Next Page >>
client
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Multiple Vulnerabilities in Cisco AnyConnect
Secure Mobility Client
Advisory ID: cisco-sa-20110601-ac
Revision 1.0
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory:
Local Privilege Escalation Vulnerabilities in Cisco VPN Client
Advisory ID: cisco-sa-20070815-vpnclient
http://www.cisco.com/warp/public/707/cisco-sa-20070815-vpnclient.shtml
(without CPU-APR-2012).
Vulnerability details
---------------------
The Oracle TNS Listener component routes connections from the client to
the database server depending on the database's instance name the client
wants to connect to. These instances are registered at the TNS Listener
by using any of the following methods:
1. Local registration. The database's internal process PMON connects via
vulnerability may allow a Man-in-the-Middle (MITM) attacker to inject
arbitrary data into the beginning of the application protocol stream
protected by TLS.
The only ArubaOS component that seems affected by this issue is the
HTTPS WebUI administration interface. If a client browser (victim) is
configured to authenticate to the WebUI over HTTPS using a client
certificate, an attacker can potentially use the victim's credentials
temporarily to execute arbitrary HTTP request for each initiation of an
HTTPS session from the victim to the WebUI. This would happen without
any HTTPS/TLS warnings to the victim. This condition can essentially be
AOL Instant Messenger ("AIM", http://www.aim.com) is an instant messaging
application that allows its users to communicate in real time via text,
voice, and video over the Internet. It is maintained by AOL LLC. AIM Pro
is AOL's business-oriented version of AIM targeted for professional use
with an emphasis on "business-grade" security and integration with email
client and other productivity applications
(http://aimpro.premiumservices.aol.com/) AIM Lite, as defined in its
website (http://x.aim.com/laim/), is a reference application used to test
new technology also developed by AOL and available for the public in the
form of a "light IM client".
AOL Instant Messenger ("AIM", http://www.aim.com) is an instant messaging
application that allows its users to communicate in real time via text,
voice, and video over the Internet. It is maintained by AOL LLC. AIM Pro
is AOL's business-oriented version of AIM targeted for professional use
with an emphasis on "business-grade" security and integration with email
client and other productivity applications
(http://aimpro.premiumservices.aol.com/) AIM Lite, as defined in its
website (http://x.aim.com/laim/), is a reference application used to test
new technology also developed by AOL and available for the public in the
form of a "light IM client".
Exploitability: Proof-of-Concept
Remediation Level: Official Fix
Report Confidence: Confirmed
CVE-2010-1323
* krb5 clients may accept unkeyed SAM-2 challenge checksums
* krb5 may accept KRB-SAFE checksums with low-entropy derived keys
CVSSv2 Vector: AV:N/AC:H/Au:N/C:N/I:C/A:N/E:POC/RL:OF/RC:C
CVSSv2 Base Score: 5.4
CVSSv2 Temporal Score: 4.2
KN9116. It is possible that other devices are affected as well. If you
have access to other similar devices and want to test whether they are
vulnerable as well, please contact me at jakob@cs.tu-berlin.de.
Impact: Arbitrary code execution on client system, Information
disclosure and man in the middle attacks.
Background:
Aten produces several IP KVM Switches. This devices can be used like a
normal kvm switch with an attached keyboard, mouse and monitor.
- ------------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2009-0005
Synopsis: VMware Hosted products, VI Client and patches for ESX
and ESXi resolve multiple security issues
Issue date: 2009-04-03
Updated on: 2009-04-03 (initial release of advisory)
CVE numbers: CVE-2008-4916 CVE-2008-3761 CVE-2009-1146
CVE-2009-1147 CVE-2009-0909 CVE-2009-0910
Application: Toribash
http://www.toribash.com
Versions: <= 2.71
Platforms: Windows, Mac and Linux
Bugs: A] dedicated server format string
B] client commands buffer-overflow
C] client unicode buffer-overflow in the SAY command
D] server crash through uninitialized values
E] line-feed dropping
F] Windows dedicated server hell bell
G] clients kicked by malformed packet
Security Advisory
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Advisory Name: Multiple Cisco CSS / ACE Client Certificate and HTTP Header
Manipulation Vulnerabilities
Release Date: 2010-07-02
Application: Cisco Content Services Switch (CSS) / ACE Products
Versions: Cisco CSS 11500 - 08.20.1.01
Cisco ACE 4710 - Version A3(2.5) [build 3.0(0)A3(2.5)
Cisco Unified Communications Manager address book synchronized with
their Microsoft Windows address book. The IP Phone PAB Synchronizer
feature contains a privilege escalation vulnerability that may allow
an attacker to obtain complete administrative access to a vulnerable
Cisco Unified Communications Manager system. After an IP Phone PAB
Synchronizer client successfully authenticates to a Cisco Unified
Communications Manager device over a HTTPS connection, the Cisco
Unified Communications Manager returns credentials for a user account
that is used to manage the Cisco Unified Communications Manager
directory service. If an attacker is able to intercept the
credentials, they can perform unauthorized modifications to the Cisco
===============================ADVISORY===============================
Systems Affected: Citrix ICA Client
Severity: High
Category: Heap Offset Overflow
Author: Context Information Security Ltd
Reported to vendor: 20th February 2008
Advisory Issued: 4th August 2010
===============================ADVISORY===============================
Description
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
ESA-2011-001: RSA, The Security Division of EMC, addresses RKM 1.5 C Client SQL Injection Vulnerability
Security Advisory
Updated January 13, 2011
Summary:
What is the issue?
