Next Page >>
SSL
This security advisory outlines details of the following
vulnerabilities:
* Erroneous SIP Processing Vulnerabilities
* IPSec Client Authentication Processing Vulnerability
* SSL VPN Memory Leak Vulnerability
* URI Processing Error Vulnerability in SSL VPNs
* Potential Information Disclosure in Clientless VPNs
Note: These vulnerabilities are independent of each other. A device
may be affected by one vulnerability and not affected by another.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco IOS SSL VPN Vulnerability
Advisory ID: cisco-sa-20100922-sslvpn
http://www.cisco.com/warp/public/707/cisco-sa-20100922-sslvpn.shtml
Revision 1.0
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Vulnerability in Cisco IOS While Processing
SSL Packet
Advisory ID: cisco-sa-20080924-ssl
http://www.cisco.com/warp/public/707/cisco-sa-20080924-ssl.shtml
(3)10 on the 8.0.x release are affected. Cisco ASA or Cisco PIX
security appliances running software version 7.0.x, or 8.1.x are not
vulnerable.
Cisco ASA and Cisco PIX devices running versions 7.1.x and 7.2.x with
WebVPN, SSL VPN, or ASDM enabled are affected by this vulnerability.
Devices running software versions on the 8.0 release that are
configured for Telnet, Secure Shell (SSH), WebVPN, SSL VPN, or ASDM
enabled are affected by this vulnerability.
Note: Devices running IPv4 and IPv6 are affected by this
Cyberoam SSL VPN Client - Plain-text Storage of Username and Password
Vulnerability Summary:
Product: Cyberoam SSL VPN Client v1.0
Vendor: eLiteCore
Website: http://www.cyberoam.com/
Platform: Windows
Vulnerability Classification: Insecure Storage of User Credentials
Issue Fixed in Version: Cyberoam SSL VPN 9.6.0.78
Issue Discovered By: Wasim Halani (washal)
Application Control Engine contain the following DoS vulnerabilities:
* Real-Time Streaming Protocol (RTSP) inspection DoS vulnerability
* HTTP, RTSP, and Session Initiation Protocol (SIP) inspection DoS
vulnerability
* Secure Socket Layer (SSL) DoS vulnerability
* SIP inspection DoS vulnerability
Cisco has released free software updates for affected customers.
Workarounds that mitigate some of the vulnerabilities are available.
- Severity: 4/10 (CVSS Base Score)
=============================================
I. VULNERABILITY
-------------------------
Cisco ASA <= 8.x VPN SSL module Clientless URL-list control bypass
II. BACKGROUND
-------------------------
Cisco VPN SSL [1] is a module for Cisco ASA and Cisco Integrated
Services Routers to extend network resources to virtually any remote
VPN Authentication Bypass Vulnerability
+--------------------------------------
Cisco ASA or Cisco PIX security appliances that are configured for IPsec
or SSL-based remote access VPN and have the Override Account Disabled
feature enabled are affected by this vulnerability.
Note: The Override Account Disabled feature was introduced in Cisco
ASA software version 7.1(1). Cisco ASA and PIX software versions 7.1,
7.2, 8.0, and 8.1 are affected by this vulnerability. This feature is
successful attack may result in a sustained DoS condition. Versions
7.2.x, 8.0.x, 8.1.x, 8.2.x, and 8.3.x are affected by one or more of
these vulnerabilities. A Cisco ASA device configured for any of the
following features is affected:
* Secure Socket Layer Virtual Private Network (SSL VPN)
* When the affected device is configured to accept Cisco Adaptive
Security Device Manager (ASDM) connections
* TLS Proxy for Encrypted Voice Inspection
* Cut-Through Proxy for Network Access when using HTTPS
Vulnerability Overview
----------------------
On June 4th 2009, VSR identified multiple weaknesses in the Cisco CSS
11500's handling of HTTP header interpretation and client-side SSL
certificates. Individually, these issues may be considered minor, but
combined they could allow for the compromise of an application that
relies on a vulnerable CSS to assist in authenticating clients. If
successfully exploited, an attacker could spoof another application
user's identity without possession of the victim's client certificate.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-09:15.ssl Security Advisory
The FreeBSD Project
Topic: SSL protocol flaw
Category: contrib
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-09:15.ssl Security Advisory
The FreeBSD Project
Topic: SSL protocol flaw
Category: contrib
======================================================================
= Security Objectives Advisory (SECOBJADV-2008-01) =
======================================================================
Lenovo SystemUpdate SSL Certificate Issuer Spoofing Vulnerability
http://www.security-objectives.com/advisories/SECOBJADV-2008-01/
AFFECTED: Lenovo System Update 3 (Version 3.13.0005, Build date 2008-1-3)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: ssl-cert eclass: Certificate disclosure
Date: March 20, 2008
Bugs: #174759
ID: 200803-30
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-12:01.openssl Security Advisory
The FreeBSD Project
Topic: OpenSSL multiple vulnerabilities
Category: contrib
+------------------
Devices running affected versions of Cisco IOS Software are
susceptible if configured with any of the following features:
* Secure Socket Layer (SSL) Virtual Private Network (VPN)
* Secure Shell (SSH)
* Internet Key Exchange (IKE) Encrypted Nonces
Note: Other SSL/HTTPS related features than WebVPN and SSL VPN are
not affected by this vulnerability.
