Sign-up

ID

VAR-200707-0339


CVE

CVE-2006-5278


TITLE

CUCM of RIS Data Collector Service integer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2007-001225

DESCRIPTION

Integer overflow in the Real-Time Information Server (RIS) Data Collector service (RisDC.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via crafted packets, resulting in a heap-based buffer overflow. An attacker can exploit these issues to execute arbitrary code within the context of the vulnerable application. Successful exploits may result in a complete compromise of affected servers. Failed exploit attempts will likely result in denial-of-service conditions. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution. ---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. The Full Featured Secunia Network Software Inspector (NSI) is now available: http://secunia.com/network_software_inspector/ The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications. ---------------------------------------------------------------------- TITLE: Cisco Unified Communications Manager Two Vulnerabilities SECUNIA ADVISORY ID: SA26043 VERIFY ADVISORY: http://secunia.com/advisories/26043/ CRITICAL: Moderately critical IMPACT: DoS, System access WHERE: >From local network SOFTWARE: Cisco Unified CallManager 5.x http://secunia.com/product/12535/ Cisco Unified CallManager 4.x http://secunia.com/product/12534/ Cisco Unified CallManager 3.x http://secunia.com/product/2805/ Cisco Unified Communications Manager 5.x http://secunia.com/product/11019/ Cisco Unified Communications Manager 4.x http://secunia.com/product/5363/ DESCRIPTION: Some vulnerabilities have been reported in Cisco Unified Communications Manager (CUCM), which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. 1) An off-by-one error in the Certificate Trust List Provider service (CTLProvider.exe) can be exploited to cause a heap-based buffer overflow by sending specially crafted packets to the vulnerable service (default port 2444/TCP). Note: This vulnerability does not affect CUCM 3.x. Successful exploitation may allow execution of arbitrary code. SOLUTION: Apply updated versions: Vulnerability #1 is corrected in CUCM versions 4.1(3)SR5, 4.2(3)SR2, 4.3(1)SR1 and 5.1(2). Vulnerability #2 is corrected in CUCM versions 3.3(5)SR2b, 4.1(3)SR5, 4.2(3)SR2, 4.3(1)SR1 and 5.1(2). See vendor advisory for a detailed patch matrix. PROVIDED AND/OR DISCOVERED BY: IBM Internet Security Systems X-Force ORIGINAL ADVISORY: Cisco: http://www.cisco.com/warp/public/707/cisco-sa-20070711-cucm.shtml IBM Internet Security Systems: 1) http://www.iss.net/threats/270.html 2) http://www.iss.net/threats/271.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2006-5278 // JVNDB: JVNDB-2007-001225 // BID: 24868 // VULHUB: VHN-21386 // PACKETSTORM: 57691

AFFECTED PRODUCTS

vendor:ciscomodel:unified callmanagerscope:eqversion:5.0

Trust: 1.9

vendor:ciscomodel:unified callmanagerscope:lteversion:5.1\(2\)

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:lteversion:4.3\(1\)

Trust: 1.0

vendor:ciscomodel:unified callmanagerscope:lteversion:4.1\(3\)sr4

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:gteversion:4.3

Trust: 1.0

vendor:ciscomodel:unified callmanagerscope:gteversion:5.1

Trust: 1.0

vendor:ciscomodel:unified callmanagerscope:lteversion:4.2\(3\)sr1

Trust: 1.0

vendor:ciscomodel:unified callmanagerscope:gteversion:4.2

Trust: 1.0

vendor:ciscomodel:unified callmanagerscope:gteversion:3.3

Trust: 1.0

vendor:ciscomodel:unified callmanagerscope:gteversion:4.1

Trust: 1.0

vendor:ciscomodel:unified callmanagerscope:lteversion:3.3\(5\)sr2

Trust: 1.0

vendor:ciscomodel:unified callmanagerscope:eqversion:4.2

Trust: 0.9

vendor:ciscomodel:unified callmanagerscope:ltversion:200707111

Trust: 0.8

vendor:ciscomodel:unified communications managerscope:ltversion:200707111

Trust: 0.8

vendor:ciscomodel:unified communications managerscope:eqversion:4.3

Trust: 0.6

vendor:ciscomodel:unified callmanagerscope:eqversion:4.2\(3\)sr1

Trust: 0.6

vendor:ciscomodel:unified communications managerscope:eqversion:5.1\(1\)

Trust: 0.6

vendor:ciscomodel:unified communications managerscope:eqversion:5.1

Trust: 0.6

vendor:ciscomodel:unified callmanagerscope:eqversion:4.1\(3\)sr4

Trust: 0.6

vendor:ciscomodel:unified communications managerscope:eqversion:4.3\(1\)