This message is in response to the original message posted on June 3, 2010 addressing a SQL Injection vulnerability in the RSA Key Manager C Client version 1.5. The original message referenced CVE-2010-1904.
A vulnerability has been identified in the RSA Key Manager (RKM) C client 1.5 that may expose the product to a SQL Injection attack. An attacker having access to encrypted data may be able to leverage this vulnerability in an attempt to alter the RKM C Client 1.5 cache.
Affected Products:
RKM C Client versions 1.5.x.x, all platforms (Windows, Linux, Solaris, HP-UX, etc).
Unaffected Products:
> To: bugtraq@securityfocus.com
> Subject: Re: RSA Key Manager SQL injection Vulnerability ( CVE-2010-1904 )
>
> What is the issue?
>
> This message is in response to the original message posted on June 3, 2010 addressing a SQL Injection vulnerability in the RSA Key Manager C Client version 1.5. The original message referenced CVE-2010-1904.
>
> A vulnerability has been identified in the RSA Key Manager (RKM) C client 1.5 that may expose the product to a SQL Injection attack. An attacker having access to encrypted data may be able to leverage this vulnerability in an attempt to alter the RKM C Client 1.5 cache.
>
> Affected Products:
> RKM C Client versions 1.5.x.x, all platforms (Windows, Linux, Solaris, HP-UX, etc).
=============
Vulnerability
=============
When the game client requests a list of network games to join, it sends a UDP
query to master.corservers.com. This server responds to the client via UDP with
a list of known game servers. The client then sends a UDP query to each of the
listed game servers, asking each for its description. The client's parsing of
the servers' responses is vulnerable to a buffer overflow attack.
=======
An ActiveX control (atucfobj.dll) that is used by the Cisco WebEx
Meeting Manager contains a buffer overflow vulnerability that may
result in a denial of service or remote code execution. The WebEx
Meeting Manager is a client-side program that is provided by the
Cisco WebEx meeting service. The Cisco WebEx meeting service
automatically downloads, installs, and configures Meeting Manager the
first time a user begins or joins a meeting.
When users connect to the WebEx meeting service, the WebEx Meeting
administrator allocates address pools in each subnet and enters them into
the dhcpd’s configuration file. OpenBSD’s implementation of the DHCP
server is based on an early version of ISC’s dhcpd that the OpenBSD
project further developed to incorporate additional security features such
as privilege separation and the ability to synchronize provisioning of IP
addresses to clients with updates to PF firewall filtering rules to
effectively implement egress and ingress filtering based on live client IP
addresses on the network served by dhcpd.
A vulnerability found in OpenBSD’s dhcpd allows attackers on the local
network to remotely cause the DHCP server to corrupt its process memory
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
ESA-2010-018: RSA Security Advisory: RSA, The Security Division of EMC, announces a fix for a potential security vulnerability in RSA® Authentication Client when storing secret key objects on an RSA SecurID® 800 Authenticator
RSA Authentication Client 2.0.x, 3.0, and 3.5.x contain a potential vulnerability that could allow the unintended extraction, by a properly authenticated user, of secret (or symmetric) key objects stored on an RSA SecurID 800 Authenticator. This potential vulnerability is corrected in RSA Authentication Client 3.5.3.
