CVE-2010-3040 – Cisco ICM Setup Manager Agent.exe HandleUpgradeTrace Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-3040
Multiple stack-based buffer overflows in agent.exe in Setup Manager in Cisco Intelligent Contact Manager (ICM) before 7.0 allow remote attackers to execute arbitrary code via a long parameter in a (1) HandleUpgradeAll, (2) AgentUpgrade, (3) HandleQueryNodeInfoReq, or (4) HandleUpgradeTrace TCP packet, aka Bug IDs CSCti45698, CSCti45715, CSCti45726, and CSCti46164. Múltiples desbordamientos de búfer basados en pila en Setup Manager en Cisco Intelligent Contact Manager (ICM) anterior v7.0 permite a atacantes remotos ejecutar código de su elección a través de un parámetro largo en un paquete (1) HandleUpgradeAll, (2) AgentUpgrade, (3) HandleQueryNodeInfoReq, o (4) HandleUpgradeTrace TCP, también conocidos como Bug IDs CSCti45698, CSCti45715, CSCti45726, y CSCti46164. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco ICM. Authentication is not required to exploit this vulnerability. The flaw exists within the Agent.exe component which listens by default on TCP port 40078. When handling the HandleUpgradeTrace packet type the process blindly copies user supplied data into a fixed-length buffer on the stack. • http://secunia.com/advisories/42146 http://securitytracker.com/id?1024693 http://tools.cisco.com/security/center/viewAlert.x?alertId=21726 http://www.securityfocus.com/bid/44699 http://www.vupen.com/english/advisories/2010/2914 http://www.zerodayinitiative.com/advisories/ZDI-10-232 http://www.zerodayinitiative.com/advisories/ZDI-10-233 http://www.zerodayinitiative.com/advisories/ZDI-10-234 http://www.zerodayinitiative.com/advisories/ZDI-10-235 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2005-0356 – TCP TIMESTAMPS - Denial of Service
https://notcve.org/view.php?id=CVE-2005-0356
Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old. • https://www.exploit-db.com/exploits/1008 ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:15.tcp.asc ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.64/SCOSA-2005.64.txt http://secunia.com/advisories/15393 http://secunia.com/advisories/15417 http://secunia.com/advisories/18222 http://secunia.com/advisories/18662 http://support.avaya.com/elmodocs2/security/ASA-2006-032.htm http://www.cisco.com/warp/public/707/cisco-sn-20050518-tcpts.shtml http:/& •