Preview Tool

Cisco Bug: CSCus15583 - CUCM: Race Condition During the Installation Process for RPM

Last Modified

Jan 29, 2017

Products (1)

  • Cisco Unified Communications Manager (CallManager)

Known Affected Releases

10.0(1.10000.24) 10.5(1.10000.7) 10.5(2.10000.5) 8.6(2.10000.30) 9.1(2.10000.28)

Description (partial)

Cisco Unified Communications Manager (CallManager) includes a version of the RPM pacakge manager that is
affected by the vulnerabilities identified by the following Common Vulnerability and Exposures (CVE) IDs:

CVE-2013-6435: Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via
a crafted RPM file whose installation extracts the contents to temporary files before validating the
signature, as demonstrated by installing a file in the /etc/cron.d directory. This has been classified by the
vendor as having a CVSSv2 score of 7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P)

This bug was opened to address the potential impact on this product.

Running version of the software prior to the Known Fixed Releases
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.