Description:
/* feature) if the GRE tunnel is protected. You don't need to know the */
/* NHRP network id (or any other configuration details, except the GRE key if */
/* it is set on the target router). */
/* */
/* NOTE: The exploit only seems to work, if a NHRP session between the target */
/* router and at least one client is established. */
/* */
/* Code injection is also possible (thanks to sky for pointing this out), but */
/* it is not very easy and depends heavily on the IOS version / platform. */
/* */
/* Example: */
Overview:
--------
Alcatel offers a CTI Solution for Call Centers. Call-Center Agents can log
on
to the central CCA-Server with a helper client and can redirect calls from
their
call center extension to a normal phone even while they are out of office.
Description:
--------
- ------------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2011-0008
Synopsis: VMware vCenter Server and vSphere Client security
vulnerabilities
Issue date: 2011-05-05
Updated on: 2011-05-05 (initial release of advisory)
CVE numbers: CVE-2011-0426 CVE-2011-1788 CVE-2011-1789
- ------------------------------------------------------------------------
available from Postfix mirrors at http://www.postfix.org/download.html.
What systems are affected
=========================
The Postfix SMTP client is not affected.
Affected are Postfix SMTP server configurations that have SASL
authentication turned on, and that use Cyrus SASL authentication
mechanisms other than ANONYMOUS, PLAIN and LOGIN. Here,
-----------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2012-0005
Synopsis: VMware vCenter Server, Orchestrator, Update Manager,
vShield, vSphere Client, ESXi and ESX address
several security issues
Issue date: 2012-03-15
Updated on: 2012-03-15 (initial advisory)
CVE numbers: CVE-2012-1508, CVE-2012-1509, CVE-2012-1510,
in a reload of the device or disclosure of confidential information.
This security advisory outlines details of the following
vulnerabilities:
* Erroneous SIP Processing Vulnerabilities
* IPSec Client Authentication Processing Vulnerability
* SSL VPN Memory Leak Vulnerability
* URI Processing Error Vulnerability in SSL VPNs
* Potential Information Disclosure in Clientless VPNs
Note: These vulnerabilities are independent of each other. A device
Microsoft FTP Client Multiple Bufferoverflow
Vulnerability
#####################################################################
XDisclose Advisory : XD100096
Vulnerability Discovered: November 20th 2007
Advisory Reported : November 28th 2007
Credit : Rajesh Sethumadhavan
To be clear, the CONNECT request is a single request/response cycle between the client and the proxy. Any request body is nonsensical and should be ignored by the proxy (or the request can be rejected if the proxy wants to be pedantic). There is nothing that explicitly disallows inclusion of the host header in a CONNECT request. Granted, including the host header incurs some degree of ambiguity (the FQDN may resolve to the IP address, but the IP address is not guaranteed to resolve to the FQDN), but this is clearly a debatable choice on the developer's part as to whether it should be used to determine traffic policy applicability for this request.
The proxy should only ignore further data between the client and remote if the proxy successfully established a TCP connection between them on the specified destination port.
IOW, if the client sends a CONNECT request that the proxy policy allows, the proxy should either queue or reject further communication from the client until the TCP connection has been successfully established and the proxy has responded to the client with "HTTP 200".
If the connection attempt fails, the proxy should provide an HTTP error response to the client and close the client-to-proxy connection.
Likewise, while the proxy does establish the end-to-end TCP connection between the client and upstream server, it is not responsible for any part of the encryption that may be involved in that communication - unless it specifically offers a "trusted MitM" feature such as TMG HTTPS Inspection or Juniper SSL Forward Proxy (other vendors have similar features).
Also, whether the McAffee proxy allows translating normal HTTP methods to CONNECT, then tunneling them to the upstream proxy is irrelevant to the question of whether the local proxy actually uses the host header or the host portion of the CONNECT request to determine policy applicability.
product information on a periodic basis. From the vendor's site:
FLEXnet Connect lets you electronically deliver applications, patches,
updates, and messages directly to your users' systems.
When connecting with this service, the client agent reports its product GUID,
current version information and finds out what updates for relevant installed
software are available. The client can also receive special instructions
(Rules) to help it evaluate if an update is relevant. These rules are in the
form of an active scripting language, such as VBScript. Unfortunately, these
rules are delivered insecurely, over HTTP, both unencrypted and unsigned as
medium such as the Internet. The SILC application of the same name
implements the protocol as an open source project. SILC is generally
used as a more secure replacement for Internet Relay Chat (IRC) networks
and other open and publicly accessible as well as private instant
messaging networks. A remote buffer overflow vulnerability found in a
library used by both the SILC server and client to process packets
containing cryptographic material may allow an un-authenticated client
to execute arbitrary code on the server with the privileges of the user
account running the server, or a malicious SILC server to compromise
client systems and execute arbitrary code with the privileges of the
user account running the SILC client program.
Next Page>>
|
