Guest

Preview Tool

Cisco Bug: CSCus15583 - CUCM: Race Condition During the Installation Process for RPM

Last Modified

Jan 29, 2017

Products (1)

  • Cisco Unified Communications Manager (CallManager)

Known Affected Releases

10.0(1.10000.24) 10.5(1.10000.7) 10.5(2.10000.5) 8.6(2.10000.30) 9.1(2.10000.28)

Description (partial)

Symptom:
Cisco Unified Communications Manager (CallManager) includes a version of the RPM pacakge manager that is
affected by the vulnerabilities identified by the following Common Vulnerability and Exposures (CVE) IDs:

CVE-2013-6435: Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via
a crafted RPM file whose installation extracts the contents to temporary files before validating the
signature, as demonstrated by installing a file in the /etc/cron.d directory. This has been classified by the
vendor as having a CVSSv2 score of 7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P)

This bug was opened to address the potential impact on this product.

Conditions:
Running version of the software prior to the Known Fixed Releases
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.