Next Page >>
lists
- Proximity Card Hacking
- Cryptographic Cracking Using FPGA Technology
We would love to see the same breadth and depth of submissions as we
have in previous years, so if you have an idea you're on the fence
about - please send it in! For a complete list of past presentations,
visit www.layerone.info.
Please be sure to include the following information in your submission:
- Presentation name
* CSCsq62662 - ACE XML Gw SNMPv3 HMAC Authentication issue
* CSCsq60664 - ACE Appliance SNMPv3 HMAC Authentication issue
* CSCsq60695 - ACE Module SNMPv3 HMAC Authentication issue
* CSCsq60582 - Nexus SNMPv3 HMAC Authentication issue
Note: Although multiple software defects are listed, this advisory
only identifies two vulnerabilities. Because different Cisco products
require their own fixes, additional Bug IDs have been assigned.
Vulnerability Scoring Details
=============================
socket table by clearing the associated TCB with the "clear tcp tcb
0x<address>" command.
Devices could be vulnerable if examining the output of the CLI command
"debug ip tcp transactions", displays the error messages "connection
queue limit reached: port <port number>" or "No wild listener: port
<port number>".
Devices could also be vulnerable if output from repetitive show tcp
brief all CLI commands indicates many TCBs in the state SYNRCVD or
SYNSENT.
application using the newt library.
The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the name CVE-2009-2905 to this issue.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20090325-tcp.shtml
Note: The March 25, 2009, Cisco IOS Security Advisory bundled
publication includes eight Security Advisories. All of the advisories
address vulnerabilities in Cisco IOS Software. Each advisory lists
the releases that correct the vulnerability or vulnerabilities in the
advisory. The following table lists releases that correct all Cisco
IOS Software vulnerabilities that have been published in Cisco
Security Advisories on March 25, 2009, or earlier.
JRE 1.5.0_20: CVE-2009-2625, CVE-2009-2670, CVE-2009-2671,
CVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2676,
CVE-2009-2716, CVE-2009-2718, CVE-2009-2719, CVE-2009-2720,
CVE-2009-2721, CVE-2009-2722, CVE-2009-2723, CVE-2009-2724.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
Note: The September 24, 2008 IOS Advisory bundled publication
includes twelve Security Advisories. Eleven of the advisories address
vulnerabilities in Cisco's IOS software, and one advisory addresses
vulnerabilities in Cisco Unified Communications Manager. Each
Advisory lists the releases that correct the vulnerability described
in the Advisory. Please reference the following software table to
find a release that fixes all published IOS software Advisories as of
September 24th, 2008:
http://www.cisco.com/warp/public/707/cisco-sa-20080924-bundle.shtml
Note: The September 24, 2008 IOS Advisory bundled publication
includes twelve Security Advisories. Eleven of the advisories address
vulnerabilities in Cisco's IOS^ software, and one advisory addresses
vulnerabilities in Cisco Unified Communications Manager. Each
Advisory lists the releases that correct the vulnerability described
in the Advisory. Please reference the following software table to
find a release that fixes all published IOS software Advisories as of
September 24th, 2008:
http://www.cisco.com/warp/public/707/cisco-sa-20080924-bundle.shtml
Multiple vulnerabilities exist in the Session Initiation Protocol
(SIP) implementation in Cisco IOS that can be exploited remotely to
trigger a memory leak or to cause a reload of the IOS device.
Cisco has released free software updates that address these
vulnerabilities. Fixed Cisco IOS software listed in the Software
Versions and Fixes section contains fixes for all vulnerabilities
addressed in this advisory.
There are no workarounds available to mitigate the effects of any of
the vulnerabilities apart from disabling the protocol or feature
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2008-5416, CVE-2008-0085, CVE-2008-0086,
CVE-2008-0107 and CVE-2008-0106 to the issues addressed in MS SQL
Express Service Pack 3.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
has assigned the name CVE-2012-1516 to this issue.
VMware would like to thank Derek Soeder of Ridgeway Internet
Security, L.L.C. for reporting this issue to us.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
* Crafted TCP ACK Packet Vulnerability
* Crafted TLS Packet Vulnerability
* Instant Messenger Inspection Vulnerability
* Vulnerability Scan Denial of Service
* Control-plane Access Control List Vulnerability
The first four vulnerabilities may lead to a denial of service (DoS)
condition and the fifth vulnerability may allow an attacker to bypass
control-plane access control lists (ACL).
Note: The September 23, 2009, Cisco IOS Security Advisory bundled
publication includes eleven Security Advisories. Ten of the
advisories address vulnerabilities in Cisco IOS Software, and one
advisory addresses a vulnerability in Cisco Unified Communications
Manager. Each advisory lists the releases that correct the
vulnerability or vulnerabilities detailed in the advisory. The
following table lists releases that correct all Cisco IOS Software
vulnerabilities that have been published on September 23, 2009, or
earlier.
has assigned the names CVE-2006-6304, CVE-2009-2910, CVE-2009-3080,
CVE-2009-3556, CVE-2009-3889, CVE-2009-3939, CVE-2009-4020,
CVE-2009-4021, CVE-2009-4138, CVE-2009-4141, and CVE-2009-4272 to
the security issues fixed in kernel 2.6.18-164.11.1.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
VULNERABILITY SUMMARY
Potential vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). The vulnerabilities could be exploited remotely to execute arbitrary code.
References: CVE-2009-0920, CVE-2009-0921
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP OpenView Network Node Manager (OV NNM) v7.01, v7.51, v7.53 running on HP-UX, Linux, Solaris, and Windows
BACKGROUND
CVSS 2.0 Base Metrics
VULNERABILITY SUMMARY
Potential vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). The vulnerabilities could be exploited remotely to execute arbitrary code.
