Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:25099
HistoryNov 09, 2010 - 12:00 a.m.

nSense-2010-003: Cisco Unified Communications Manager

2010-11-0900:00:00
vulners.com
54
JSON
   nSense Vulnerability Research Security Advisory NSENSE-2010-003
   ---------------------------------------------------------------

   Affected Vendor:    Cisco Systems, Inc
   Affected Product:   Cisco Unified Communications Manager
   Platform:           All
   Impact:             Privilege Escalation
   Vendor response:    Patch. IntelliShield ID 21656
   CVE:                CVE-2010-3039
   Credit:             Knud / nSense

   Technical details
   ---------------------------------------------------------------

   Cisco Unified Communications Manager contains a setuid binary
   which fails to validate command line arguments. A local user
   can leverage this vulnerability to gain root access by
   supplying suitable arguments to the binary.

   The application also contains unsafe function calls, such as
   sprintf().

   Proof of concept:
   /usr/local/cm/bin/pktCap_protectData -i";id"

   Timeline:
   Aug 21st            Contacted vendor PSIRT
   Aug 23rd            Vendor response. Vulnerability acknowledged
   Aug 23rd            More information sent to vendor
   Sep 2nd             Status update request sent to vendor
   Sep 2nd             Vendor response
   Sep 3rd             Vendor response. More information provided.
   Sep 22nd            Status update request sent to vendor
   Sep 22nd            Vendor response
   Sep 23rd            Vendor response. New release date suggested
   Sep 23rd            Agreed to the October 20th release date
   Sep 23rd            Vendor response
   Oct 6th             Requested schedule information from vendor
   Oct 6th             Vendor response. New release date suggested
   Oct 6th             Sent counterproposal to vendor
   Oct 6th             Vendor response. Requested Wednesday release
   Oct 7th             Agreed to the new release date
   Oct 7th             Vendor response
   Nov 3rd             Vendor confirms release and sends link
   Nov 5th             Advisory published

   A thank you to Matthew Cerha / Cisco PSIRT for the coordination
   effort.

   "Remember, remember the Fifth of November"

   Links:
   http://tools.cisco.com/security/center/viewAlert.x?alertId=21656

   http://www.nsense.fi                       http://www.nsense.dk



   $$s$$$$s.   ,s$$$$s   ,S$$$$$s.  $$s$$$$s.   ,s$$$$s   ,S$$$$$s.
   $$$  `$$$  ($$(       $$$  `$$$  $$$  `$$$  ($$(       $$$  `$$$
   $$$   $$$    `^$$s.   $$$$$$$$$  $$$   $$$    `^$$s.   $$$$$$$$$
   $$$   $$$       )$$)  $$$        $$$   $$$       )$$)  $$$
   $$$   $$$  ^$$$$$$7    `7$$$$$P  $$$   $$$  ^$$$$$$7   `7$$$$$P

                  D r i v e n   b y   t h e   c h a l l e n g e _

Related

prion 1
securityvulns 1
packetstorm 1
cve 1
prion
prion
Design/Logic Flaw
2010-11-09 21:00:00
securityvulns
securityvulns
Cisco Unified Communications Manager shell characters vulnerability
2010-11-09 00:00:00
packetstorm
packetstorm
Cisco Unified Communications Manager Privilege Escalation
2010-11-05 00:00:00
cve
cve
CVE-2010-3039
2010-11-09 21:00:00
JSON
Related for SECURITYVULNS:DOC:25099
prion1securityvulns1packetstorm1cve1