CVE-2008-1742

Vulnerability from cvelistv5

Published

2008-05-16 06:54

Modified

2024-08-07 08:32

Severity ?

Summary

References

▼	URL	Tags
	ykramarz@cisco.com	http://secunia.com/advisories/30238
	ykramarz@cisco.com	http://securitytracker.com/id?1020022
	ykramarz@cisco.com	http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml
	ykramarz@cisco.com	http://www.securityfocus.com/bid/29221
	ykramarz@cisco.com	http://www.vupen.com/english/advisories/2008/1533
	ykramarz@cisco.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/42410
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30238
	af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1020022
	af854a3a-2127-422b-91ae-364da2661108	http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/29221
	af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1533
	af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/42410

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T08:32:01.253Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20080514 Cisco Unified Communications Manager Denial of Service Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml"
          },
          {
            "name": "cucm-ctlprovider-dos(42410)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42410"
          },
          {
            "name": "ADV-2008-1533",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1533"
          },
          {
            "name": "29221",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/29221"
          },
          {
            "name": "30238",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30238"
          },
          {
            "name": "1020022",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1020022"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-05-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Memory leak in the Certificate Trust List (CTL) Provider service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) allows remote attackers to cause a denial of service (memory consumption and service interruption) via a series of malformed TCP packets, as demonstrated by TCPFUZZ, aka Bug ID CSCsj80609."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20080514 Cisco Unified Communications Manager Denial of Service Vulnerabilities",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml"
        },
        {
          "name": "cucm-ctlprovider-dos(42410)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42410"
        },
        {
          "name": "ADV-2008-1533",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1533"
        },
        {
          "name": "29221",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/29221"
        },
        {
          "name": "30238",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30238"
        },
        {
          "name": "1020022",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1020022"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2008-1742",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Memory leak in the Certificate Trust List (CTL) Provider service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) allows remote attackers to cause a denial of service (memory consumption and service interruption) via a series of malformed TCP packets, as demonstrated by TCPFUZZ, aka Bug ID CSCsj80609."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20080514 Cisco Unified Communications Manager Denial of Service Vulnerabilities",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml"
            },
            {
              "name": "cucm-ctlprovider-dos(42410)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42410"
            },
            {
              "name": "ADV-2008-1533",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1533"
            },
            {
              "name": "29221",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/29221"
            },
            {
              "name": "30238",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30238"
            },
            {
              "name": "1020022",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1020022"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2008-1742",
    "datePublished": "2008-05-16T06:54:00",
    "dateReserved": "2008-04-11T00:00:00",
    "dateUpdated": "2024-08-07T08:32:01.253Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1E29A61E-334B-4F95-9B47-8F53A4DB3EB0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:4.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E6C20851-DC17-4E89-A6C1-D1B52D47608F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:4.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"577571D6-AC59-4A43-B9A5-7B6FC6D2046C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:5.1:\\\\(1\\\\):*:*:*:*:*:*\", \"matchCriteriaId\": \"B860F1E1-E295-4B71-B396-14286611EA36\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:5.1:\\\\(2\\\\):*:*:*:*:*:*\", \"matchCriteriaId\": \"E194E6EC-282D-4C8E-96E3-00D64FCD8C6C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:5.1:\\\\(2a\\\\):*:*:*:*:*:*\", \"matchCriteriaId\": \"5B2EA451-EE18-440A-924A-556A2EC74300\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:5.1:\\\\(2b\\\\):*:*:*:*:*:*\", \"matchCriteriaId\": \"8950C510-38F3-4040-8871-C085DDECF5B3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:5.1:\\\\(3a\\\\):*:*:*:*:*:*\", \"matchCriteriaId\": \"7101A008-3F3C-4ABB-B4FC-25BDA8809C87\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"819AE879-5BF9-494E-8905-1E1E867EB5A9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:6.0:\\\\(1\\\\):*:*:*:*:*:*\", \"matchCriteriaId\": \"156F822A-08CB-4EE2-9054-18F649D96C39\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:6.0:\\\\(1a\\\\):*:*:*:*:*:*\", \"matchCriteriaId\": \"53CBD1E5-46C6-4F31-867A-118227EB0473\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:6.