Guest

Preview Tool

Cisco Bug: CSCuq45984 - PCA: NSCD Vulnerabilities

Last Modified

Aug 06, 2018

Products (2)

  • Cisco Prime Collaboration
  • Cisco Prime Collaboration 10.6

Known Affected Releases

10.6

Description (partial)

Symptoms:
Cisco Prime Collaboration Manager contains a version of GNU C library (GNU libc) that is affected by the
vulnerabilities identified by the following Common Vulnerability and Exposures (CVE) IDs:

CVE-2009-5029: Integer overflow in the __tzfile_read function in glibc before 2.15 allows context-dependent
attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted timezone (TZ)
file, as demonstrated using vsftpd. This has been classified by the vendor as having a CVSSv2 score of 6.8
(AV:N/AC:M/AU:N/C:P/I:P/A:P)

CVE-2009-5064: ldd in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows local users to gain
privileges via a Trojan horse executable file linked with a modified loader that omits certain
LD_TRACE_LOADED_OBJECTS checks. NOTE: the GNU C Library vendor states ''This is just nonsense. There are a
gazillion other ways to introduce code if people are downloading arbitrary binaries and install them in
appropriate directories or set LD_LIBRARY_PATH etc.'' This has been classified by the vendor as having a CVSSv2
score of 4.1 (AV:L/AC:M/Au:S/C:P/I:P/A:P)

CVE-2010-0296: The encode_name macro in misc/mntent_r.c in the GNU C Library (aka glibc or libc6) 2.11.1 and
earlier, as used by ncpmount and mount.cifs, does not properly handle newline characters in mountpoint names,
which allows local users to cause a denial of service (mtab corruption), or possibly modify mount options and
gain privileges, via a crafted mount request. This has been classified by the vendor as having a CVSSv2 score
of 6.6 (AV:L/AC:M/Au:S/C:C/I:C/A:C)

CVE-2010-0830: Integer signedness error in the elf_get_dynamic_info function in elf/dynamic-link.h in ld.so in
the GNU C Library (aka glibc or libc6) 2.0.1 through 2.11.1, when the --verify option is used, allows
user-assisted remote attackers to execute arbitrary code via a crafted ELF program with a negative value for a
certain d_tag structure member in the ELF header. This has been classified by the vendor as having a CVSSv2
score of 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVE-2010-3847: elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) through 2.11.2, and 2.12.x
through 2.12.1, does not properly handle a value of $ORIGIN for the LD_AUDIT environment variable, which
allows local users to gain privileges via a crafted dynamic shared object (DSO) located in an arbitrary
directory. This has been classified by the vendor as having a CVSSv2 score of 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVE-2010-3856: ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does
not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as
audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a trusted
library directory, as demonstrated by libpcprofile.so. This has been classified by the vendor as having a
CVSSv2 score of 6.6 (AV:L/AC:M/Au:S/C:C/I:C/A:C)

CVE-2011-0536: Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain modified versions
of the GNU C Library (aka glibc or libc6), including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red
Hat Enterprise Linux, allow local users to gain privileges via a crafted dynamic shared object (DSO) in a
subdirectory of the current working directory during execution of a (1) setuid or (2) setgid program that has
$ORIGIN in (a) RPATH or (b) RUNPATH within the program itself or a referenced library. NOTE: this issue exists
because of an incorrect fix for CVE-2010-3847. This has been classified by the vendor as having a CVSSv2 score
of 6.8 (AV:L/AC:L/Au:S/C:C/I:C/A:C)

CVE-2011-1071: The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC (EGLIBC) allow
context-dependent attackers to execute arbitrary code or cause a denial of service (memory consumption) via a
long UTF8 string that is used in an fnmatch call, aka a ''stack extension attack,'' a related issue to
CVE-2010-2898, CVE-2010-1917, and CVE-2007-4782, as originally reported for use of this library by Google
Chrome. This has been classified by the vendor as having a CVSSv2 score of 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2011-1089: The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and earlier does not
report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local
users to trigger corruption of this file, as demonstrated by writes from a process with a small RLIMIT_FSIZE
value, a different vulnerability than CVE-2010-0296. This has been classified by the vendor as having a CVSSv2
score of 4.3 (AV:L/AC:L/Au:S/C:P/I:P/A:P)

