Next Page >>
based
. Virtual Server 2005 R2 SP1
5. *Non-vulnerable packages*
. Microsoft virtualization products that are based on Hyper-V technology.
6. *Vendor Information, Solutions and Workarounds*
This issue was reported to Microsoft in August 2009. The vendor has
structure your time however you see fit. If you think your
presentation will run longer, or have any special requirements, please
include this information in your submission and we will do our best to
accommodate you.
Note: If the presentation is based upon code or a particular
technique, the presenter must be one of the developers of the code or
technique and be prepared to perform a demonstration.
We look forward to reviewing your submissions, and anticipate another
great line-up for this year's conference. Once again, if you have any
* CSCsk60581
* CSCsq39315
IPSec Client Authentication Processing Vulnerability
Cisco PIX and Cisco ASA devices configured to terminate client based
VPN connections are vulnerable to a crafted authentication processing
vulnerability if they are running software versions 7.2, 8.0, or 8.1.
Devices that run software versions 7.0 or 7.1 are not affected by
this vulnerability.
Vulnerability Scoring Details
=============================
Cisco is providing scores for the vulnerabilities in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
Cisco will provide a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of
remote attacker to retrieve sensitive authentication and
configuration information. The attacker would need to have the
ability to submit a TFTP GET request via UDP port 69 to the affected
device.
Because the vulnerability is within a UDP based service, the attacker
would not be required to perform a handshake prior to making the
crafted request. However, due to the fact that this is an information
disclosure issue the attacker would need to supply a valid return IP
address to retrieve the information.
Details
=======
Cisco IOS XR Software, which is part of the Cisco IOS Software
family, uses a microkernel-based distributed operating system
infrastructure. Cisco IOS XR Software runs on the Cisco CRS, Cisco
12000 Series Routers, and Cisco ASR 9000 Series Aggregation Services
Routers.
More information on Cisco IOS XR Software is available at the
Vulnerability Scoring Details
=============================
Cisco has provided scores for the vulnerability in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
connection exhaustion condition (no new TCP connections are accepted)
when specific TCP segments are received during the TCP connection
termination phase.
This vulnerability is triggered only when specific TCP segments are sent
to certain TCP-based services that terminate on the affected appliance.
Although exploitation of this vulnerability requires a TCP three-way
handshake, authentication is not required.
This vulnerability is documented in Cisco bug ID CSCsz77717 and has been
assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2010-0149.
Summary
=======
Cisco IOS® devices that are configured for Internet Key Exchange
(IKE) protocol and certificate based authentication are vulnerable to
a resource exhaustion attack. Successful exploitation of this
vulnerability may result in the allocation of all available Phase 1
security associations (SA) and prevent the establishment of new IPsec
sessions.
VPN Authentication Bypass Vulnerability
+--------------------------------------
Cisco ASA or Cisco PIX security appliances that are configured for IPsec
or SSL-based remote access VPN and have the Override Account Disabled
feature enabled are affected by this vulnerability.
Note: The Override Account Disabled feature was introduced in Cisco
ASA software version 7.1(1). Cisco ASA and PIX software versions 7.1,
7.2, 8.0, and 8.1 are affected by this vulnerability. This feature is
only impact devices that are configured for SNMPv3.
To determine the version of SNMP configured in Cisco IOS, CatOS and
IOS-XR, log in to the device and issue the show snmp group command.
The security model field indicates the version of SNMP configured.
The output "usm" is the abbreviation for user-based security model
and this indicates SNMPv3 is configured.
Cisco IOS
router#show snmp group
groupname: test security model:v3 noauth
Vulnerability Scoring Details
=============================
Cisco has provided scores for the vulnerabilities in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Vulnerability Scoring Details
=============================
Cisco has provided scores for the vulnerabilities in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Summary
=======
Certain Cisco Catalyst 6500 Series and Cisco 7600 Router devices that
run branches of Cisco IOS based on 12.2 can be vulnerable to a denial
of service vulnerability that can prevent any traffic from entering
an affected interface. For a device to be vulnerable, it must be
configured for Open Shortest Path First (OSPF) Sham-Link and Multi
Protocol Label Switching (MPLS) Virtual Private Networking (VPN).
