Next Page >>
endpoint
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Multiple Vulnerabilities in Cisco
TelePresence Endpoint Devices
Advisory ID: cisco-sa-20110223-telepresence-cts
Revision 1.0
the Cisco Clientless VPN solution. A remote, unauthenticated attacker
who could convince a user to connect to a malicious web page could
exploit this issue to execute arbitrary code on the affected machine
with the privileges of the web browser.
The affected ActiveX control is distributed to endpoint systems by
Cisco ASA. However, the impact of successful exploitation of this
vulnerability is to the endpoint system only and does not compromise
Cisco ASA devices.
Cisco has released free software updates that address this
classes and can be found in the
flex-messaging-common.jar Java archive.
The HTTPChannel transports data in the AMFX format,
which is the text-based XML representation of AMF.
The HTTPChannel endpoints are defined in the
services-config.xml file, located within the
Flex/WEB-INF folder of the application.
By default, the HTTPChannel classes are mapped to
the following endpoints:
goto :here
Now since the smcgui.exe is running in the user account, It will not be
denied access to.
When the batch file is running, Open the file "c:\Program
Files\Symantec\Symantec Endpoint Protection\symcorpui.exe"
Even if the password has been set or the administrator has disabled the user
to open the GUI, All the conditions will be bypassed.
And as I said before, The Help and Support > Troubleshooting will show the
server as offline for the client and the NTP will not be visible if its
installed.
As an update, Keep track of this thread as well.
https://forums.symantec.com/syment/board/message?board.id=endpoint_protection11&message.id=26289
--------------------------------------------------
From: "Sandeep Cheema" <51l3n7@live.in>
Sent: Friday, February 20, 2009 11:01 AM
To: <bugtraq@securityfocus.com>
Subject: Re: SEPKILL /im SMC.EXE /f
Please note the following. I have reported this to Symantec at
https://forums.symantec.com/syment/board/message?board.id=endpoint_protection11&thread.id=25786&view=by_date_ascending&page=2
Symantec,
Trend Micro DLP solutions also offer advanced DataDNA fingerprinting to
secure
unstructured data and intellectual property and protect all data modalities:
data at rest, data in use and data in motion.
Trend Micro DLP for Endpoint – non-intrusive monitoring and enforcement
client
software detects and prevents data loss at each endpoint, across the
broadest
variety of threat vectors, whether online or off.
http://labs.idefense.com/intelligence/vulnerabilities/
Dec 24, 2007
I. BACKGROUND
Novell ZENworks Endpoint Security Management (ESM) Security Client
provides centrally managed, policy based firewall protection for
clients. It is designed to be installed on all workstations within the
enterprise. More information is available on the vendor's site at the
following URL.
======================================================================
Secunia Research 29/10/2010
- SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX Control -
- "Install3rdPartyComponent()" Method Buffer Overflow -
======================================================================
Table of Contents
title: Client-side remote file upload & command execution
product: Check Point SSL VPN On-Demand applications (signed
Java applet and ActiveX control)
* SSL Network Extender (SNX)
* SecureWorkSpace
* Endpoint Security On-Demand
supplied by Check Point Connectra or other security
gateways
vulnerable version: multiple products, see sections below
fixed version: multiple products, see sections below
CVE number: CVE-2011-1827
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02901775
Version: 1
HPSB3C02687 SSRT100377 rev.1 - HP Intelligent Management Center User Access Manager (UAM) and Endpoint Admission Defense (EAD), Remote Execution of Arbitrary Code
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2011-06-30
Last Updated: 2011-06-30
Background:
===========
SonicWALL has added the award-winning Aventail SSL VPN product line to
our E-Class SRA appliances. Aventail's best-of-breed SSL VPNs deliver
secure remote access to the most resources from the most end point
locations. Aventail was named in the Visionaries Quadrant in the SSL
VPN Magic Quadrant Report from Gartner, considered to be the leading
analyst firm covering the SSL VPN industry.
