CVE-2006-5277
https://notcve.org/view.php?id=CVE-2006-5277
Off-by-one error in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via a crafted packet that triggers a heap-based buffer overflow. Error de superación de límite (off-by-one) en el servicio Certificate Trust List (CTL) Provider (CTLProvider.exe) de Cisco Unified Communications Manager (CUCM, anteriormente CallManager) anterior al 11/07/2007 permite a atacantes remotos ejecutar código de su elección mediante un paquete manipulado que dispara un desbordamiento de búfer basado en montículo. • http://secunia.com/advisories/26043 http://securitytracker.com/id?1018369 http://www.cisco.com/warp/public/707/cisco-sa-20070711-cucm.shtml http://www.iss.net/threats/270.html http://www.osvdb.org/36122 http://www.securityfocus.com/bid/24868 http://www.vupen.com/english/advisories/2007/2512 https://exchange.xforce.ibmcloud.com/vulnerabilities/31437 •
CVE-2007-1833
https://notcve.org/view.php?id=CVE-2007-1833
The Skinny Call Control Protocol (SCCP) implementation in Cisco Unified CallManager (CUCM) 3.3 before 3.3(5)SR2a, 4.1 before 4.1(3)SR4, 4.2 before 4.2(3)SR1, and 5.0 before 5.0(4a)SU1 allows remote attackers to cause a denial of service (loss of voice services) by sending crafted packets to the (1) SCCP (2000/tcp) or (2) SCCPS (2443/tcp) port. La implementación del protocolo Skinny Call Control (SCCP) para el Cisco Unified CallManager (CUCM) 3.3 anterior al 3.3(5)SR2a, 4.1 anterior al 4.1(3)SR4, 4.2 anterior al 4.2(3)SR1 y 5.0 anterior al 5.0(4a)SU1 permite a atacantes remotos provocar una denegación de servicio (pérdida del servicio de voz) mediante el envío de paquetes modificados al puerto (1) SCCP (2000/tcp) o (2) SCCPS (2443/tcp). • http://secunia.com/advisories/24665 http://securitytracker.com/id?1017826 http://www.cisco.com/warp/public/707/cisco-sa-20070328-voip.shtml http://www.securityfocus.com/bid/23181 http://www.vupen.com/english/advisories/2007/1144 https://exchange.xforce.ibmcloud.com/vulnerabilities/33295 •