Sign-up

ID

VAR-200607-0355


CVE

CVE-2006-3594


TITLE

CUCM Vulnerable to buffer overflow

Trust: 0.8

sources: JVNDB: JVNDB-2006-002754

DESCRIPTION

Buffer overflow in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows remote attackers to execute arbitrary code via a long hostname in a SIP request, aka bug CSCsd96542. Cisco Unified CallManager is susceptible to multiple remote vulnerabilities. Cisco Unified CallManager is the software-based call-processing component of the Cisco IP telephony solution. Cisco Unified CallManager supports both SCCP and SIP telephony, which allows migration to SIP while still protecting investments in existing equipment. ---------------------------------------------------------------------- Hardcore Disassembler / Reverse Engineer Wanted! Want to work with IDA and BinDiff? Want to write PoC's and Exploits? Your nationality is not important. We will get you a work permit, find an apartment, and offer a relocation compensation package. http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: Cisco Unified CallManager Multiple Vulnerabilities SECUNIA ADVISORY ID: SA21030 VERIFY ADVISORY: http://secunia.com/advisories/21030/ CRITICAL: Highly critical IMPACT: Privilege escalation, DoS, System access WHERE: >From remote SOFTWARE: Cisco Unified CallManager 5.x http://secunia.com/product/11019/ DESCRIPTION: Some vulnerabilities have been reported in Cisco Unified CallManager, which can be exploited by malicious, local users to gain escalated privileges or by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. 1) Errors in various CLI commands can be exploited by an authenticated administrator to break out of the CLI environment and execute arbitrary Linux commands with root privileges. 2) An unspecified error makes it possible to for an authenticated administrator to overwrite arbitrary files or folders with output of CLI commands. Successful exploitation causes a DoS or allows execution of arbitrary code. The vulnerabilities have been reported in versions 5.0(1), 5.0(2), 5.0(3), and 5.0(3a). SOLUTION: Update to version 5.0(4) or later. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20060712-cucm.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2006-3594 // JVNDB: JVNDB-2006-002754 // BID: 18952 // VULHUB: VHN-19702 // PACKETSTORM: 48213

AFFECTED PRODUCTS

vendor:ciscomodel:unified callmanagerscope:eqversion:5.0\(1\)

Trust: 1.6

vendor:ciscomodel:unified callmanagerscope:eqversion:5.0\(2\)

Trust: 1.6

vendor:ciscomodel:unified callmanagerscope:eqversion:5.0\(3a\)

Trust: 1.6

vendor:ciscomodel:unified callmanagerscope:eqversion:5.0\(3\)

Trust: 1.6

vendor:ciscomodel:unified callmanagerscope:eqversion:5.0(1) to 5.0(3a)

Trust: 0.8

vendor:ciscomodel:unified callmanager 5.0scope: - version: -

Trust: 0.3

vendor:ciscomodel:unified callmanagerscope:eqversion:5.0(3)

Trust: 0.3

vendor:ciscomodel:unified callmanagerscope:eqversion:5.0(2)

Trust: 0.3

vendor:ciscomodel:unified callmanagerscope:eqversion:5.0(1)

Trust: 0.3

vendor:ciscomodel:unified callmanagerscope:neversion:5.0(4)

Trust: 0.3

sources: BID: 18952 // JVNDB: JVNDB-2006-002754 // CNNVD: CNNVD-200607-261 // NVD: CVE-2006-3594

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-3594
value: HIGH

Trust: 1.0

NVD: CVE-2006-3594
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200607-261
value: HIGH

Trust: 0.6

VULHUB: VHN-19702
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2006-3594
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-19702
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-19702 // JVNDB: JVNDB-2006-002754 // CNNVD: CNNVD-200607-261 // NVD: CVE-2006-3594

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-3594

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200607-261

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200607-261

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2006-002754

PATCH
title:cisco-sa-20060712-cucmurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20060712-cucm
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2006-002754

EXTERNAL IDS
db:NVDid:CVE-2006-3594
Trust: 2.8
db:BIDid:18952
Trust: 2.0
db:SECUNIAid:21030
Trust: 1.8
db:SECTRACKid:1016475
Trust: 1.7
db:OSVDBid:27162
Trust: 1.7
db:VUPENid:ADV-2006-2774
Trust: 1.7
db:JVNDBid:JVNDB-2006-002754
Trust: 0.8
db:CNNVDid:CNNVD-200607-261
Trust: 0.7
db:CISCOid:20060712 MULTIPLE CISCO UNIFIED CALLMANAGER VULNERABILITIES
Trust: 0.6
db:XFid:27691
Trust: 0.6
db:VULHUBid:VHN-19702
Trust: 0.1
db:PACKETSTORMid:48213
Trust: 0.1
sources:
            
            
            VULHUB: VHN-19702 // 
            
            
            
            BID: 18952 // 
            
            
            
            JVNDB: JVNDB-2006-002754 // 
            
            
            
            PACKETSTORM: 48213 // 
            
            
            
            CNNVD: CNNVD-200607-261 // 
            
            
            
            NVD: CVE-2006-3594

REFERENCES
url:http://www.cisco.com/warp/public/707/cisco-sa-20060712-cucm.shtml
Trust: 2.1
url:http://www.securityfocus.com/bid/18952
Trust: 1.7
url:http://www.osvdb.org/27162
Trust: 1.7
url:http://securitytracker.com/id?1016475
Trust: 1.7
url:http://secunia.com/advisories/21030
Trust: 1.7
url:http://www.vupen.com/english/advisories/2006/2774
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/27691
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3594
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-3594
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/27691
Trust: 0.6
url:http://www.frsirt.com/english/advisories/2006/2774
Trust: 0.6
url:http://www.cisco.com/en/us/products/sw/voicesw/ps556/index.html
Trust: 0.3
url:http://secunia.com/advisories/21030/
Trust: 0.1
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/hardcore_disassembler_and_reverse_engineer/
Trust: 0.1
url:http://secunia.com/product/11019/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-19702 // 
            
            
            
            BID: 18952 // 
            
            
            
            JVNDB: JVNDB-2006-002754 // 
            
            
            
            PACKETSTORM: 48213 // 
            
            
            
            CNNVD: CNNVD-200607-261 // 
            
            
            
            NVD: CVE-2006-3594

CREDITS
Cisco Security bulletin
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200607-261

SOURCES
db:VULHUBid:VHN-19702
db:BIDid:18952
db:JVNDBid:JVNDB-2006-002754
db:PACKETSTORMid:48213
db:CNNVDid:CNNVD-200607-261
db:NVDid:CVE-2006-3594

LAST UPDATE DATE
2024-08-14T13:50:44.408000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-19702date:2017-07-20T00:00:00
db:BIDid:18952date:2016-07-05T21:38:00
db:JVNDBid:JVNDB-2006-002754date:2012-12-20T00:00:00
db:CNNVDid:CNNVD-200607-261date:2006-07-19T00:00:00
db:NVDid:CVE-2006-3594date:2017-07-20T01:32:25.680

SOURCES RELEASE DATE
db:VULHUBid:VHN-19702date:2006-07-18T00:00:00
db:BIDid:18952date:2006-07-12T00:00:00
db:JVNDBid:JVNDB-2006-002754date:2012-12-20T00:00:00
db:PACKETSTORMid:48213date:2006-07-13T17:58:07
db:CNNVDid:CNNVD-200607-261date:2006-07-18T00:00:00
db:NVDid:CVE-2006-3594date:2006-07-18T15:37:00