CiscoWorks IPM CORBA GIOP请求远程溢出漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1180603 漏洞类型 缓冲区溢出
发布时间 2010-01-20 更新时间 2010-01-21
CVE编号 CVE-2010-0138 CNNVD-ID CNNVD-201001-234
漏洞平台 N/A CVSS评分 10.0
|漏洞来源
https://www.securityfocus.com/bid/37879
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201001-234
|漏洞详情
CiscoWorks网间性能监控(IPM)是用于度量网络响应时间和可用性的故障排除应用程序。Windows平台的CiscoWorksIPM在处理CORBAGIOP请求时存在缓冲区溢出漏洞,未经认证的远程攻击者可以通过发送特制的CORBAGIOP请求触发异常,导致在受影响的Windows系统中以SYSTEM权限执行任意代码。
|受影响的产品
Cisco Internetwork Performance Monitor Server 2.4 Cisco CiscoWorks Internetwork Performance Monitor (IPM) 2.6 Cisco CiscoWorks Internetwork Performance Monitor (IPM) 2.5
|参考资料

来源:XF
名称:cisco-ipm-corba-bo(55768)
链接:http://xforce.iss.net/xforce/xfdb/55768
来源:MISC
链接:http://www.zerodayinitiative.com/advisories/ZDI-10-004/
来源:VUPEN
名称:ADV-2010-0184
链接:http://www.vupen.com/english/advisories/2010/0184
来源:BID
名称:37879
链接:http://www.securityfocus.com/bid/37879
来源:CISCO
名称:20100120CiscoWorksInternetworkPerformanceMonitorCORBAGIOPOverflowVulnerability
链接:http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1351d.shtml
来源:SECTRACK
名称:1023484
链接:http://securitytracker.com/id?1023484
来源:SECUNIA
名称:38230
链接:http://secunia.com/advisories/38230
来源:NSFOCUS
名称:14382
链接:http://www.nsfocus.net/vulndb/14382