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6BC6EF34-D23D-45CA-A907-A47993CC061E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:6.1:\\\\(1a\\\\):*:*:*:*:*:*\", \"matchCriteriaId\": \"8E8F77F9-05C3-4B66-9022-7B227F97978C\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Memory leak in the Certificate Trust List (CTL) Provider service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) allows remote attackers to cause a denial of service (memory consumption and service interruption) via a series of malformed TCP packets, as demonstrated by TCPFUZZ, aka Bug ID CSCsj80609.\"}, {\"lang\": \"es\", \"value\": \"Fugas de memoria en el servicio Certificate Trust List (CTL) Provider de Cisco Unified Communications Manager (CUCM) 5.x versiones anteriores a 5.1(3) permite a atacantes remotos provocar una denegaci\\u00f3n de servicio (consumo excesivo de memoria e interrupci\\u00f3n del servicio) a trav\\u00e9s de una serie de paquetes TCP malformados, como lo demostrado por TCPFUZZ, tambi\\u00e9n conocido como Bug ID CSCsj80609.\"}]",
      "id": "CVE-2008-1742",
      "lastModified": "2024-11-21T00:45:13.583",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:C\", \"baseScore\": 7.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2008-05-16T12:54:00.000",
      "references": "[{\"url\": \"http://secunia.com/advisories/30238\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://securitytracker.com/id?1020022\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://www.securityfocus.com/bid/29221\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/1533\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/42410\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://secunia.com/advisories/30238\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securitytracker.com/id?1020022\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/29221\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/1533\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/42410\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "ykramarz@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-399\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-1742\",\"sourceIdentifier\":\"ykramarz@cisco.com\",\"published\":\"2008-05-16T12:54:00.000\",\"lastModified\":\"2024-11-21T00:45:13.583\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Memory leak in the Certificate Trust List (CTL) Provider service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) allows remote attackers to cause a denial of service (memory consumption and service interruption) via a series of malformed TCP packets, as demonstrated by TCPFUZZ, aka Bug ID CSCsj80609.\"},{\"lang\":\"es\",\"value\":\"Fugas de memoria en el servicio Certificate Trust List (CTL) Provider de Cisco Unified Communications Manager (CUCM) 5.x versiones anteriores a 5.1(3) permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo excesivo de memoria e interrupci\u00f3n del servicio) a trav\u00e9s de una serie de paquetes TCP malformados, como lo demostrado por TCPFUZZ, tambi\u00e9n conocido como Bug ID CSCsj80609.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:C\",\"baseScore\":7.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-399\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1E29A61E-334B-4F95-9B47-8F53A4DB3EB0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E6C20851-DC17-4E89-A6C1-D1B52D47608F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"577571D6-AC59-4A43-B9A5-7B6FC6D2046C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:5.1:\\\\(1\\\\):*:*:*:*:*:*\",\"matchCriteriaId\":\"B860F1E1-E295-4B71-B396-14286611EA36\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:5.1:\\\\(2\\\\):*:*:*:*:*:*\",\"matchCriteriaId\":\"E194E6EC-282D-4C8E-96E3-00D64FCD8C6C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:5.1:\\\\(2a\\\\):*:*:*:*:*:*\",\"matchCriteriaId\":\"5B2EA451-EE18-440A-924A-556A2EC74300\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:5.1:\\\\(2b\\\\):*:*:*:*:*:*\",\"matchCriteriaId\":\"8950C510-38F3-4040-8871-C085DDECF5B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:5.1:\\\\(3a\\\\):*:*:*:*:*:*\",\"matchCriteriaId\":\"7101A008-3F3C-4ABB-B4FC-25BDA8809C87\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"819AE879-5BF9-494E-8905-1E1E867EB5A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:6.0:\\\\(1\\\\):*:*:*:*:*:*\",\"matchCriteriaId\":\"156F822A-08CB-4EE2-9054-18F649D96C39\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:6.0:\\\\(1a\\\\):*:*:*:*:*:*\",\"matchCriteriaId\":\"53CBD1E5-46C6-4F31-867A-118227EB0473\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6BC6EF34-D23D-45CA-A907-A47993CC061E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:6.1:\\\\(1a\\\\):*:*:*:*:*:*\",\"matchCriteriaId\":\"8E8F77F9-05C3-4B66-9022-7B227F97978C\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/30238\",\"source\":\"ykramarz@cisco.com\"},{\"url\":\"http://securitytracker.com/id?1020022\",\"source\":\"ykramarz@cisco.com\"},{\"url\":\"http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml\",\"source\":\"ykramarz@cisco.com\"},{\"url\":\"http://www.securityfocus.com/bid/29221\",\"source\":\"ykramarz@cisco.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/1533\",\"source\":\"ykramarz@cisco.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/42410\",\"source\":\"ykramarz@cisco.com\"},{\"url\":\"http://secunia.com/advisories/30238\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1020022\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/29221\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/1533\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/42410\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CVE-2008-1742

