Memory leak in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5b)su3, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (memory consumption and process failure) via a malformed SIP message, aka Bug ID CSCti42904.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Unified_communications_manager | Cisco | 6.0 (including) | 6.0 (including) |
| Unified_communications_manager | Cisco | 6.1(1) (including) | 6.1(1) (including) |
| Unified_communications_manager | Cisco | 6.1(1a) (including) | 6.1(1a) (including) |
| Unified_communications_manager | Cisco | 6.1(1b) (including) | 6.1(1b) (including) |
| Unified_communications_manager | Cisco | 6.1(2) (including) | 6.1(2) (including) |
| Unified_communications_manager | Cisco | 6.1(2)su1 (including) | 6.1(2)su1 (including) |
| Unified_communications_manager | Cisco | 6.1(2)su1a (including) | 6.1(2)su1a (including) |
| Unified_communications_manager | Cisco | 6.1(3) (including) | 6.1(3) (including) |
| Unified_communications_manager | Cisco | 6.1(3a) (including) | 6.1(3a) (including) |
| Unified_communications_manager | Cisco | 6.1(3b) (including) | 6.1(3b) (including) |
| Unified_communications_manager | Cisco | 6.1(3b)su1 (including) | 6.1(3b)su1 (including) |
| Unified_communications_manager | Cisco | 6.1(4) (including) | 6.1(4) (including) |
| Unified_communications_manager | Cisco | 6.1(4)su1 (including) | 6.1(4)su1 (including) |
| Unified_communications_manager | Cisco | 6.1(4a) (including) | 6.1(4a) (including) |
| Unified_communications_manager | Cisco | 6.1(4a)su2 (including) | 6.1(4a)su2 (including) |
| Unified_communications_manager | Cisco | 6.1(5) (including) | 6.1(5) (including) |
| Unified_communications_manager | Cisco | 6.1(5)su1 (including) | 6.1(5)su1 (including) |
| Unified_communications_manager | Cisco | 6.1(5)su2 (including) | 6.1(5)su2 (including) |
References
- http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.html
- http://secunia.com/advisories/44331
- http://www.cisco.com/en/US/products/products_security_advisory09186a0080b79904.shtml
- http://www.securityfocus.com/bid/47609
- http://www.securitytracker.com/id?1025449
- http://www.vupen.com/english/advisories/2011/1122
- https://exchange.xforce.ibmcloud.com/vulnerabilities/67122
- http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.html
- http://secunia.com/advisories/44331
- http://www.cisco.com/en/US/products/products_security_advisory09186a0080b79904.shtml
- http://www.securityfocus.com/bid/47609
- http://www.securitytracker.com/id?1025449
- http://www.vupen.com/english/advisories/2011/1122
- https://exchange.xforce.ibmcloud.com/vulnerabilities/67122