(Product description from Website)
ZDI-11-169: IBM Tivoli Endpoint lcfd.exe opts Argument Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-169
May 31, 2011
-- CVE ID:
CVE-2011-1220
-- CVSS:
R7-0038: Check Point Endpoint Security Server Information Disclosure
February 7, 2011
-- Vulnerability Details:
The Check Point Endpoint Security Server and Integrity Server products inadvertently expose a number of private directories through the web interface. These directories include the SSL private keys, sensitive configuration files (often containing passwords), and application binaries.
Examples of exposed files include:
https://server/conf/ssl/apache/integrity-smartcenter.cert
. Only run IE in Protected Mode if it is available on the operating
system.
. Use a different web browser to navigate untrusted web sites.
Additionally, although disabling file sharing if it is not necessary and
filtering outbound SMB connections at the endpoint or network perimeter
may not prevent exploitation it is generally a good security measure to
prevent disclosure of sensitive information such as valid usernames of
endpoint users.
Microsoft has issued a patch to fix the vulnerability and a detailed
[Software]
- Trend WebReputation API
[Vendor Product Description]
- Secure any endpoint – physical or virtual – with the industry’s strongest,
most reliable protection, while reducing the impact on your endpoint resources.
Harness the power of the cloud with to-the-second protection from the
Trend Micro Smart Protection Network.
Ground-breaking new virtualization awareness delivers the latest
endpoint solutions along with
exposes customers to unecessary risk. To counteract I'd like to drop
this note.
Checkpoint SNX Escalation of Privileges Vulnerability
======================================================
Product:SSL Network Extender, Endpoint Security Client, Endpoint Connect, Endpoint Security VPN
Version:R73
URL : https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk60510
The following product versions are not vulnerable:
* EPS R80
6. *Vendor Information, Solutions and Workarounds*
The Intel Alert Management System is only present in versions of
Symantec Endpoint Protection previous to 11.x. During the SEP 11.x
engineering phase SEP was rewritten so that it no longer uses Intel AMS
code. The installation of AMS is disabled by default for SEP versions
that include it. The only workaround is to disable Intel AMS.
*Vulnerability Description*
CORE FORCE is the first community oriented security solution for personal
computers that provides a comprehensive endpoint security solution for
Windows 2000 and Windows XP systems.
CORE FORCE provides inbound and outbound stateful packet filtering for
TCP/IP protocols using a Windows port of OpenBSD's PF firewall, granular
file system and registry access control and programs' integrity
http://www.microsoft.com/en-us/server-cloud/forefront/unified-access-gateway.aspx
Vulnerability overview/description:
-----------------------------------
The client-side endpoint security solution (Microsoft Forefront UAG),
e.g. supplied by Microsoft Outlook Web App, uses either a signed Java
applet (Remote Access Agent) or an ActiveX Control (Endpoint
Components) to connect to a VPN and perform local compliance scans on
the client.
your reports. It may take until early AM US EDT to complete or possibly
early AM Central European Time."
22.05.2009 - IBM sends in the results, and *surprise* it DID evade proventia.
Quote:"
IBM Proventia Desktop Endpoint Security - susceptible
IBM Proventia Network Multi-Function Security (MFS) - susceptible
Multiple engines are susceptible to this evasion. We are working internally
and with third-party OEM vendors to create a fix for this evasion. For our
own engine, we have placed a fix on our long-term development roadmap, but
TZ> your reports. It may take until early AM US EDT to complete or possibly
TZ> early AM Central European Time."
TZ> 22.05.2009 - IBM sends in the results, and *surprise* it DID evade proventia.
TZ> Quote:"
TZ> IBM Proventia Desktop Endpoint Security - susceptible
TZ> IBM Proventia Network Multi-Function Security (MFS) - susceptible
TZ> Multiple engines are susceptible to this evasion. We are working internally
TZ> and with third-party OEM vendors to create a fix for this evasion. For our
TZ> own engine, we have placed a fix on our long-term development roadmap, but
2. CVE-2011-2543 (CSCtq46496)
3. CVE-2011-2577 (CSCtq46500)
Details.
