Info

Disclosure

Jul 12, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

A remote overflow exists in Cisco Unified CallManager. The product fails to validate SIP requests resulting in a buffer overflow. With a specially crafted request which includes an excessively long hostname, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Upgrade to version 5.0(4) or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Cisco Systems, Inc.	Unified CallManager	5.0(1)
		5.0(2)
		5.0(3)
		5.0(3a)

References

Security Tracker: 1016475
CVE ID: 2006-3594 (see also: NVD)
Secunia Advisory ID: 21030
Related OSVDB ID: 27160 27161
ISS X-Force ID: 27691
VUPEN Advisory: ADV-2006-2774
Keyword: CSCsd96542
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-07/0149.html
Vendor Specific Advisory URL: http://www.cisco.com/warp/public/707/cisco-sa-20060712-cucm.shtml

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/27162

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Cisco Systems, Inc.

Unified CallManager

References

Credit