CVE-2011-5096 - Vulnerability Details - OpenCVE

Stack-based buffer overflow in cstore.exe in the Media Application Server (MAS) in Avaya Aura Application Server 5300 (formerly Nortel Media Application Server) 1.x before 1.0.2 and 2.0 before Patch Bundle 10 allows remote attackers to execute arbitrary code via a crafted cs_anams parameter in a CONTENT_STORE_ADMIN_REQ packet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Avaya	Aura Application Server 5300

Configuration 1 [-]

OR	cpe:2.3:a:avaya:aura_application_server_5300:1.0:::::::*
	cpe:2.3:a:avaya:aura_application_server_5300:2.0:::::::*

No data.

References

Link	Providers
http://zerodayinitiative.com/advisories/ZDI-11-260/
https://downloads.avaya.com/css/P8/documents/100146108

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2012-07-03T21:00:00Z

Updated: 2024-09-17T00:06:20.564Z

Reserved: 2012-07-03T00:00:00Z

Link: CVE-2011-5096

Vulnrichment

No data.

NVD

Status : Modified

Published: 2012-07-03T21:55:01.317

Modified: 2024-11-21T01:33:37.540

Link: CVE-2011-5096

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in cstore.exe in the Media Application Server (MAS) in Avaya Aura Application Server 5300 (formerly Nortel Media Application Server) 1.x before 1.0.2 and 2.0 before Patch Bundle 10 allows remote attackers to execute arbitrary code via a crafted cs_anams parameter in a CONTENT_STORE_ADMIN_REQ packet."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2012-07-03T21:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://downloads.avaya.com/css/P8/documents/100146108"}, {"tags": ["x_refsource_MISC"], "url": "http://zerodayinitiative.com/advisories/ZDI-11-260/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-5096", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Stack-based buffer overflow in cstore.exe in the Media Application Server (MAS) in Avaya Aura Application Server 5300 (formerly Nortel Media Application Server) 1.x before 1.0.2 and 2.0 before Patch Bundle 10 allows remote attackers to execute arbitrary code via a crafted cs_anams parameter in a CONTENT_STORE_ADMIN_REQ packet."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://downloads.avaya.com/css/P8/documents/100146108", "refsource": "CONFIRM", "url": "https://downloads.avaya.com/css/P8/documents/100146108"}, {"name": "http://zerodayinitiative.com/advisories/ZDI-11-260/", "refsource": "MISC", "url": "http://zerodayinitiative.com/advisories/ZDI-11-260/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T00:23:40.165Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://downloads.avaya.com/css/P8/documents/100146108"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://zerodayinitiative.com/advisories/ZDI-11-260/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-5096", "datePublished": "2012-07-03T21:00:00Z", "dateReserved": "2012-07-03T00:00:00Z", "dateUpdated": "2024-09-17T00:06:20.564Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:avaya:aura_application_server_5300:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "ED5A80A1-A5EE-4451-A03F-36C513FBB199", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:aura_application_server_5300:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "143818EF-0E0B-47D5-B19A-759986E01568", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in cstore.exe in the Media Application Server (MAS) in Avaya Aura Application Server 5300 (formerly Nortel Media Application Server) 1.x before 1.0.2 and 2.0 before Patch Bundle 10 allows remote attackers to execute arbitrary code via a crafted cs_anams parameter in a CONTENT_STORE_ADMIN_REQ packet."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer basado en pila en cstore.exe en Media Application Server (MAS) en Avaya Aura Application Server 5300 (formerly Nortel Media Application Server) v1.x anteriores a v1.0.2 y v2.0 anteriores a Patch Bundle 10, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s del par\u00e1metro cs_anams en un paquete CONTENT_STORE_ADMIN_REQ packet."}], "id": "CVE-2011-5096", "lastModified": "2024-11-21T01:33:37.540", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-07-03T21:55:01.317", "references": [{"source": "cve@mitre.org", "url": "http://zerodayinitiative.com/advisories/ZDI-11-260/"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://downloads.avaya.com/css/P8/documents/100146108"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://zerodayinitiative.com/advisories/ZDI-11-260/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://downloads.avaya.com/css/P8/documents/100146108"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}