Guest

Preview Tool

Cisco Bug: CSCun08414 - Kernel Privilege Escalation and Info Leak Vulnerabilities

Last Modified

Jan 30, 2020

Products (1)

  • Cisco Unified Communications Manager (CallManager)

Known Affected Releases

10.0(1.10000.26)

Description (partial)

Symptoms:
Cisco Unified  Call Manager includes  a version of  the Linux Kernel that  is affected by  the vulnerabilities
identified by the following Common Vulnerability and Exposures (CVE) IDs:

CVE-2013-2929: The Linux  kernel before 3.12.2 does  not properly use the get_dumpable  function, which allows
local users to bypass intended ptrace restrictions or obtain sensitive information from IA64 scratch registers
via a  crafted application, related  to kernel/ptrace.c  and arch/ia64/include/asm/processor.h. This  has been
classified by the vendor as having a CVSSv2 score of 3.3 (AV:L/AC:M/AU:N/C:P/I:P/A:N)

CVE-2013-6381: Buffer overflow  in the qeth_snmp_command function in  drivers/s390/net/qeth_core_main.c in the
Linux kernel through 3.12.1 allows local users to cause a denial of service or possibly have unspecified other
impact via an SNMP ioctl call with a length  value that is incompatible with the command-buffer size. This has
been classified by the vendor as having a CVSSv2 score of 6.8 (AV:L/AC:L/AU:S/C:C/I:C/A:C)

CVE-2013-7263: The Linux  kernel before 3.12.4 updates  certain length values before  ensuring that associated
data structures have  been initialized, which allows  local users to obtain sensitive  information from kernel
stack  memory via  a (1)  recvfrom, (2)  recvmmsg, or  (3) recvmsg  system call,  related to  net/ipv4/ping.c,
net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c. This  has been classified by the vendor as
having a CVSSv2 score of 4.9 (AV:L/AC:L/AU:N/C:C/I:N/A:N)

CVE-2013-7265: The pn_recvmsg  function in net/phonet/datagram.c in  the Linux kernel before  3.12.4 updates a
certain length  value before ensuring  that an  associated data structure  has been initialized,  which allows
local users to obtain sensitive information from kernel stack  memory via a (1) recvfrom, (2) recvmmsg, or (3)
recvmsg  system  call.   This   has  been  classified  by  the  vendor  as  having   a  CVSSv2  score  of  4.9
(AV:L/AC:L/AU:N/C:C/I:N/A:N)

This bug was opened to address the potential impact on this product.

Conditions:
Running an affected version of Call Manager
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.