Next Page >>
environmental
the checkPermission method instead of throwing an exception in certain
circumstances, which might allow context-dependent attackers to bypass
the intended security policy by creating instances of ClassLoader
(CVE-2010-4351).
Unspecified vulnerability in the Java Runtime Environment (JRE)
in Oracle Java SE and Java for Business 6 Update 23 and earlier,
5.0 Update 27 and earlier, and 1.4.2_29 earlier allows remote
untrusted Java Web Start applications and untrusted Java applets to
affect integrity via unknown vectors related to Networking. NOTE: the
previous information was obtained from the February 2011 CPU. Oracle
4 - Publically, customer and vendor would look bad if they did not
install the fix immediately -- as soon as it is available
I am very well aware of what is going on out there in industry:
Customers do not install patches unless they have to, because various
realities of the environment make it hard. That does not make
deferring the repairs acceptable. The public eye can help improve
this situation.
> This is obvious because there is no patch until either
> the vendor releases one, or staff using the product are capable of
Problem Description:
Multiple vulnerabilities were discovered and corrected in
java-1.6.0-openjdk:
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29
and earlier, and 1.4.2_31 and earlier allows remote untrusted Java
Web Start applications and untrusted Java applets to affect integrity
via unknown vectors related to Deserialization (CVE-2011-0865).
Details
=======
TCP provides reliable data transmission services in packet-switched
network environments. TCP corresponds to the transport layer (Layer
4) of the OSI reference model. Among the services TCP provides are
stream data transfer, reliability, efficient flow control, full-duplex
operation, and multiplexing.
When TCP connections are terminated in Cisco IOS Software, they are
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of
the vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding
CVSS at
There is an unbelievable simple local r00t bug in recent FreeBSD versions.
I audited FreeBSD for local r00t bugs a long time *sigh*. Now it pays out.
The bug resides in the Run-Time Link-Editor (rtld).
Normally rtld does not allow dangerous environment variables like LD_PRELOAD
to be set when executing setugid binaries like "ping" or "su".
With a rather simple technique rtld can be tricked into
accepting LD variables even on setugid binaries.
See the attached exploit for details.
=============================================================================
FreeBSD-SA-09:16.rtld Security Advisory
The FreeBSD Project
Topic: Improper environment sanitization in rtld(1)
Category: core
Module: rtld
Announced: 2009-12-03
Affects: FreeBSD 7.0 and later.
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02563225
Version: 1
HPSBMA02599 SSRT100235 rev.1 - HP Virtual Server Environment for Windows, Remote Arbitrary File Download
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2010-10-25
Last Updated: 2010-10-25
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02749050
Version: 1
HPSBMA02665 SSRT100185 rev.1 - HP Virtual Server Environment for Windows, Remote Privilege Elevation
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2011-04-20
Last Updated: 2011-04-20
How to determine if the installation is affected
CA Service Desk 12.1
Windows Environment:
1. Locate the files "webengine.exe" and "freeaccess.spl". The files
are located in the "$NX_ROOT\bin" and "$NX_ROOT\bopcfg\www" directory
respectively.
2. Right click on each of the files and select Properties.
device.
The following example identifies a Cisco Network Building Mediator
that is running Mediator Framework version 3.1.1:
Mediator Operating Environment 3.0.4
Mediator Framework (tm) 3.1.1
Copyright ) 2010 Cisco Systems, Inc.
Serial number 05-xxxxx
http://netwinsite.com/webmail/
Versions: SurgeMail <= 38k4 and beta 39a
Netwin's WebMail <= 3.1s (only bug A)
Platforms: Windows, Linux, FreeBSD, MacOSX and Solaris
Bugs: A] format string in webmail.exe's page command
B] buffer-overflow in the building of environment strings
Exploitation: remote
Date: 25 Feb 2008
Author: Luigi Auriemma
e-mail: aluigi@autistici.org
web: aluigi.org
FreeBSD since August 2001, and due to the lack of cryptographic security
in the TELNET protocol, it is strongly recommended that the SSH protocol
be used instead. The FreeBSD telnet daemon can be enabled via the
/etc/inetd.conf configuration file and the inetd(8) daemon.