CVE-2011-1095: locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) before 2.13 does
not quote its output, which might allow local users to gain privileges via a crafted localization environment
variable, in conjunction with a program that executes a script that uses the eval function. This has been
classified by the vendor as having a CVSSv2 score of 4.3 (AV:L/AC:L/Au:S/C:P/I:P/A:P)

CVE-2011-1658: ld.so in the GNU C Library (aka glibc or libc6) 2.13 and earlier expands the $ORIGIN dynamic
string token when RPATH is composed entirely of this token, which might allow local users to gain privileges
by creating a hard link in an arbitrary directory to a (1) setuid or (2) setgid program with this RPATH value,
and then executing the program with a crafted value for the LD_PRELOAD environment variable, a different
vulnerability than CVE-2010-3847 and CVE-2011-0536. NOTE: it is not expected that any standard
operating-system distribution would ship an applicable setuid or setgid program. This has been classified by
the vendor as having a CVSSv2 score of 3.7 (AV:L/AC:H/AU:N/C:P/I:P/A:P)

CVE-2011-1659: Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier
allows context-dependent attackers to cause a denial of service (application crash) via a long UTF8 string
that is used in an fnmatch call with a crafted pattern argument, a different vulnerability than
CVE-2011-1071. This has been classified by the vendor as having a CVSSv2 score of 7.8
(AV:N/AC:L/Au:N/C:N/I:N/A:C)

CVE-2011-4609: The svc_run function in the RPC implementation in glibc before 2.15 allows remote attackers to
cause a denial of service (CPU consumption) via a large number of RPC connections. This has been classified by
the vendor as having a CVSSv2 score of 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)

CVE-2012-3406: The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and
probably other versions does not ''properly restrict the use of'' the alloca function when allocating the SPECS
array, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection
mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string
using positional parameters and a large number of format specifiers, a different vulnerability than
CVE-2012-3404 and CVE-2012-3405. This has been classified by the vendor as having a CVSSv2 score of 6.8
(AV:N/AC:M/AU:N/C:P/I:P/A:P)

CVE-2012-3480: Multiple integer overflows in the (1) strtod, (2) strtof, (3) strtold, (4) strtod_l, and other
unspecified ''related functions'' in stdlib in GNU C Library (aka glibc or libc6) 2.16 allow local users to
cause a denial of service (application crash) and possibly execute arbitrary code via a long string, which
triggers a stack-based buffer overflow. This has been classified by the vendor as having a CVSSv2 score of 4.6
(AV:L/AC:L/AU:N/C:P/I:P/A:P)

CVE-2013-0242: Buffer overflow in the extend_buffers function in the regular expression matcher
(posix/regexec.c) in glibc, possibly 2.17 and earlier, allows context-dependent attackers to cause a denial of
service (memory corruption and crash) via crafted multibyte characters. This has been classified by the vendor
as having a CVSSv2 score of 5.0 (AV:N/AC:L/AU:N/C:N/I:N/A:P)

CVE-2013-1914: Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C
Library (aka glibc or libc6) 2.17 and earlier allows remote attackers to cause a denial of service (crash) via
a (1) hostname or (2) IP address that triggers a large number of domain conversion results. This has been
classified by the vendor as having a CVSSv2 score of 5.0 (AV:N/AC:L/AU:N/C:N/I:N/A:P)

CVE-2013-4332: Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18
and earlier allow context-dependent attackers to cause a denial of service (heap corruption) via a large value
to the (1) pvalloc, (2) valloc, (3) posix_memalign, (4) memalign, or (5) aligned_alloc functions. This has
been classified by the vendor as having a CVSSv2 score of 4.1 (AV:L/AC:M/Au:S/C:P/I:P/A:P)

This bug was opened to address the potential impact on this product.

Conditions:
Running version of the software prior to the Known Fixed Releases
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.