References: CVE-2009-0920, CVE-2009-0921
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP OpenView Network Node Manager (OV NNM) v7.01, v7.51, v7.53 running on HP-UX, Linux, Solaris, and Windows
BACKGROUND
CVSS 2.0 Base Metrics
Note: The September 24, 2008 IOS Advisory bundled publication
includes twelve Security Advisories. Eleven of the advisories address
vulnerabilities in Cisco's IOS software, and one advisory addresses
vulnerabilities in Cisco Unified Communications Manager. Each
Advisory lists the releases that correct the vulnerability described
in the Advisory. Please reference the following software table to
find a release that fixes all published IOS software Advisories as of
September 24th, 2008:
http://www.cisco.com/warp/public/707/cisco-sa-20080924-bundle.shtml
contains multiple denial of service (DoS) vulnerabilities that may
cause an interruption in voice services, if exploited. These
vulnerabilities were discovered internally by Cisco. The following
Cisco Unified Communications Manager services are affected:
* Certificate Trust List (CTL) Provider
* Certificate Authority Proxy Function (CAPF)
* Session Initiation Protocol (SIP)
* Simple Network Management Protocol (SNMP) Trap
Cisco has released free software updates that address these
contains multiple denial of service (DoS) vulnerabilities that may
cause an interruption in voice services, if exploited. These
vulnerabilities were discovered internally by Cisco. The following
Cisco Unified Communications Manager services are affected:
* Certificate Trust List (CTL) Provider
* Certificate Authority Proxy Function (CAPF)
* Session Initiation Protocol (SIP)
* Simple Network Management Protocol (SNMP) Trap
Cisco has released free software updates that address these
Advisory: SugarCRM list privilege restriction bypass
RedTeam Pentesting discovered a vulnerability in SugarCRM that allows
logged in users to bypass restrictions of their list privilege, allowing
to list all entries.
Details
=======
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with certain HP printers and HP digital senders. The vulnerability could be exploited remotely to install unauthorized printer firmware.
References: CVE-2011-4161
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP LaserJet Enterprise 500 color M551
HP LaserJet Enterprise 600 M601
HP LaserJet Enterprise 600 M602
- Manually upgrade tools in the virtual machine (virtual machine
users will not be prompted to upgrade). Note the VI Client will
not show the VMware tools is out of date in the summary tab.
Please see http://tinyurl.com/27mpjo page 80 for details.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available. See above for remediation
details.
VMware Product Running Replace with/
Product Version on Apply Patch
- -----/
The vulnerability is triggered in ntdll.dll. The code corresponds to the
function RtlAllocateHeap when a new node is added to the double-linked
list of heap chunks. As can be seen, both EAX and ECX contain arbitrary
values controlled by the attacker (0x41414141). This is the Call Stack
when the crash occurs:
/-----
Call stack of main thread
- Manually upgrade tools in the virtual machine (virtual machine
users will not be prompted to upgrade). Note the VI Client will
not show the VMware tools is out of date in the summary tab.
Please see http://tinyurl.com/27mpjo page 80 for details.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available. See above for remediation
details.
VMware Product Running Replace with/
Product Version on Apply Patch
2. Problem description and Impact
=================================
In debug mode (-v -v), fetchmail prints information that was obtained from the
upstream server (POP3 UIDL lists) or from message headers retrieved from it.
If printing such information fails, for instance because there are invalid
multibyte character sequences in this information (message headers), fetchmail
will misinterpret this condition, and believe that the buffer was too small,
and reallocate a bigger one (with linearly increasing buffer size), and repeat,
until the allocation fails. At that point, fetchmail will abort.
* Crafted H.323 packet DoS vulnerability
* SQL*Net packet DoS vulnerability
* Access control list (ACL) bypass vulnerability
Workarounds are available for some of the vulnerabilities.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20090408-asa.shtml.
Summary: CA products that embed Ingres contain multiple
vulnerabilities that can allow a remote attacker to execute
arbitrary code, gain privileges, or cause a denial of service
condition. These vulnerabilities exist in the products and on the
platforms listed below. These vulnerabilities do not impact any
Windows-based Ingres installation. The first vulnerability,
CVE-2008-3356, allows an unauthenticated attacker to potentially
set the user and/or group ownership of a verifydb log file to be
Ingres allowing read/write permissions to both. The second
vulnerability, CVE-2008-3357, allows an unauthenticated attacker
The Cisco Wireless LAN Controller (WLC) product family is affected by
these vulnerabilities:
* Two denial of service (DoS) vulnerabilities
* Three privilege escalation vulnerabilities
* Two access control list (ACL) bypass vulnerabilities
Note: These vulnerabilities are independent of one another. A device
may be affected by one vulnerability and not affected by another.
Cisco has released free software updates that address these
Note: The September 22, 2010, Cisco IOS Software Security Advisory
bundled publication includes six Cisco Security Advisories. Five of
the advisories address vulnerabilities in Cisco IOS Software, and one
advisory addresses vulnerabilities in Cisco Unified Communications
Manager. Each advisory lists the releases that correct the
vulnerability or vulnerabilities detailed in the advisory. The table
at the following URL lists releases that correct all Cisco IOS
Software vulnerabilities that have been published on September 22,
2010, or earlier:
CVE: CVE-2010-2860
Finding:
The Celerra appliance's NFS server freely exports its "/" file system and
enforces access using a factory-defined list of authorized IP addresses.
The addresses found on a recent model are listed in the showmount example
below, however this list may differ depending on product version. The IP
addresses are intended for communication internal to the appliance, but are
still accepted from external sources. An attacker can mount this file system
by spoofing an authorized IP address.
Next Page>>
|