Trust: 0.6

vendor:ciscomodel:unified callmanagerscope:eqversion:3.3\(5\)sr2

Trust: 0.6

vendor:ciscomodel:unified communications managerscope:eqversion:5.1(2)

Trust: 0.3

vendor:ciscomodel:unified communications managerscope:eqversion:5.1(1)

Trust: 0.3

vendor:ciscomodel:unified communications manager 4.2 sr2scope: - version: -

Trust: 0.3

vendor:ciscomodel:unified callmanagerscope:eqversion:5.1

Trust: 0.3

vendor:ciscomodel:unified callmanager 5.0 su1scope: - version: -

Trust: 0.3

vendor:ciscomodel:unified callmanagerscope:eqversion:5.0(4)

Trust: 0.3

vendor:ciscomodel:unified callmanager 5.0scope: - version: -

Trust: 0.3

vendor:ciscomodel:unified callmanagerscope:eqversion:5.0(3)

Trust: 0.3

vendor:ciscomodel:unified callmanagerscope:eqversion:5.0(2)

Trust: 0.3

vendor:ciscomodel:unified callmanagerscope:eqversion:5.0(1)

Trust: 0.3

vendor:ciscomodel:unified callmanager 4.3 sr1scope: - version: -

Trust: 0.3

vendor:ciscomodel:unified callmanager 4.2 sr1scope: - version: -

Trust: 0.3

vendor:ciscomodel:unified callmanager 4.1 sr5scope: - version: -

Trust: 0.3

vendor:ciscomodel:unified callmanager 4.1 sr4scope: - version: -

Trust: 0.3

vendor:ciscomodel:unified callmanagerscope:eqversion:4.1

Trust: 0.3

vendor:ciscomodel:unified callmanagerscope:eqversion:4.0

Trust: 0.3

vendor:ciscomodel:unified callmanager 3.3 sr2ascope: - version: -

Trust: 0.3

vendor:ciscomodel:unified callmanagerscope:eqversion:3.3

Trust: 0.3

vendor:ciscomodel:call manager sr2scope:eqversion:4.1

Trust: 0.3

vendor:ciscomodel:call manager sr1scope:eqversion:4.1

Trust: 0.3

vendor:ciscomodel:call manager es32scope:eqversion:4.1

Trust: 0.3

vendor:ciscomodel:call manager es24scope:eqversion:4.1

Trust: 0.3

vendor:ciscomodel:call manager es07scope:eqversion:4.1

Trust: 0.3

vendor:ciscomodel:call manager es55scope:eqversion:4.1

Trust: 0.3

vendor:ciscomodel:call manager es50scope:eqversion:4.1

Trust: 0.3

vendor:ciscomodel:call manager es33scope:eqversion:4.1

Trust: 0.3

vendor:ciscomodel:call manager sr2cscope:eqversion:4.0

Trust: 0.3

vendor:ciscomodel:call manager sr2bscope:eqversion:4.0

Trust: 0.3

vendor:ciscomodel:call manager es62scope:eqversion:4.0

Trust: 0.3

vendor:ciscomodel:call manager es56scope:eqversion:4.0

Trust: 0.3

vendor:ciscomodel:call manager es40scope:eqversion:4.0

Trust: 0.3

vendor:ciscomodel:call managerscope:eqversion:4.0

Trust: 0.3

vendor:ciscomodel:call manager sr1ascope:eqversion:3.3

Trust: 0.3

vendor:ciscomodel:call manager es30scope:eqversion:3.3

Trust: 0.3

vendor:ciscomodel:call manager es24scope:eqversion:3.3

Trust: 0.3

vendor:ciscomodel:call managerscope:eqversion:3.3(5)

Trust: 0.3

vendor:ciscomodel:call manager es25scope:eqversion:3.3

Trust: 0.3

vendor:ciscomodel:call manager es61scope:eqversion:3.3

Trust: 0.3

vendor:ciscomodel:call managerscope:eqversion:3.3(3)

Trust: 0.3

vendor:ciscomodel:call managerscope:eqversion:3.3

Trust: 0.3

vendor:ciscomodel:call managerscope:eqversion:4.3(1)

Trust: 0.3

vendor:ciscomodel:call managerscope:eqversion:4.2(3)

