<< Previous Next >>
resulting
Summary
=======
Unified Contact Center and Intelligent Contact Management products
contain a vulnerability that may result in unauthorized access to the
web-based reporting and script monitoring tool (Web View) and the
web-based configuration tool (Web Admin).
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20071017-IPCC.shtml.
Summary
=======
Two crafted packet vulnerabilities exist in the Cisco Firewall
Services Module (FWSM) that may result in a reload of the FWSM. These
vulnerabilities can be triggered during the processing of HTTPS
requests, or during the processing of Media Gateway Control Protocol
(MGCP) packets.
A third vulnerability may cause access control list (ACL) entries to not
This is useless, I don't know what the author wanted to
do but this can be bypassed easily. After some conditions,
the write_comment() function is called:
219| $result = write_comment( $_POST[ 'y' ], $_POST[ 'm' ],
| $_POST[ 'entry' ],
220| $comment_name,
221| $comment_email,
222| $comment_url,
223| $comment_text,
these character encodings would thus be potentially vulnerable to
script injection attacks if their script filtering code fails to
strip out these specific characters (CVE-2010-3770).
Google security researcher Michal Zalewski reported that when a
window was opened to a site resulting in a network or certificate
error page, the opening site could access the document inside the
opened window and inject arbitrary content. An attacker could use
this bug to spoof the location bar and trick a user into thinking
they were on a different site than they actually were (CVE-2010-3774).
these character encodings would thus be potentially vulnerable to
script injection attacks if their script filtering code fails to
strip out these specific characters (CVE-2010-3770).
Google security researcher Michal Zalewski reported that when a
window was opened to a site resulting in a network or certificate
error page, the opening site could access the document inside the
opened window and inject arbitrary content. An attacker could use
this bug to spoof the location bar and trick a user into thinking
they were on a different site than they actually were (CVE-2010-3774).
these character encodings would thus be potentially vulnerable to
script injection attacks if their script filtering code fails to
strip out these specific characters (CVE-2010-3770).
Google security researcher Michal Zalewski reported that when a
window was opened to a site resulting in a network or certificate
error page, the opening site could access the document inside the
opened window and inject arbitrary content. An attacker could use
this bug to spoof the location bar and trick a user into thinking
they were on a different site than they actually were (CVE-2010-3774).
CVE-2011-2905 CVE-2011-2909 CVE-2011-2918 CVE-2011-2928
CVE-2011-3188 CVE-2011-3191
Debian Bug : 640966
The linux-2.6 and user-mode-linux upgrades from DSA-2303-1 has caused a
regression that can result in an oops during invalid accesses to
/proc/<pid>/maps files.
The text of the original advisory is reproduced for reference:
A denial of service (DoS) vulnerability exists in Jabber Extensible
Communications Platform (Jabber XCP) and Cisco Unified Presence. An
unauthenticated, remote attacker could exploit this vulnerability by
sending malicious XML to an affected server. Successful exploitation
of this vulnerability could cause elevated memory and CPU
utilization, resulting in memory exhaustion and process crashes.
Repeated exploitation could result in a sustained DoS condition.
There are no workarounds available to mitigate exploitation of this
vulnerability.
Given Test.java has an property "id" of type Integer or Long and
appropriate getter and setter methods:
long id;
Given test.jsp with result name=input is configured for action "Test":
struts.xml:
<action name="Test" class="example.Test">
<result name="input">test.jsp</result>
</action>
necessary changes.
Details follow:
Fernando Quintero discovered than MoinMoin did not properly sanitize its
input when processing login requests, resulting in cross-site scripting (XSS)
vulnerabilities. With cross-site scripting vulnerabilities, if a user were
tricked into viewing server output during a crafted server request, a remote
attacker could exploit this to modify the contents, or steal confidential data,
within the same domain. This issue affected Ubuntu 7.10 and 8.04 LTS.
(CVE-2008-0780)
strategies to obtain exploitable information against a specific component. This is where
benchmarking becomes useful.
When you speak of a 'benchmark' you are not only speaking about how fast a process is running but
also about how efficient it is. In order to evaluate that you must rely on many more indicators,
making the time a process runs only a part of a benchmark result.