Vulnerability from fkie_nvd

Published

2008-05-16 12:54

Modified

2024-11-21 00:45

Severity ?

Summary

References

▼	URL	Tags
	ykramarz@cisco.com	http://secunia.com/advisories/30238
	ykramarz@cisco.com	http://securitytracker.com/id?1020022
	ykramarz@cisco.com	http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml
	ykramarz@cisco.com	http://www.securityfocus.com/bid/29221
	ykramarz@cisco.com	http://www.vupen.com/english/advisories/2008/1533
	ykramarz@cisco.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/42410
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30238
	af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1020022
	af854a3a-2127-422b-91ae-364da2661108	http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/29221
	af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1533
	af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/42410

Impacted products

Vendor	Product	Version
cisco	unified_communications_manager	4.1
cisco	unified_communications_manager	4.2
cisco	unified_communications_manager	4.3
cisco	unified_communications_manager	5.1
cisco	unified_communications_manager	5.1
cisco	unified_communications_manager	5.1
cisco	unified_communications_manager	5.1
cisco	unified_communications_manager	5.1
cisco	unified_communications_manager	6.0
cisco	unified_communications_manager	6.0
cisco	unified_communications_manager	6.0
cisco	unified_communications_manager	6.1
cisco	unified_communications_manager	6.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E29A61E-334B-4F95-9B47-8F53A4DB3EB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6C20851-DC17-4E89-A6C1-D1B52D47608F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "577571D6-AC59-4A43-B9A5-7B6FC6D2046C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:5.1:\\(1\\):*:*:*:*:*:*",
              "matchCriteriaId": "B860F1E1-E295-4B71-B396-14286611EA36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:5.1:\\(2\\):*:*:*:*:*:*",
              "matchCriteriaId": "E194E6EC-282D-4C8E-96E3-00D64FCD8C6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:5.1:\\(2a\\):*:*:*:*:*:*",
              "matchCriteriaId": "5B2EA451-EE18-440A-924A-556A2EC74300",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:5.1:\\(2b\\):*:*:*:*:*:*",
              "matchCriteriaId": "8950C510-38F3-4040-8871-C085DDECF5B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:5.1:\\(3a\\):*:*:*:*:*:*",
              "matchCriteriaId": "7101A008-3F3C-4ABB-B4FC-25BDA8809C87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "819AE879-5BF9-494E-8905-1E1E867EB5A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:6.0:\\(1\\):*:*:*:*:*:*",
              "matchCriteriaId": "156F822A-08CB-4EE2-9054-18F649D96C39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:6.0:\\(1a\\):*:*:*:*:*:*",
              "matchCriteriaId": "53CBD1E5-46C6-4F31-867A-118227EB0473",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BC6EF34-D23D-45CA-A907-A47993CC061E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:6.1:\\(1a\\):*:*:*:*:*:*",
              "matchCriteriaId": "8E8F77F9-05C3-4B66-9022-7B227F97978C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Memory leak in the Certificate Trust List (CTL) Provider service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) allows remote attackers to cause a denial of service (memory consumption and service interruption) via a series of malformed TCP packets, as demonstrated by TCPFUZZ, aka Bug ID CSCsj80609."
    },
    {
      "lang": "es",
      "value": "Fugas de memoria en el servicio Certificate Trust List (CTL) Provider de Cisco Unified Communications Manager (CUCM) 5.x versiones anteriores a 5.1(3) permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo excesivo de memoria e interrupci\u00f3n del servicio) a trav\u00e9s de una serie de paquetes TCP malformados, como lo demostrado por TCPFUZZ, tambi\u00e9n conocido como Bug ID CSCsj80609."
    }
  ],
  "id": "CVE-2008-1742",
  "lastModified": "2024-11-21T00:45:13.583",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-05-16T12:54:00.000",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "url": "http://secunia.com/advisories/30238"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://securitytracker.com/id?1020022"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://www.securityfocus.com/bid/29221"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://www.vupen.com/english/advisories/2008/1533"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42410"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/30238"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1020022"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/29221"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/1533"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42410"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-pg7h-qxx2-2q2c

