New User, Welcome!     Login

access to information

Cisco Security Advisory: Multiple Vulnerabilities in Cisco Network Building Mediator

details of the following vulnerabilities:

  * Default credentials
  * Privilege escalation
  * Unauthorized information interception
  * Unauthorized information access

Cisco has released free software updates that address these
vulnerabilities. Workarounds that mitigate some of the listed
vulnerabilities are available.

Re: Unauthorized reading confirmation from Outlook

> messages and I thought about the signature validation process, where
[...]

> that is embedded in the signed message. A specially crafted
> certificate (not from a trusted CA) can be generated with an AIA
> (Authority Information Access) extension containing an URL controlled
> by the malicious sender. By doing that the sender will immediately
[...]

You seem to have rediscovered the issue that I reported on full-disclosure
on April 1st - see

Cisco Security Advisory: Cisco Unified Communications Manager Denial of Service and Authentication Bypass Vulnerabilities

interface. The SOAP interface proxies authenticated connections to
the RIS Data Collector process. The RIS Data Collector service
listens on TCP port 2556 by default and is user configurable. By
connecting directly to the port that the RIS Data Collector process
listens on, it may be possible to bypass authentication checks and
gain read-only access to information about a CUCM cluster. The
information available includes performance statistics, user names,
and configured IP phones. This information may be used to mount
further attacks. No passwords or other sensitive CUCM configuration
may be obtained via this vulnerability. No CUCM configuration changes
can be made.

Multiple Flaws in Huawei D100

#7 SSID broadcast is enabled by default
Anyone can connect to the LAN without any problems.

#8 Partial information leakage
Unauthorized users have access to information stored on router when JavaScript is disabled in the browser. Examples:
http://192.168.1.1/en/lan_status_adv.asp
http://192.168.1.1/en/wlan_basic_cfg.asp
http://192.168.1.1/en/lancfg.asp

#9 Telnet service enabled by default

Unauthorized reading confirmation from Outlook

As described, the recipient system will try to gather the CA
certificate from a URL that is specified on the signers' certificate,
that is embedded in the signed message. A specially crafted
certificate (not from a trusted CA) can be generated with an AIA
(Authority Information Access) extension containing an URL controlled
by the malicious sender. By doing that the sender will immediately
know when the message recipient read the message on Outloook. I
performed  some tests that confirmed this scenario. Other e-mail
clients like Mozilla Thunderbird and Lotus Notes have not presented
the same behavior. It seems that only Outlook implements this part of


Copyright © 1995-2013 LinuxRocket.net. All rights reserved.

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!