lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <AANLkTimVCAO=-+rF43QmR8xUsxC=VSHMrvr1RwgYztwB@mail.gmail.com>
Date: Fri, 5 Nov 2010 17:01:10 +0200
From: Henri Lindberg <henri+fulldisclosure@...nse.fi>
To: full-disclosure@...ts.grok.org.uk
Subject: nSense-2010-003: Cisco Unified Communications
	Manager

       nSense Vulnerability Research Security Advisory NSENSE-2010-003
       ---------------------------------------------------------------

       Affected Vendor:    Cisco Systems, Inc
       Affected Product:   Cisco Unified Communications Manager
       Platform:           All
       Impact:             Privilege Escalation
       Vendor response:    Patch. IntelliShield ID 21656
       CVE:                CVE-2010-3039
       Credit:             Knud / nSense

       Technical details
       ---------------------------------------------------------------

       Cisco Unified Communications Manager contains a setuid binary
       which fails to validate command line arguments. A local user
       can leverage this vulnerability to gain root access by
       supplying suitable arguments to the binary.

       The application also contains unsafe function calls, such as
       sprintf().

       Proof of concept:
       /usr/local/cm/bin/pktCap_protectData -i";id"

       Timeline:
       Aug 21st            Contacted vendor PSIRT
       Aug 23rd            Vendor response. Vulnerability acknowledged
       Aug 23rd            More information sent to vendor
       Sep 2nd             Status update request sent to vendor
       Sep 2nd             Vendor response
       Sep 3rd             Vendor response. More information provided.
       Sep 22nd            Status update request sent to vendor
       Sep 22nd            Vendor response
       Sep 23rd            Vendor response. New release date suggested
       Sep 23rd            Agreed to the October 20th release date
       Sep 23rd            Vendor response
       Oct 6th             Requested schedule information from vendor
       Oct 6th             Vendor response. New release date suggested
       Oct 6th             Sent counterproposal to vendor
       Oct 6th             Vendor response. Requested Wednesday release
       Oct 7th             Agreed to the new release date
       Oct 7th             Vendor response
       Nov 3rd             Vendor confirms release and sends link
       Nov 5th             Advisory published

       A thank you to Matthew Cerha / Cisco PSIRT for the coordination
       effort.

       "Remember, remember the Fifth of November"

       Links:
       http://tools.cisco.com/security/center/viewAlert.x?alertId=21656

       http://www.nsense.fi                       http://www.nsense.dk



       $$s$$$$s.   ,s$$$$s   ,S$$$$$s.  $$s$$$$s.   ,s$$$$s   ,S$$$$$s.
       $$$  `$$$  ($$(       $$$  `$$$  $$$  `$$$  ($$(       $$$  `$$$
       $$$   $$$    `^$$s.   $$$$$$$$$  $$$   $$$    `^$$s.   $$$$$$$$$
       $$$   $$$       )$$)  $$$        $$$   $$$       )$$)  $$$
       $$$   $$$  ^$$$$$$7    `7$$$$$P  $$$   $$$  ^$$$$$$7   `7$$$$$P

                      D r i v e n   b y   t h e   c h a l l e n g e _

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