This vulnerability only affects Cisco Catalyst 6500 Series or
Vulnerability Scoring Details
+----------------------------
Cisco has provided scores for the vulnerabilities in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Cisco Security Advisory is done in accordance with
CVSS version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
RTCP packet to a listening RTCP control port to crash the call
control process. The attacker would need to have the ability to
communicate to an affected device on a UDP port that was randomly
selected and negotiated during call setup.
Because the vulnerability is within a UDP-based service, the attacker
would not be required to perform a handshake prior to making the
crafted request. This could allow the attacker to spoof the source
address of an attack.
* CTMS - CSCth60993 ( registered customers only) has been assigned
Vulnerability Scoring Details
=============================
Cisco has provided scores for the vulnerabilities in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Vulnerability Scoring Details
=============================
Cisco has provided scores for the vulnerability in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
is when the unexpected kernel exception occurs during the very
beginning or very end of a kernel-mode service routine (a generic term
referring to interrupt handlers and system call handlers), on certain
x64 operating systems. Exploitability in such a case depends on the
operating system's use of the x64 SWAPGS instruction as the sole
mechanism for switching the GS base address between user-mode and
kernel-mode system data structures, and it requires that the operating
system act on the data at GS: in an exploitable way, without any
preclusive safety checks. (For more information on SWAPGS and the GS:
segment override in the x64 architecture, see "AMD64 Architecture
Programmer's Manual" Volumes 2 and 3, "24593.pdf" and "24594.pdf".)
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP OpenView Network Node Manager (OV NNM) v7.01, v7.51, v7.53 running on HP-UX, Linux, Solaris, and Windows
BACKGROUND
CVSS 2.0 Base Metrics
===============================================
Reference Base Vector Base Score
CVE-2008-3536 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8
CVE-2008-3537 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8
===============================================
=================
Vulnerable Products
+------------------
Cisco devices running certain 12.4-based IOS releases and configured
to be managed via SSH may be affected by this issue.
The IOS secure shell server is disabled by default. To determine if
SSH is enabled, use the show ip ssh command.
Vulnerability Scoring Details
=============================
Cisco has provided scores for the vulnerability in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
* krb5 application services may accept unkeyed PAC checksums
* krb5 KDC may accept low-entropy KrbFastArmoredReq checksums
CVSSv2 Vector: AV:N/AC:M/Au:N/C:N/I:C/A:N/E:POC/RL:OF/RC:C
CVSSv2 Base Score: 7.1
Access Vector: Network
Access Complexity: Medium
Authentication: None
Confidentiality Impact: None
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Cisco IOS Software IPS and Zone-Based
Firewall Vulnerabilities
Advisory ID: cisco-sa-20110928-zbfw
Revision 1.0
Vulnerability Scoring Details
=============================
Cisco has provided scores for the vulnerability in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Vulnerability Scoring Details
=============================
Cisco has provided scores for the vulnerabilities in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this security advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
=======
In Cisco IOS Software an object group can contain a single object
(such as a single IP address, network, or subnet) or multiple objects
(such as a combination of multiple IP addresses, networks, or
subnets). In an ACL that is based on an object group, administrators
can create a single access control entry (ACE) that uses an object
group name instead of creating many ACEs, which each would require a
different IP address. A similar object group, such as a protocol port
group, can be extended to limit access to a set of applications for a
user group to a server group.
Vulnerability Scoring Details
=============================
Cisco has provided scores for the vulnerabilities in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Vulnerability Scoring Details
=============================
Cisco has provided scores for the vulnerability in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Vulnerability Scoring Details
=============================
Cisco has provided scores for the vulnerabilities in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Next Page>>
|