A benchmark can also imply to analyze the following indicators:
- number of threads ran by process
- size of memory allocated by process/threads
- CPU consumption
3. *Vulnerability Description*
DNS spoofing and cache poisoning attacks have been known security
threats that result from design weaknesses of the DNS protocol since the
early 1990s as described by Christopher Schuba [1] and Paul Vixie [2].
In 1997 a practical implementation of a blind remote DNS cache poisoning
attack that relies solely on exploiting the predictability of the ID
field of DNS query packets was described by Arce and Kargieman [3]. This
was followed up by further refinements and advancement of attack
it would be possible to execute arbitrary code as the user running vim
(CVE-2008-2712).
Ulf Härnhammar of Secunia Research found a format string flaw in
vim's help tags processor. If a user were tricked into executing the
helptags command on malicious data, it could result in the execution
of arbitrary code as the user running vim (CVE-2008-2953).
A flaw was found in how tar.vim handled TAR archive browsing. If a
user were to open a special TAR archive using the plugin, it could
result in the execution of arbitrary code as the user running vim
it would be possible to execute arbitrary code as the user running vim
(CVE-2008-2712).
Ulf Härnhammar of Secunia Research found a format string flaw in
vim's help tags processor. If a user were tricked into executing the
helptags command on malicious data, it could result in the execution
of arbitrary code as the user running vim (CVE-2008-2953).
A flaw was found in how tar.vim handled TAR archive browsing. If a
user were to open a special TAR archive using the plugin, it could
result in the execution of arbitrary code as the user running vim
feedWriter could lead to Chrome privilege escalation.
CVE-2008-3837
Paul Nickerson discovered that an attacker could move windows
during a mouse click, resulting in unwanted action triggered by
drag-and-drop.
CVE-2008-4058
"moz_bug_r_a4" discovered a vulnerability which can result in
Potential Security Impact: NFS inadvertently enabled
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with NFS/ONCplus running on HP-UX. The vulnerability could result in the inadvertent enabling of NFS.
References: CVE-2010-0451
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.31 running NFS / ONCplus version B.11.31_08 or previous
feedWriter could lead to Chrome privilege escalation. (MFSA 2008-39)
CVE-2008-3837
Paul Nickerson discovered that an attacker could move windows
during a mouse click, resulting in unwanted action triggered by
drag-and-drop. (MFSA 2008-40)
CVE-2008-4058
"moz_bug_r_a4" discovered a vulnerability which can result in
$id = (isset($_GET['id']) && $_GET['id'] !='') ? $_GET['id'] : getlastid();
$SQL = "SELECT comment,author,contact,date FROM `cblog_comments`
WHERE `pid` = '$id' ORDER BY `cid` DESC";
$resulted = $db->query($SQL, $querys);
while ($result = mysql_fetch_assoc($resulted))
$comments[] = $result;
- [B] Authentication Bypass
The Cisco ONS 15300 series Edge Optical Transport Platform, the Cisco
ONS 15454 Optical Transport Platform, the Cisco ONS 15454 SDH
Multiservice Platform, and the Cisco ONS 15600 Multiservice Switching
Platform contains a vulnerability when processing TCP traffic streams
that may result in a reload of the device control card.
Cisco has released free software updates that address this
vulnerability.
There are no workarounds that mitigate this vulnerability. Several
=======
Cisco IOS® devices that are configured for Internet Key Exchange
(IKE) protocol and certificate based authentication are vulnerable to
a resource exhaustion attack. Successful exploitation of this
vulnerability may result in the allocation of all available Phase 1
security associations (SA) and prevent the establishment of new IPsec
sessions.
Cisco has released free software updates that address this
vulnerability.
Cisco IOS® devices that are configured with Cisco IOS Zone-Based
Policy Firewall Session Initiation Protocol (SIP) inspection are
vulnerable to denial of service (DoS) attacks when processing a
specific SIP transit packet. Exploitation of the vulnerability could
result in a reload of the affected device.
Cisco has released free software updates that address this
vulnerability.
Workarounds that mitigate this vulnerability are available.
$id = (isset($_GET['id']) && $_GET['id'] !='') ? $_GET['id'] : getlastid();
$SQL = "SELECT comment,author,contact,date FROM `cblog_comments`
WHERE `pid` = '$id' ORDER BY `cid` DESC";
$resulted = $db->query($SQL, $querys);
while ($result = mysql_fetch_assoc($resulted))
$comments[] = $result;
- [B] Authentication Bypass
feedWriter could lead to Chrome privilege escalation.