The TELNET protocol allows a connecting client to specify environment
variables which should be set in any created login session; this is used,
for example, to specify terminal settings.
II. Problem Description
Series Switch and Cisco 7600 Series Router).
Cisco Wireless Controllers
+-------------------------
To determine the WLC version that is running in a given environment,
use one of the following methods:
* In the web interface, choose the "Monitor" tab, click "Summary" in
the left pane, and note the "Software Version" field.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of
the vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding
CVSS at:
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html
Cisco Catalyst 6500 Series Switch and Cisco 7600 Series Router).
Cisco Wireless Controllers
~~~~~~~~~~~~~~~~~~~~~~~~~~
To determine the WLC version that is running in a given environment,
use one of these methods:
* In the web interface, choose the "Monitor" tab, click "Summary" in
the left pane, and note the "Software" Version field.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of
the vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding
CVSS at:
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of
the vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding
CVSS at:
later.
Determination of Software Versions
+---------------------------------
To determine the WLC version that is running in a given environment,
use one of the following methods:
* In the web interface, choose the Monitor tab, click Summary in
the left pane, and note the Software Version field.
Details
=======
The Cisco Tunneling Control Protocol (cTCP) feature is used by Easy
VPN remote device operating in an environment in which standard IPSec
does not function transparently without modification to existing
firewall rules. The cTCP traffic is actually TCP traffic. Cisco IOS
cTCP packets are Internet Key Exchange (IKE) or Encapsulating
Security Payload (ESP) packets that are being transmitted over TCP.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of
the vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding
CVSS at
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html
Cisco is providing scores for the vulnerabilities in this advisory based
on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in
this Security Advisory is done in accordance with CVSS version 2.0.
Cisco will provide a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of the
vulnerability in individual networks.
Cisco PSIRT will set the bias in all cases to normal. Customers
are encouraged to apply the bias parameter when determining the
environmental impact of a particular vulnerability.
-----------------------------------------------------
When you speak of security threats you mostly speak about unsecure protocols, weak encryption
algorithms, buffer overflows, privileges escalation, human factor, etc.
There are also another class of attacks that are quite well documented and based on an environmental
analysis of a secure component you want to unsecure. These are known as "timing attacks".
Timing attacks were very popular years ago and this field of research is still under progress.
Briefly, timing attacks consist of analyzing the time it takes for a system to compute data in
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
Cisco will provide a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of
the vulnerability in individual networks.
Customers are encouraged to apply the bias parameter when determining
the environmental impact of a particular vulnerability.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of the
vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding CVSS
at:
Cisco is providing scores for the vulnerabilities in this advisory based on the
Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security
Advisory is done in accordance with CVSS version 2.0.
Cisco will provide a base and temporal score. Customers can then compute
environmental scores to assist in determining the impact of the vulnerability
in individual networks.
Cisco PSIRT will set the bias in all cases to normal. Customers are encouraged
to apply the bias parameter when determining the environmental impact of a
particular vulnerability.
An integer overflow flaw was found in Pulse-Java when handling Pulse
audio source data lines. An attacker could use this flaw to cause an
applet to crash, leading to a denial of service (CVE-2009-0794).
A flaw in Java Runtime Environment initialized LDAP connections
allows authenticated remote users to cause denial of service on the
LDAP service (CVE-2009-1093).
A flaw in the Java Runtime Environment LDAP client in handling server
LDAP responses allows remote attackers to execute arbitrary code on
Only WLC software version 4.2.173.0 is affected by this vulnerability.
Determination of Software Versions
+---------------------------------
To determine the WLC version that is running in a given environment, use
one of the following methods:
* In the web interface, choose the Monitor tab, click Summary in
the left pane, and note the Software Version.
* From the command-line interface, type "show sysinfo" and note the
Cisco is providing scores for the vulnerabilities in this advisory based
on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in
this Security Advisory is done in accordance with CVSS version 2.0.
Cisco will provide a base and temporal score. Customers can then compute
environmental scores to assist in determining the impact of the
vulnerability in individual networks.
Cisco PSIRT will set the bias in all cases to normal. Customers are
encouraged to apply the bias parameter when determining the environmental
impact of a particular vulnerability.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of
the vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding
CVSS at:
Next Page>>
|