Trust: 0.3

vendor:ciscomodel:call manager 4.1 sr4scope: - version: -

Trust: 0.3

vendor:ciscomodel:unified communications manager 5.1scope:neversion: -

Trust: 0.3

vendor:ciscomodel:unified communications manager 4.3 sr.1scope:neversion: -

Trust: 0.3

vendor:ciscomodel:unified communications manager sr2bscope:neversion:4.2

Trust: 0.3

vendor:ciscomodel:unified callmanager sr5bscope:neversion:4.1

Trust: 0.3

vendor:ciscomodel:unified callmanager 3.3 sr3scope:neversion: -

Trust: 0.3

sources: BID: 24868 // JVNDB: JVNDB-2007-001225 // CNNVD: CNNVD-200707-273 // NVD: CVE-2006-5278

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-5278
value: HIGH

Trust: 1.0

NVD: CVE-2006-5278
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200707-273
value: CRITICAL

Trust: 0.6

VULHUB: VHN-21386
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2006-5278
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-21386
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-21386 // JVNDB: JVNDB-2007-001225 // CNNVD: CNNVD-200707-273 // NVD: CVE-2006-5278

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-5278

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200707-273

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200707-273

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2007-001225

PATCH
title:cisco-sa-20070711-cucmurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20070711-cucm
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2007-001225

EXTERNAL IDS
db:NVDid:CVE-2006-5278
Trust: 2.8
db:BIDid:24868
Trust: 2.0
db:SECUNIAid:26043
Trust: 1.8
db:OSVDBid:36121
Trust: 1.7
db:VUPENid:ADV-2007-2512
Trust: 1.7
db:SECTRACKid:1018369
Trust: 1.7
db:JVNDBid:JVNDB-2007-001225
Trust: 0.8
db:CNNVDid:CNNVD-200707-273
Trust: 0.7
db:VULHUBid:VHN-21386
Trust: 0.1
db:PACKETSTORMid:57691
Trust: 0.1
sources:
            
            
            VULHUB: VHN-21386 // 
            
            
            
            BID: 24868 // 
            
            
            
            JVNDB: JVNDB-2007-001225 // 
            
            
            
            PACKETSTORM: 57691 // 
            
            
            
            CNNVD: CNNVD-200707-273 // 
            
            
            
            NVD: CVE-2006-5278

REFERENCES
url:http://www.cisco.com/warp/public/707/cisco-sa-20070711-cucm.shtml
Trust: 2.1
url:http://www.iss.net/threats/271.html
Trust: 1.8
url:http://www.securityfocus.com/bid/24868
Trust: 1.7
url:http://www.osvdb.org/36121
Trust: 1.7
url:http://securitytracker.com/id?1018369
Trust: 1.7
url:http://secunia.com/advisories/26043
Trust: 1.7
url:http://www.vupen.com/english/advisories/2007/2512
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/19057
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-5278
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-5278
Trust: 0.8
url:http://www.cisco.com/en/us/products/sw/voicesw/ps556/index.html
Trust: 0.3
url:http://secunia.com/product/2805/
Trust: 0.1
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/network_software_inspector/
Trust: 0.1
url:http://secunia.com/product/12534/
Trust: 0.1
url:http://www.iss.net/threats/270.html
Trust: 0.1
url:http://secunia.com/product/12535/
Trust: 0.1
url:http://secunia.com/product/5363/
Trust: 0.1
url:http://secunia.com/product/11019/
Trust: 0.1
url:http://secunia.com/advisories/26043/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-21386 // 
            
            
            
            BID: 24868 // 
            
            
            
            JVNDB: JVNDB-2007-001225 // 
            
            
            
            PACKETSTORM: 57691 // 
            
            
            
            CNNVD: CNNVD-200707-273 // 
            
            
            
            NVD: CVE-2006-5278

CREDITS
IBM ISS X-Force
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200707-273

SOURCES
db:VULHUBid:VHN-21386
db:BIDid:24868
db:JVNDBid:JVNDB-2007-001225
db:PACKETSTORMid:57691
db:CNNVDid:CNNVD-200707-273
db:NVDid:CVE-2006-5278

LAST UPDATE DATE
2024-11-23T22:43:21.512000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-21386date:2019-08-01T00:00:00
db:BIDid:24868date:2016-07-05T21:38:00
db:JVNDBid:JVNDB-2007-001225date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200707-273date:2019-08-05T00:00:00
db:NVDid:CVE-2006-5278date:2024-11-21T00:18:35.180

SOURCES RELEASE DATE
db:VULHUBid:VHN-21386date:2007-07-15T00:00:00
db:BIDid:24868date:2007-07-11T00:00:00
db:JVNDBid:JVNDB-2007-001225date:2012-06-26T00:00:00
db:PACKETSTORMid:57691date:2007-07-13T00:55:11
db:CNNVDid:CNNVD-200707-273date:2007-07-15T00:00:00
db:NVDid:CVE-2006-5278date:2007-07-15T22:30:00