 CISCO CALL MANAGER DENIAL OF SERVICE	Trust: 0.6
db:	VULHUB	id:	VHN-16476	Trust: 0.1
db:	PACKETSTORM	id:	43184	Trust: 0.1

sources: VULHUB: VHN-16476 // BID: 16295 // JVNDB: JVNDB-2006-003845 // PACKETSTORM: 43184 // CNNVD: CNNVD-200601-276 // NVD: CVE-2006-0368

REFERENCES

url:	http://www.cisco.com/warp/public/707/cisco-sa-20060118-ccmdos.shtml	Trust: 2.1
url:	http://www.securityfocus.com/bid/16295	Trust: 1.7
url:	http://www.osvdb.org/22622	Trust: 1.7
url:	http://www.osvdb.org/22623	Trust: 1.7
url:	http://securitytracker.com/id?1015503	Trust: 1.7
url:	http://secunia.com/advisories/18494	Trust: 1.7
url:	http://securityreason.com/securityalert/359	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2006/0249	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/24180	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-0368	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-0368	Trust: 0.8
url:	http://www.frsirt.com/english/advisories/2006/0249	Trust: 0.6
url:	http://xforce.iss.net/xforce/xfdb/24180	Trust: 0.6
url:	http://www.cisco.com/en/us/products/sw/voicesw/ps556/index.html	Trust: 0.3
url:	http://www.cisco.com/en/us/products/products_security_advisory09186a00804c0c26.shtml	Trust: 0.3
url:	http://secunia.com/product/2805/	Trust: 0.1
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://www.cisco.com/warp/public/707/cisco-sa-20060118-ccmdos.shtml#software	Trust: 0.1
url:	http://secunia.com/advisories/18494/	Trust: 0.1
url:	http://secunia.com/product/5363/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

sources: VULHUB: VHN-16476 // BID: 16295 // JVNDB: JVNDB-2006-003845 // PACKETSTORM: 43184 // CNNVD: CNNVD-200601-276 // NVD: CVE-2006-0368

CREDITS

Cisco Security bulletin

Trust: 0.6

sources: CNNVD: CNNVD-200601-276

SOURCES

db:	VULHUB	id:	VHN-16476
db:	BID	id:	16295
db:	JVNDB	id:	JVNDB-2006-003845
db:	PACKETSTORM	id:	43184
db:	CNNVD	id:	CNNVD-200601-276
db:	NVD	id:	CVE-2006-0368

LAST UPDATE DATE

2024-08-14T15:25:38.309000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-16476	date:	2017-07-20T00:00:00
db:	BID	id:	16295	date:	2006-02-07T20:54:00
db:	JVNDB	id:	JVNDB-2006-003845	date:	2014-03-11T00:00:00
db:	CNNVD	id:	CNNVD-200601-276	date:	2006-01-24T00:00:00
db:	NVD	id:	CVE-2006-0368	date:	2017-07-20T01:29:42.097

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-16476	date:	2006-01-22T00:00:00
db:	BID	id:	16295	date:	2006-01-18T00:00:00
db:	JVNDB	id:	JVNDB-2006-003845	date:	2014-03-11T00:00:00
db:	PACKETSTORM	id:	43184	date:	2006-01-19T17:33:40
db:	CNNVD	id:	CNNVD-200601-276	date:	2006-01-22T00:00:00
db:	NVD	id:	CVE-2006-0368	date:	2006-01-22T20:03:00