CVE-2008-3837
Paul Nickerson discovered that an attacker could move windows
during a mouse click, resulting in unwanted action triggered by
drag-and-drop.
CVE-2008-4058
"moz_bug_r_a4" discovered a vulnerability which can result in
SSLVPN sessions cause a memory leak in the device
+------------------------------------------------
A device configured for SSLVPN may leak transmission control blocks
(TCBs) when processing an abnormally disconnected SSL session.
Continued exploitation may result in the device depleting its memory
resources and result in a crash of the device. Authentication is
"not" required to exploit this vulnerability.
The memory leak can be detected by running the command "show tcp
brief", like in the following example:
networks (L2VPN), Layer 2 Tunnel Protocol Version 3 (L2TPv3), Stack
Group Bidding Protocol (SGBP) and Cisco Virtual Private Dial-Up
Networks (VPDN). Once this process is enabled the device is
vulnerable.
This vulnerability will result in a reload of the device when
processing a specially crafted L2TP packet.
Cisco has released free software updates that address this
vulnerability.
channel. This channel uses addresses from the 127.0.0.0/8 range and
UDP port 1975. Cisco 10000, uBR10012 and uBR7200 series devices that
are running an affected version of Cisco IOS will process IPC
messages that are sent to UDP port 1975 from outside of the device.
This behavior may be exploited by an attacker to cause a reload of
the device, linecards, or both, resulting in a DoS condition.
Filtering unauthorized traffic destined to 127.0.0.0/8 or UDP port
1975 will mitigate this vulnerability.
This vulnerability is documented in the Cisco Bug IDs CSCsg15342
The VMware Tools Package provides support required for shared folders
(HGFS) and other features.
An input validation error is present in the Windows-based VMware
HGFS.sys driver. Exploitation of this flaw might result in
arbitrary code execution on the guest system by an unprivileged
guest user. It doesn't matter on what host the Windows guest OS
is running, as this is a guest driver vulnerability and not a
vulnerability on the host.
Exploitation allows an attacker to gain sensitive information from the toothbrush. No authentication is required to reach the affected application. The attacker only needs to be able to monitor the wireless transmission.
The attacker can determine the users brushing habits. It is possible to report on the location of the mouth that is being brushed and the amount of time spent on each of four defined “quantrants”.
An attacker could also conduct a serious DoS attack. Flooding the wireless communications causes the unit to stop responding. This can result in the following actions:
A. A continued DoS could cause the bristle monitor to not send an end of life signal to the SmartMonitor system leaving the user to continue using an old toothbrush head which could eventually lead to dental failure. The failure to monitor the most effective head life could result in bristle failure.
B. Dental statistics could be erased from the monitor unit. This would leave the user unable to determine and report on their brushing habits. This could lead to user confusion and over or under brushing leading to tooth wear.
C. Fake battery life transmissions can be sent making the user believe that the battery life is in fact longer than is truly stored. This could lead to a catastrophic brushing failure where the toothbrush runs out of power in mid-clean. A continued long term attack could lead to the creation of cavities in the user’s teeth.
A forensic analysis of the SmartMonitor unit can be conducted to recover deleted brushing sessions. A user who was attempting to cover a period of lapsed dental care could be investigated and the deleted data recovered. In some cases it is feasible that this could result in a reduction of user privileges and possible punitive action (especially where the analysis is conducted by the parent administrative body).
-------------------
When you have a look on the code generated by the compiler you will
see that it first multiplies the timestamp, process identifier and
the numerical factor. This is performed in modular integer arithmetic.
It was therefore evaluated how likely it is that the multiplication
will result in a zero, because then the seed will be zero, too.
(on older PHP versions the seed will be 1 for mt_rand() because the
lowest bit will be forced to be 1)
1000000 is a number with its lowest 6 bits set to zero. Therefore
the multiplication will result in zero if the timestamp and process
Summary
=======
Cisco IOS contains multiple vulnerabilities in the Data-link
Switching (DLSw) feature that may result in a reload or memory leaks
when processing specially crafted UDP or IP Protocol 91 packets.
Cisco has released free software updates that address these
vulnerabilities. Workarounds are available to mitigate the effects of
these vulnerabilities.
<<Previous Next>>
|
