Информационная безопасность
[RU] switch to English


Дополнительная информация

  Проблема шел-символов в Cisco Unified Communications Manager

From:Henri Lindberg <henri+lists_(at)_nsense.fi>
Date:9 ноября 2010 г.
Subject:nSense-2010-003: Cisco Unified Communications Manager

      nSense Vulnerability Research Security Advisory NSENSE-2010-003
      ---------------------------------------------------------------

      Affected Vendor:    Cisco Systems, Inc
      Affected Product:   Cisco Unified Communications Manager
      Platform:           All
      Impact:             Privilege Escalation
      Vendor response:    Patch. IntelliShield ID 21656
      CVE:                CVE-2010-3039
      Credit:             Knud / nSense

      Technical details
      ---------------------------------------------------------------

      Cisco Unified Communications Manager contains a setuid binary
      which fails to validate command line arguments. A local user
      can leverage this vulnerability to gain root access by
      supplying suitable arguments to the binary.

      The application also contains unsafe function calls, such as
      sprintf().

      Proof of concept:
      /usr/local/cm/bin/pktCap_protectData -i";id"

      Timeline:
      Aug 21st            Contacted vendor PSIRT
      Aug 23rd            Vendor response. Vulnerability acknowledged
      Aug 23rd            More information sent to vendor
      Sep 2nd             Status update request sent to vendor
      Sep 2nd             Vendor response
      Sep 3rd             Vendor response. More information provided.
      Sep 22nd            Status update request sent to vendor
      Sep 22nd            Vendor response
      Sep 23rd            Vendor response. New release date suggested
      Sep 23rd            Agreed to the October 20th release date
      Sep 23rd            Vendor response
      Oct 6th             Requested schedule information from vendor
      Oct 6th             Vendor response. New release date suggested
      Oct 6th             Sent counterproposal to vendor
      Oct 6th             Vendor response. Requested Wednesday release
      Oct 7th             Agreed to the new release date
      Oct 7th             Vendor response
      Nov 3rd             Vendor confirms release and sends link
      Nov 5th             Advisory published

      A thank you to Matthew Cerha / Cisco PSIRT for the coordination
      effort.

      "Remember, remember the Fifth of November"

      Links:
      http://tools.cisco.com/security/center/viewAlert.x?alertId=21656

      http://www.nsense.fi                       http://www.nsense.dk



      $$s$$$$s.   ,s$$$$s   ,S$$$$$s.  $$s$$$$s.   ,s$$$$s   ,S$$$$$s.
      $$$  `$$$  ($$(       $$$  `$$$  $$$  `$$$  ($$(       $$$  `$$$
      $$$   $$$    `^$$s.   $$$$$$$$$  $$$   $$$    `^$$s.   $$$$$$$$$
      $$$   $$$       )$$)  $$$        $$$   $$$       )$$)  $$$
      $$$   $$$  ^$$$$$$7    `7$$$$$P  $$$   $$$  ^$$$$$$7   `7$$$$$P

                     D r i v e n   b y   t h e   c h a l l e n g e _

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород