<< Previous Next >>
Free Software
=======
Cisco Unified Communications Manager contains five (5) denial of
service (DoS) vulnerabilities.
Cisco has released free software updates for affected versions of
Cisco Unified Communications Manager to address the vulnerabilities.
A workaround exists for the SIP and Packet Capture Service DoS
vulnerabilities.
This advisory is posted at:
- Newly discovered vulnerabilities in software and hardware
- Electronic/Digital Privacy
- Wireless Network and Security
- Attacks on Information Systems and/or Digital Information Storage
- Electronic Voting
- Free Software and Security
- Assessment of Computer, Electronic Devices and Information Systems
- Standards for Information Security
- Legal and Social Aspect of Information Security
- Software Engineering and Security
- Security in Information Retrieval
* Certificate Trust List (CTL) Provider
* Certificate Authority Proxy Function (CAPF)
* Session Initiation Protocol (SIP)
* Simple Network Management Protocol (SNMP) Trap
Cisco has released free software updates that address these
vulnerabilities. Workarounds that mitigate some of these
vulnerabilities are available.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20080514-cucmdos.shtml.
The second vulnerability permits an authenticated user to execute
arbitrary code on the device under the privileges of the web server
user account.
Cisco has released free software updates that address these
vulnerabilities.
There are no workarounds available for these vulnerabilities.
This advisory is posted at:
Skinny Client Control Protocol (SCCP) crafted messages may cause a
Cisco IOS device that is configured with the Network Address
Translation (NAT) SCCP Fragmentation Support feature to reload.
Cisco has released free software updates that address this
vulnerability. A workaround that mitigates this vulnerability is
available.
This advisory is posted at:
Multiple vulnerabilities exist in the Session Initiation Protocol
(SIP) implementation in Cisco IOS that can be exploited remotely to
trigger a memory leak or to cause a reload of the IOS device.
Cisco has released free software updates that address these
vulnerabilities. Fixed Cisco IOS software listed in the Software
Versions and Fixes section contains fixes for all vulnerabilities
addressed in this advisory.
There are no workarounds available to mitigate the effects of any of
* Three (3) denial of service (DoS) vulnerabilities that affect
Session Initiation Protocol (SIP) services
* Directory transversal vulnerability
* Two (2) SQL injection vulnerabilities
Cisco has released free software updates for affected Cisco Unified
Communications Manager versions to address the vulnerabilities. A
workaround exists only for the SIP DoS vulnerabilities.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20110427-cucm.shtml.
Multiple vulnerabilities exist in the Session Initiation Protocol
(SIP) implementation in Cisco IOS^ Software that could allow an
unauthenticated, remote attacker to cause a reload of an affected
device when SIP operation is enabled.
Cisco has released free software updates that address these
vulnerabilities. There are no workarounds for devices that must run
SIP; however, mitigations are available to limit exposure to the
vulnerabilities.
This advisory is posted at
vulnerable.
This vulnerability will result in a reload of the device when
processing a specially crafted L2TP packet.
Cisco has released free software updates that address this
vulnerability.
Workarounds that mitigate this vulnerability are available.
This advisory is posted at
the LocalSystem account.
A workaround exists for one of the two vulnerabilities disclosed in this
advisory.
Cisco has made free software available to address these vulnerabilities
for affected customers.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20070815-vpnclient.shtml.
* Converter routines that (semi-)automatically create NASL
scripts from formal security alerts.
* Performance improvements for the current tests.
There are many other ways to extend and improve the OpenVAS framework.
The only hard requirement is that your solution is published as Free Software
under GNU GPLv2+.
The following rewards have already been offered by the contest sponsors:
1st place: 500 Euro
The Management Center for Cisco Security Agent is affected by a
vulnerability that may allow an unauthenticated attacker to perform
remote code execution on the affected device.
Cisco has released free software updates that address this
vulnerability.
A workaround is available to mitigate this vulnerability.
This advisory is posted at
contains a heap overflow vulnerability in the Certificate Trust List
(CTL) Provider service that could allow a remote, unauthenticated
user to cause a denial of service (DoS) condition or execute
arbitrary code. There is a workaround for this vulnerability.
Cisco has made free software available to address these
vulnerabilities for affected customers.
Common Vulnerabilities and Exposures (CVE) identifier CVE-2008-0027
has been assigned to this vulnerability.
+ http://www.frhack.org/schedule.php
---------------------------------------------------------
# Invited speakers #
Free Software in Ethics and in Practice
- Richard Matthew Stallman (RMS)
TBA
- David Hulton (h1kari)
(FWSM) for the Cisco Catalyst 6500 Series Switches and Cisco 7600
Series Routers that may cause the Cisco FWSM to reload after
processing crafted SunRPC or certain TCP packets. Repeated
exploitation could result in a sustained DoS condition.
Cisco has released free software updates that address these
vulnerabilities. Workarounds are available for the vulnerabilities
disclosed in this advisory.
Note: These vulnerabilities are independent of each other. A device
may be affected by one vulnerability and not affected by another.
Manager is integrated with an external directory service, it may be
possible for an attacker to leverage the privilege escalation
vulnerability to gain access to additional systems configured to use
the directory service for authentication.
Cisco has released free software updates that address this
vulnerability. Workarounds that mitigate this vulnerability are
available.
This advisory is posted at:
Cisco Unified Communications Manager, formerly Cisco Unified
CallManager, contains two denial of service (DoS) vulnerabilities in
the Session Initiation Protocol (SIP) service. An exploit of these
vulnerabilities may cause an interruption in voice services.
Cisco will release free software updates that address these
vulnerabilities and this advisory will be updated as fixed software
becomes available. There are no workarounds for these
vulnerabilities.
Note: Cisco IOS software is also affected by the vulnerabilities
Cisco recommends that all administrators deploy the mitigation
measures outlined in the Workarounds section or perform a Cisco IOS
Software upgrade.
Cisco has released free software updates that address this
vulnerability.
Workarounds that mitigate this vulnerability are available.
This advisory is posted at:
Under a sustained attack, the Cisco CRS Modular Services Card (MSC)
on a Cisco Carrier Routing System (CRS) or a Line Card on a Cisco
12000 Series Router or Cisco ASR 9000 Series Aggregation Services
Router will reload.
Cisco has released free Software Maintenance Units (SMU) that address
this vulnerability.
There are no workarounds for this vulnerability.
This advisory is posted at:
on the device and one vulnerability that allows remote,
unauthenticated users to execute arbitrary code with elevated
privileges. There are workarounds available to mitigate these
vulnerabilities.
Cisco has released free software updates that address these
vulnerabilities. This advisory is posted at:
http://www.cisco.com/warp/public/707/cisco-sa-20100210-ironport.shtml
Affected Products
when users access a WRF file hosted on a WebEx server. If the WebEx
WRF Player was manually installed, users will need to manually install
a new version of the player after downloading the latest version from
www.webex.com.
Cisco has released free software updates that address these
vulnerabilities.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20091216-webex.shtml.
a network processor in a line card to lock up while processing an IP
version 4 (IPv4) packet. As a consequence of the network processor
lockup, the line card that is processing the offending packet will
automatically reload.
Cisco has released a free software maintenance upgrade (SMU) to
address this vulnerability.
There are no workarounds for this vulnerability.
This advisory is posted at:
users access a recording file that is hosted on a WebEx meeting site.
If the WRF player was manually installed, users will need to manually
install a new version of the player after downloading the latest
version from www.webex.com
Cisco has released free software updates that address these
vulnerabilities.
This advisory is posted at:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-webex
Cisco IPS Event Viewer (IEV) that results in open TCP ports on both
the Cisco Security Manager server and IEV client. An unauthenticated,
remote attacker could leverage this vulnerability to access the MySQL
databases or IEV server.
Cisco has released free software updates that address this
vulnerability. A workaround is also available to mitigate this
vulnerability.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20090121-csm.shtml
vulnerabilities are independent of each other.
Exploitation of these vulnerabilities could result in a DoS condition or an
information disclosure.
Cisco has released free software updates that address these vulnerabilities in
the latest versions of Cisco Unified Contact Center products.
This advisory is posted at:
http://www.cisco.com/warp/public/707/cisco-sa-20100609-uccx.shtml
=======
Cisco Secure Desktop contains a vulnerable ActiveX control that could
allow an attacker to execute arbitrary code with the privileges of
the user who is currently logged into the affected system. Cisco has
released a free software update that addresses this vulnerability.
There is a workaround that mitigates this vulnerability.
This advisory is posted at:
http://www.cisco.com/warp/public/707/cisco-sa-20100414-csd.shtml
to crash. Repeated exploitation could result in a sustained DoS
condition.
These vulnerabilities are independent of each other.
Cisco has released free software updates that address these
vulnerabilities.
This advisory is posted at:
http://www.cisco.com/warp/public/707/cisco-sa-20100217-csa.shtml
users access a recording file that is hosted on a WebEx server. If
the WebEx recording player was manually installed, users will need to
manually install a new version of the player after downloading the
latest version from www.webex.com
Cisco has released free software updates that address these
vulnerabilities.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20110201-webex.shtml.
ONS 15454 Optical Transport Platform, the Cisco ONS 15454 SDH
Multiservice Platform, and the Cisco ONS 15600 Multiservice Switching
Platform contains a vulnerability when processing TCP traffic streams
that may result in a reload of the device control card.
Cisco has released free software updates that address this
vulnerability.
There are no workarounds that mitigate this vulnerability. Several
mitigations exist that can limit the exposure of this vulnerability.
Cisco TelePresence C Series Endpoints, E/EX Personal Video units, and
MXP Series Codecs that are running software versions prior to TC4.0.0
or F9.1 contain a vulnerability that could allow an attacker to cause
a denial of service.
Cisco has released free software updates that address this
vulnerability.
This advisory is posted at:
http://www.cisco.com/warp/public/707/cisco-sa-20110831-tandberg.shtml
<<Previous Next>>
|
