Cisco Unified Communications Manager Remote Denial of Service and Buffer Overflow Vulnerabilities
BID:26105
Info
Cisco Unified Communications Manager Remote Denial of Service and Buffer Overflow Vulnerabilities
| Bugtraq ID: | 26105 |
| Class: | Unknown |
| CVE: |
CVE-2007-5537 CVE-2007-5538 |
| Remote: | Yes |
| Local: | No |
| Published: | Oct 17 2007 12:00AM |
| Updated: | Oct 31 2007 07:36PM |
| Credit: | These issues were disclosed by the vendor. |
| Vulnerable: |
Cisco Unified Communications Manager 6.0 (1a) Cisco Unified Communications Manager 6.0 Cisco Unified Communications Manager 5.1(2b) Cisco Unified Communications Manager 5.1(2a) Cisco Unified Communications Manager 5.1(2) Cisco Unified Communications Manager 5.1(1) Cisco Unified CallManager 5.1 Cisco Unified CallManager 5.0(4a)SU1 Cisco Unified CallManager 5.0(4) Cisco Unified CallManager 5.0(3a) Cisco Unified CallManager 5.0(3) Cisco Unified CallManager 5.0(2) Cisco Unified CallManager 5.0(1) Cisco Unified CallManager 5.0 |
| Not Vulnerable: |
Cisco Unified Communications Manager 6.0(1) |
Discussion
Cisco Unified Communications Manager Remote Denial of Service and Buffer Overflow Vulnerabilities
Cisco Unified Communications Manager is prone to a denial-of-service vulnerability and a buffer-overflow vulnerability.
Successfully exploiting these issues allows remote attackers to crash affected devices by triggering kernel panics or to execute arbitrary machine code. These issues facilitate the complete remote compromise of affected devices.
Versions of Cisco Unified Communications Manager in the 5 and 6 series prior to 6.0(1) are affected by these issues.
Cisco Unified Communications Manager is prone to a denial-of-service vulnerability and a buffer-overflow vulnerability.
Successfully exploiting these issues allows remote attackers to crash affected devices by triggering kernel panics or to execute arbitrary machine code. These issues facilitate the complete remote compromise of affected devices.
Versions of Cisco Unified Communications Manager in the 5 and 6 series prior to 6.0(1) are affected by these issues.
Exploit / POC
Cisco Unified Communications Manager Remote Denial of Service and Buffer Overflow Vulnerabilities
An attacker can use standard network tools to exploit the denial-of-service issue.
Currently we are not aware of any exploits for the buffer-overflow issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
An attacker can use standard network tools to exploit the denial-of-service issue.
Currently we are not aware of any exploits for the buffer-overflow issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution / Fix
Cisco Unified Communications Manager Remote Denial of Service and Buffer Overflow Vulnerabilities
Solution:
The vendor released updates and an advisory to address these issues. Please see the referenced advisory for more information.
Solution:
The vendor released updates and an advisory to address these issues. Please see the referenced advisory for more information.
References
Cisco Unified Communications Manager Remote Denial of Service and Buffer Overflow Vulnerabilities
References:
References: