Cisco Unified Communications Manager Invalid Argument Privilege Escalation Vulnerability

ID: 65205
CVE: None
Download vulnerable application: None
nSense Vulnerability Research Security Advisory NSENSE-2010-003

       Affected Vendor:    Cisco Systems, Inc
       Affected Product:   Cisco Unified Communications Manager
       Platform:           All
       Impact:             Privilege Escalation
       Vendor response:    Patch. IntelliShield ID 21656
       CVE:                CVE-2010-3039
       Credit:             Knud / nSense

       Technical details

       Cisco Unified Communications Manager contains a setuid binary
       which fails to validate command line arguments. A local user
       can leverage this vulnerability to gain root access by
       supplying suitable arguments to the binary.

       The application also contains unsafe function calls, such as

       Proof of concept:
       /usr/local/cm/bin/pktCap_protectData -i";id"

       Aug 21st            Contacted vendor PSIRT
       Aug 23rd            Vendor response. Vulnerability acknowledged
       Aug 23rd            More information sent to vendor
       Sep 2nd             Status update request sent to vendor
       Sep 2nd             Vendor response
       Sep 3rd             Vendor response. More information provided.
       Sep 22nd            Status update request sent to vendor
       Sep 22nd            Vendor response
       Sep 23rd            Vendor response. New release date suggested
       Sep 23rd            Agreed to the October 20th release date
       Sep 23rd            Vendor response
       Oct 6th             Requested schedule information from vendor
       Oct 6th             Vendor response. New release date suggested
       Oct 6th             Sent counterproposal to vendor
       Oct 6th             Vendor response. Requested Wednesday release
       Oct 7th             Agreed to the new release date
       Oct 7th             Vendor response
       Nov 3rd             Vendor confirms release and sends link
       Nov 5th             Advisory published

       A thank you to Matthew Cerha / Cisco PSIRT for the coordination

       "Remember, remember the Fifth of November"


       $$s$$$$s.   ,s$$$$s   ,S$$$$$s.  $$s$$$$s.   ,s$$$$s   ,S$$$$$s.
       $$$  `$$$  ($$(       $$$  `$$$  $$$  `$$$  ($$(       $$$  `$$$
       $$$   $$$    `^$$s.   $$$$$$$$$  $$$   $$$    `^$$s.   $$$$$$$$$
       $$$   $$$       )$$)  $$$        $$$   $$$       )$$)  $$$
       $$$   $$$  ^$$$$$$7    `7$$$$$P  $$$   $$$  ^$$$$$$7   `7$$$$$P

                      D r i v e n   b y   t h e   c h a l l e n g e _
1-4-2 (www01)