RETIRED: Cisco Unified Communications Manager Local Heap Based Buffer Overflow Vulnerability
BID:69738
Info
RETIRED: Cisco Unified Communications Manager Local Heap Based Buffer Overflow Vulnerability
| Bugtraq ID: | 69738 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Sep 10 2014 12:00AM |
| Updated: | Oct 14 2014 12:00AM |
| Credit: | Cisco |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
RETIRED: Cisco Unified Communications Manager Local Heap Based Buffer Overflow Vulnerability
Cisco Unified Communications Manager is prone to a local heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.
Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in denial-of-service conditions.
This issue is being tracked by Cisco Bug ID CSCuq65975.
NOTE: This BID is being retired as it is a duplicate of BID 68983 (GNU glibc '__gconv_translit_find()' Function Local Heap Based Buffer Overflow Vulnerability).
Cisco Unified Communications Manager is prone to a local heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.
Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in denial-of-service conditions.
This issue is being tracked by Cisco Bug ID CSCuq65975.
NOTE: This BID is being retired as it is a duplicate of BID 68983 (GNU glibc '__gconv_translit_find()' Function Local Heap Based Buffer Overflow Vulnerability).
Exploit / POC
RETIRED: Cisco Unified Communications Manager Local Heap Based Buffer Overflow Vulnerability
Attackers can use standard commands to exploit this issue.
Attackers can use standard commands to exploit this issue.
Solution / Fix
RETIRED: Cisco Unified Communications Manager Local Heap Based Buffer Overflow Vulnerability
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
References
RETIRED: Cisco Unified Communications Manager Local Heap Based Buffer Overflow Vulnerability
References:
References:
- Cisco Homepage (Cisco )