Version Tested:
Sun Application Server 9.0_0.1 (build b02-p01)
Technical Description of the vulnerability:
In the process of performing application security testing of software on
Sun box, the Sun Admin Console was used to manipulate/change SSL Ciphers.
Changes to the ORB listeners (SSL and SSL_MutualAuth) via the admin UI did
not
effectively change them in the software. Upon restarting the
services/domain all of the SSL settings remain with the default - which
enables all protocols and ciphers.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: ssl-cert eclass: Certificate disclosure
Date: March 20, 2008
Bugs: #174759
ID: 200803-30
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> structure[1] when calculating the SHA1 HMAC hash of the packet in the
> function carp_proto_input_c[2]. The two 8-bit fields not included in
> the hash generation are "carp_advskew" and "carp_advbase". Among other
> functions, the fields are both set to 255 by the master CARP node to
> indicate that it wants to step down from the master role.
"Analysis of the SSL 3.0 Protocol" by Schneier and Wagner comes to mind.
3.6 The Horton principle
Let’s recall the ultimate goal of message authentication. SSL provides
message integrity protection just when the data passed up from the
SEC Consult Vulnerability Lab Security Advisory < 20110810-0 >
=======================================================================
title: Client-side remote file upload & command execution
product: Check Point SSL VPN On-Demand applications (signed
Java applet and ActiveX control)
* SSL Network Extender (SNX)
* SecureWorkSpace
* Endpoint Security On-Demand
supplied by Check Point Connectra or other security
gateways
iSEC Partners Security Advisory - 2007-006-RubySSL
http://www.isecpartners.com
--------------------------------------------
Ruby Net::HTTPS library does not validate server certificate CN
Vendor: Ruby
Vendor URL: http://www.ruby-lang.org
Versions affected: 1.8.5, 1.8.6, Trunk Ruby
Systems Affected: All Ruby Platforms
Trustwave's SpiderLabs Security Advisory TWSL2011-014:
Vulnerability in Pantech Web Browser SSL Implementation
https://www.trustwave.com/spiderlabs/advisories/TWSL2011-014.txt
Published: 2011-09-23
Version: 1.0
Vendor: Pantech (http://www.pantechusa.com)
Product: Link P7040P, others may be vulnerable
Summary
=======
An industry-wide vulnerability exists in the Transport Layer Security
(TLS) protocol that could impact any Cisco product that uses any version
of TLS and SSL. The vulnerability exists in how the protocol handles
session renegotiation and exposes users to a potential man-in-the-middle
attack.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20091109-tls.shtml.
Trustwave's SpiderLabs Security Advisory TWSL2011-007:
iOS SSL Implementation Does Not Validate Certificate Chain
https://www.trustwave.com/spiderlabs/advisories/TWSL2011-007.txt
Published: 2011-07-25
Version: 1.0
Vendor: Apple (http://www.apple.com)
Product: iOS
Watcher is a runtime passive-analysis tool for HTTP-based Web applications.
It complements static code analysis and manual security reviews by providing
painless verification of operational and code-level issues at runtime.
Watcher works seamlessly with today’s complex Web 2.0 applications by
running silently in the background while you drive your browser and interact
with the Web-application.
It is being released for free under an Open Source license, the binaries and
source are available through CodePlex at
http://websecuritytool.codeplex.com/. A screenshot of the reporting screen
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Cisco IOS Software WebVPN and SSLVPN
Vulnerabilities
Advisory ID: cisco-sa-20090325-webvpn
http://www.cisco.com/warp/public/707/cisco-sa-20090325-webvpn.shtml
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02824483
Version: 1
HPSBOV02670 SSRT100475 rev.1 - HP OpenVMS running SSL, Remote Denial of Service (DoS), Unauthorized Disclosure of Information, Unauthorized Modification
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2011-05-05
Last Updated: 2011-05-05
1. Background
=============
fetchmail is a software package to retrieve mail from remote POP3, IMAP,
ETRN or ODMR servers and forward it to local SMTP, LMTP servers or
message delivery agents. fetchmail supports SSL and TLS security layers
through the OpenSSL library, if enabled at compile time and if also
enabled at run time, in both SSL/TLS-wrapped mode on dedicated ports as
well as in-band-negotiated "STARTTLS" and "STLS" modes through the
regular protocol ports.
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02227287
Version: 1
HPSBOV02540 SSRT090249 rev.1 - HP SSL for OpenVMS, Remote Unauthorized Data Injection, Denial of Service(Dos)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2010-06-16
Last Updated: 2010-06-16
#######################################################################
Luigi Auriemma
Application: yaSSL
http://www.yassl.com
Versions: <= 1.7.5
Platforms: Windows and *nix
Bugs: A] buffer-overflow in ProcessOldClientHello
B] buffer-overflow in "input_buffer& operator>>"
Next Page>>
|