Cisco TelePresence is an umbrella term for Video Conferencing Hardware
and Software, Infrastructure and Endpoints. The C & MXP Series are the
Endpoints used on desks or in boardrooms to provide users with a
termination point for Video Conferencing.
1. Post-authentication HTML Injection - CVE-2011-2544 (CSCtq46488):
Cisco TelePresence Endpoints have a web interface (HTTP or HTTPS) for
to execute arbitrary code (CVE-2009-1097).
A buffer overflow in GIF images handling allows remote attackers to
execute arbitrary code via an crafted GIF image (CVE-2009-1098).
A flaw in the Java API for XML Web Services (JAX-WS) service endpoint
handling allows remote attackers to cause a denial of service on the
service endpoint's server side (CVE-2009-1101).
A flaw in the Java Runtime Environment Virtual Machine code generation
allows remote attackers to execute arbitrary code via a crafted applet
TZ>> your reports. It may take until early AM US EDT to complete or possibly
TZ>> early AM Central European Time."
TZ>> 22.05.2009 - IBM sends in the results, and *surprise* it DID evade proventia.
TZ>> Quote:"
TZ>> IBM Proventia Desktop Endpoint Security - susceptible
TZ>> IBM Proventia Network Multi-Function Security (MFS) - susceptible
TZ>> Multiple engines are susceptible to this evasion. We are working internally
TZ>> and with third-party OEM vendors to create a fix for this evasion. For our
TZ>> own engine, we have placed a fix on our long-term development roadmap, but
* Cisco TelePresence Multipoint Switch - CSCth61065
* Cisco TelePresence Recording Server - CSCth85786
The Cisco Discovery Protocol Remote Code Execution vulnerability
affects Cisco TelePresence endpoint devices, Manager, Multipoint
Switch, and Recording Server. The defect as related to each component
is covered in each associated advisory. The Cisco bug IDs for these
defects are as follows:
* Cisco TelePresence endpoint devices - CSCtd75754
that were identified three years ago by Linhart, Klein, Heled and Orrin.
The essential premise of their HTTP Request Smuggling whitepaper [15] holds
that the subtle differences in request parsing yield surprisingly
disastrous results. The same is true where a CR-LF line termination,
delimiter, etc. can be tunneled through proxy layers which are conforming
across into a nonconforming endpoint.
The risks of this vector are not limited in any manner to the http
request line, however. Any multi-tier service may be at risk provided
that 1) the end point accepts invalid UTF-8 sequences, 2) an intermediate
transport layer performs no UTF-8 decoding, and 3) the intermediate
- McAfee VirusScan Commandline
- Mcafee SecurityShield for Microsoft ISA Server
- Mcafee Security for Microsoft Sharepoint
- Mcafee Security for Email Servers
- McAfee Email Gateyway
- McAfee Total Protection for Endpoint
- McAfee Active Virus Defense
- McAfee Active VirusScan
It is unkown whether SaaS were affected (tough likely) :
- McAfee Email Security Service
to execute arbitrary code (CVE-2009-1097).
A buffer overflow in GIF images handling allows remote attackers to
execute arbitrary code via an crafted GIF image (CVE-2009-1098).
A flaw in the Java API for XML Web Services (JAX-WS) service endpoint
handling allows remote attackers to cause a denial of service on the
service endpoint's server side (CVE-2009-1101).
A flaw in the Java Runtime Environment Virtual Machine code generation
allows remote attackers to execute arbitrary code via a crafted applet
. Disable Active Scripting for the Internet and Local Intranet zones
manually with a custom security setting.
. Use a different web browser to navigate untrusted web sites.
Additionally, disabling file sharing if it is not necessary and
filtering outbound SMB connections at the endpoint or network perimeter
are good security measures to prevent disclosure of sensitive
information such as valid user, system and domain names that could be
used to perform attacks that abuse the vulnerabilities described in this
advisory.
Next Page>>
|
