NVD Vulnerability Detail

CVE-2006-5277

Summary	Off-by-one error in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via a crafted packet that triggers a heap-based buffer overflow.
Publication Date	July 16, 2007, 6:30 a.m.
Registration Date	Jan. 29, 2021, 3:47 p.m.
Last Update	Oct. 18, 2018, 2:51 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:cisco:unified_callmanager::::::::	3.3	3.3\(5\)sr2
cpe:2.3:a:cisco:unified_callmanager::::::::	4.1	4.1\(3\)sr4
cpe:2.3:a:cisco:unified_callmanager::::::::	4.2	4.2\(3\)sr1
cpe:2.3:a:cisco:unified_callmanager:5.0:::::::*
cpe:2.3:a:cisco:unified_communications_manager::::::::	4.3	4.3\(1\)
cpe:2.3:a:cisco:unified_communications_manager::::::::	5.1	5.1\(1\)

Related information, measures and tools

No	URL	refsource	タグ
1	http://secunia.com/advisories/26043	SECUNIA	Third Party Advisory
2	http://securitytracker.com/id?1018369	SECTRACK	Third Party Advisory VDB Entry
3	http://www.cisco.com/warp/public/707/cisco-sa-20070711-cucm.shtml	CISCO	Vendor Advisory
4	http://www.iss.net/threats/270.html	ISS	Broken Link
5	http://www.osvdb.org/36122	OSVDB	Broken Link
6	http://www.securityfocus.com/bid/24868	BID	Third Party Advisory VDB Entry
7	http://www.vupen.com/english/advisories/2007/2512	VUPEN	Permissions Required Third Party Advisory
8	https://exchange.xforce.ibmcloud.com/vulnerabilities/31437	XF	Third Party Advisory VDB Entry

Common Vulnerabilities List

JVN Vulnerability Information

CUCM の CTL Provider サービスにおける任意のコードを実行される脆弱性

Title	CUCM の CTL Provider サービスにおける任意のコードを実行される脆弱性
Summary	Cisco Unified Communications Manager (CUCM、前 CallManager) の Certificate Trust List (CTL) Provider サービス (CTLProvider.exe) は、一づれエラーが発生するため、任意のコードを実行される脆弱性が存在します。
Possible impacts	第三者により、巧妙に細工されたパケットを介して、ヒープベースバッファのオーバフローを誘発され、任意のコードを実行される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	July 11, 2007, midnight
Registration Date	June 26, 2012, 3:37 p.m.
Last Update	June 26, 2012, 3:37 p.m.

Affected System

シスコシステムズ

Cisco Unified CallManager 200707111 未満

Cisco Unified Communications Manager 200707111 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2006-5277	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5277
National Vulnerability Database (NVD)
2	CVE-2006-5277	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-5277

ベンダー情報

No	Name	URL
Cisco
1	cisco-sa-20070711-cucm	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20070711-cucm

Change Log

No	Changed Details	Date of change
0	[2012年06月26日] 掲載	Feb. 17, 2018, 10:37 a.m.