Avaya Communication Manager Bugs Let Remote Users Access Information and Utiliites and Let Remote Authenticated Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1020374 |
|
SecurityTracker URL: http://securitytracker.com/id/1020374
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Jun 27 2008
|
Impact:
Disclosure of system information, Execution of arbitrary code via network, User access via network
|
Vendor Confirmed: Yes
|
Version(s): 3.1.x
|
Description:
Several vulnerabilities were reported in Avaya Communication Manager. A remote authenticated user can execute arbitrary code on the target system. A remote user can obtain potentially sensitive information and access certain utilities and applications.
A remote authenticated user on the Avaya SIP Enablement Service (SES) web administration interface can exploit flaws in the interface to execute code with root privileges.
A remote user can execute scripts from the objects folder and the states folder.
A remote user can execute a certain default application.
A remote user can access full system help.
A remote user can view application server configuration data.
A remote user can view the database server configuration.
A remote user can access a utility to decrypt subscriber and database passwords.
A remote user can access the certificate installation utility.
A remote authenticated user on the Avaya Communication Manager (CM) web administration interface can execute arbitrary system commands.
A remote authenticated user on the Avaya Messaging Storage Server (MSS) Messaging Administration interface can execute arbitrary system commands with 'vexvm' user privileges.
The original advisories are available at:
http://www.voipshield.com/research-details.php?id=76
http://www.voipshield.com/research-details.php?id=77
http://www.voipshield.com/research-details.php?id=78
http://www.voipshield.com/research-details.php?id=79
http://www.voipshield.com/research-details.php?id=80
http://www.voipshield.com/research-details.php?id=81
http://www.voipshield.com/research-details.php?id=82
http://www.voipshield.com/research-details.php?id=83
http://www.voipshield.com/research-details.php?id=84
http://www.voipshield.com/research-details.php?id=85
http://www.voipshield.com/research-details.php?id=86
http://www.voipshield.com/research-details.php?id=87
http://www.voipshield.com/research-details.php?id=88
http://www.voipshield.com/research-details.php?id=89
http://www.voipshield.com/research-details.php?id=90
http://www.voipshield.com/research-details.php?id=91
http://www.voipshield.com/research-details.php?id=92
http://www.voipshield.com/research-details.php?id=93
http://www.voipshield.com/research-details.php?id=94
http://www.voipshield.com/research-details.php?id=95
http://www.voipshield.com/research-details.php?id=96
http://www.voipshield.com/research-details.php?id=97
http://www.voipshield.com/research-details.php?id=98
http://www.voipshield.com/research-details.php?id=99
http://www.voipshield.com/research-details.php?id=100
http://www.voipshield.com/research-details.php?id=101
http://www.voipshield.com/research-details.php?id=102
http://www.voipshield.com/research-details.php?id=103
http://www.voipshield.com/research-details.php?id=104
VoIPshield reported these vulnerabilities.
|
Impact:
A remote authenticated user can execute arbitrary code on the target system.
A remote user can obtain potentially sensitive information and access certain utilities and applications.
|
Solution:
No solution was available at the time of this entry.
The vendor is working on a fix.
|
Vendor URL: www.avaya.com/ (Links to External Site)
|
Cause:
Access control error, Configuration error
|
Underlying OS:
|
|
Message History:
None.
|
Source Message Contents
|
Date: Thu, 26 Jun 2008 21:55:21 -0400
Subject: Avaya Communication Manager
|
http://www.voipshield.com/research-details.php?id=76
http://www.voipshield.com/research-details.php?id=77
http://www.voipshield.com/research-details.php?id=78
http://www.voipshield.com/research-details.php?id=79
http://www.voipshield.com/research-details.php?id=80
http://www.voipshield.com/research-details.php?id=81
http://www.voipshield.com/research-details.php?id=82
http://www.voipshield.com/research-details.php?id=83
http://www.voipshield.com/research-details.php?id=84
http://www.voipshield.com/research-details.php?id=85
http://www.voipshield.com/research-details.php?id=86
http://www.voipshield.com/research-details.php?id=87
http://www.voipshield.com/research-details.php?id=88
http://www.voipshield.com/research-details.php?id=89
http://www.voipshield.com/research-details.php?id=90
http://www.voipshield.com/research-details.php?id=91
http://www.voipshield.com/research-details.php?id=92
http://www.voipshield.com/research-details.php?id=93
http://www.voipshield.com/research-details.php?id=94
http://www.voipshield.com/research-details.php?id=95
http://www.voipshield.com/research-details.php?id=96
http://www.voipshield.com/research-details.php?id=97
http://www.voipshield.com/research-details.php?id=98
http://www.voipshield.com/research-details.php?id=99
http://www.voipshield.com/research-details.php?id=100
http://www.voipshield.com/research-details.php?id=101
http://www.voipshield.com/research-details.php?id=102
http://www.voipshield.com/research-details.php?id=103
http://www.voipshield.com/research-details.php?id=104
|
|