Vulnerability from github

Published

2022-05-01 23:42

Modified

2022-05-01 23:42

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-1742"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-05-16T12:54:00Z",
    "severity": "HIGH"
  },
  "details": "Memory leak in the Certificate Trust List (CTL) Provider service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) allows remote attackers to cause a denial of service (memory consumption and service interruption) via a series of malformed TCP packets, as demonstrated by TCPFUZZ, aka Bug ID CSCsj80609.",
  "id": "GHSA-pg7h-qxx2-2q2c",
  "modified": "2022-05-01T23:42:59Z",
  "published": "2022-05-01T23:42:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1742"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42410"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/30238"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1020022"
    },
    {
      "type": "WEB",
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/29221"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/1533"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Memory leak in the Certificate Trust List (CTL) Provider service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) allows remote attackers to cause a denial of service (memory consumption and service interruption) via a series of malformed TCP packets, as demonstrated by TCPFUZZ, aka Bug ID CSCsj80609. TCPFUZZ A series of deliberately created, as demonstrated by TCP Service disruption via packets (DoS) There is a possibility of being put into a state. The problem is Bug ID : CSCsj80609 It is a problem.Please refer to the “Overview” for the impact of this vulnerability. These issues affect the following components: Certificate Trust List (CTL) Provider Certificate Authority Proxy Function (CAPF) Session Initiation Protocol (SIP) Simple Network Management Protocol (SNMP) Trap An attacker can exploit these issues to cause denial-of-service conditions in the affected application. ----------------------------------------------------------------------

Secunia Network Software Inspector 2.0 (NSI) - Public Beta

The Public Beta has ended. Thanks to all that participated.

This vulnerability is reported in version 5.x.

2) Another error within the CTL Provider service can be exploited to consume large amounts of memory resources via a series of specially crafted packets sent to default port 2444/TCP.

This vulnerability is reported in versions 5.x and 6.x.

This vulnerability is reported in versions 4.1, 4.2, and 4.3.

This vulnerability is reported in versions 5.x and 6.x.

This vulnerability is reported in versions 4.1, 4.2, 4.3, 5.x, and 6.x.

SOLUTION: Update to the fixed versions.

PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.

ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20080514-cucmdos.shtml

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. These vulnerabilities were discovered internally by Cisco. Workarounds that mitigate some of these vulnerabilities are available.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080514-cucmdos.shtml. The software version can also be determined by running the command show version active via the command line interface (CLI). No other Cisco products are currently known to be affected by these vulnerabilities.

Details

Cisco Unified Communications Manager is the call processing component of the Cisco IP Telephony solution that extends enterprise telephony features and functions to packet telephony network devices, such as IP phones, media processing devices, voice-over-IP (VoIP) gateways, and multimedia applications. The CTL Provider service listens by default on TCP port 2444 and is user configurable. The CTL Provider service is enabled by default. There is a workaround for this vulnerability. The CTL Provider service listens by default on TCP port 2444 and is user configurable. There is a workaround for this vulnerability. The CAPF service listens by default on TCP port 3804 and is user configurable. The CAPF service is disabled by default. There is a workaround for this vulnerability.

SIP-Related Vulnerabilities

Cisco Unified Communications Manager versions 5.x and 6.x contain a vulnerability in the handling of malformed SIP JOIN messages that may result in a DoS condition. There is no workaround for this vulnerability. There is no workaround for this vulnerability. There is no workaround for this vulnerability. The SNMP Trap Agent service listens by default on UDP port 61441. There is a workaround for this vulnerability.

Vulnerability Scoring Details

Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0.

CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response.

Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks.

Cisco has provided an FAQ to answer additional questions regarding CVSS at:

http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html

Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at:

http://intellishield.cisco.com/security/alertmanager/cvss

CSCsj80609 - Memory Leak Due to TCPFUZZ on Port 2444 (CTLProvider)

CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete