Next Page >>
products
Multiple file-parsing vulnerabilities leading to evasion in different antivirus(AV) products. All
affected products are command-line versions of
the AVs.
----------------------------
Vulnerability Descriptions
----------------------------
1. Specially crafted infected POSIX TAR files with "[aliases]" as first 9 bytes
evades detection.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Response: Multiple Vulnerabilities in Cisco Unified
Videoconferencing Products
http://www.cisco.com/warp/public/707/cisco-sr-20101117-cuvc.shtml
Revision 1.0
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter 4.1 Windows Update 1
vCenter 4.0 Windows affected, patch pending
VirtualCenter 2.5 Windows affected, no patch planned
has assigned the name CVE-2009-2905 to this issue.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted * any any not affected
RESOLUTION
HP has provided firmware updates and preliminary firmware updates to resolve this vulnerability. The firmware updates and preliminary firmware updates are available as described below.
Note: Each firmware update has instructions for finding the firmware version installed on the product.
Product - HP LaserJet 4345mfp
Resolved in Firmware Version - 09.120.9 or subsequent
Product - HP Color LaserJet 4730mfp
CVE-2009-2721, CVE-2009-2722, CVE-2009-2723, CVE-2009-2724.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter 4.0 Windows Update 1
VirtualCenter 2.5 Windows affected, patch pending
VirtualCenter 2.0.2 Windows affected, patch pending
Release mode: Coordinated but limited disclosure.
Ref : TZO-172009 - Trendmicro RAR,CAB,ZIP bypass/evasion
WWW : http://blog.zoller.lu/2009/04/trendmicro-multiple-evasion-and-bypass.html
Status : No patch, but mitigation recommendations for certain
products (see below)
Vendor : http://www.trendmicro.com/
Security notification reaction rating : Good
Notification to patch time window : n+1 days (no patch)
Disclosure Policy :
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======= ======= =================
vCenter 5.0 Windows patch pending
vCenter 4.1 Windows vCenter 4.1 Update 3
vCenter 4.0 Windows not applicable **
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted * any any not affected
1. Summary:
Several critical security vulnerabilities have been addressed
in patches in ESX and in the newest releases of VMware's hosted
product line.
2. Relevant releases:
VMware Workstation 6.0.3 and earlier,
VMware Workstation 5.5.6 and earlier,
VMware ESX 3.0.1 without patches ESX-1005108, ESX-1005112,
ESX-1005111, ESX-1004823,
ESX-1005117.
NOTE: Hosted products VMware Workstation 5.x, VMware Player 1.x,
and VMware ACE 1.x will reach end of general support
2008-11-09. Customers should plan to upgrade to the latest
version of their respective products.
Extended support (Security and Bug fixes) for ESX 3.0.2 ends
Summary
=======
The Apache HTTPd server contains a denial of service vulnerability
when it handles multiple, overlapping ranges. Multiple Cisco products
may be affected by this vulnerability.
Mitigations that can be deployed on Cisco devices within the network
are available in the Cisco Applied Intelligence companion document
for this Advisory:
Summary
=======
An industry-wide vulnerability exists in the Transport Layer Security
(TLS) protocol that could impact any Cisco product that uses any version
of TLS and SSL. The vulnerability exists in how the protocol handles
session renegotiation and exposes users to a potential man-in-the-middle
attack.
This advisory is posted at
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not affected
hosted * any any not affected
Author: Nikolas Sotiriu (lofi)
Website: http://sotiriu.de
Mail: nso-research at sotiriu.de
URL: http://sotiriu.de/adv/NSOADV-2010-001.txt
Vendor: Panda Security (http://www.pandasecurity.com/)
Affected Products: (Self tested)
-Panda Security for Business 4.04.10
-Panda Security for Business with Exchange
4.04.10
-Panda Security for Enterprise 4.04.10
-Panda Internet Security 2010 (15.01.00)
OVERVIEW
InstallShield Update Agent uses insecure methods of retrieving operational
script code from unauthenticated, unverified external sources over HTTP.
Arbitrary remote code execution is possible on all known product versions.
DESCRIPTION
InstallShield Update Agent connects to and communicates with centralized
Acresso (formerly Macrovision) FLEXnet Connect servers for updates and other
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
========= ======== ======= =================
vCenter any Windows not affected
hosted* any any not affected
- -------------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2010-0007
Synopsis: VMware hosted products, vCenter Server and ESX
patches resolve multiple security issues
Issue date: 2010-04-09
Updated on: 2010-04-09 (initial release of advisory)
CVE numbers: CVE-2010-1142 CVE-2010-1140 CVE-2009-2042
CVE-2009-1564 CVE-2009-1565 CVE-2009-3732
- -------------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2010-0007
Synopsis: VMware hosted products, vCenter Server and ESX
patches resolve multiple security issues
Issue date: 2010-04-09
Updated on: 2010-04-09 (initial release of advisory)
CVE numbers: CVE-2010-1142 CVE-2010-1140 CVE-2009-2042
CVE-2009-1564 CVE-2009-1565 CVE-2009-3732
Release Date: 09.01.2010
Author: Nikolas Sotiriu (lofi)
Mail: nso-research at sotiriu.de
URL: http://sotiriu.de/adv/NSOADV-2010-001.txt
Vendor: Panda Security (http://www.pandasecurity.com/)
Affected Products: (Self tested)
-Panda Security for Business 4.04.10
-Panda Security for Business with Exchange
4.04.10
-Panda Security for Enterprise 4.04.10
-Panda Internet Security 2010 (15.01.00)
- ---------------------------------------------------------------------
Summary
=======
Multiple Cisco products contain either of two authentication
vulnerabilities in the Simple Network Management Protocol version 3
(SNMPv3) feature. These vulnerabilities can be exploited when
processing a malformed SNMPv3 message. These vulnerabilities could
allow the disclosure of network information or may enable an attacker
to perform configuration changes to vulnerable devices. The SNMP
- ------------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2009-0005
Synopsis: VMware Hosted products, VI Client and patches for ESX
and ESXi resolve multiple security issues
Issue date: 2009-04-03
Updated on: 2009-04-03 (initial release of advisory)
CVE numbers: CVE-2008-4916 CVE-2008-3761 CVE-2009-1146
CVE-2009-1147 CVE-2009-0909 CVE-2009-0910
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Multiple Cisco Products Vulnerable to DNS Cache
Poisoning Attacks
Advisory ID: cisco-sa-20080708-dns
http://www.cisco.com/warp/public/707/cisco-sa-20080708-dns.shtml
vulnerability.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20080528-cw.shtml.
Affected Products
=================
Vulnerable Products
+------------------
This advisory is posted at:
http://www.cisco.com/warp/public/707/cisco-sa-20101027-cs.shtml
Affected Products
=================
Vulnerable Products
+------------------
For Public Release 2012 February 29 16:00 UTC (GMT)
Summary
=======
The Cisco Wireless LAN Controller (WLC) product family is affected by
the following vulnerabilities:
* Cisco Wireless LAN Controllers HTTP Denial of Service Vulnerability
* Cisco Wireless LAN Controllers IPv6 Denial of Service Vulnerability
* Cisco Wireless LAN Controllers WebAuth Denial of Service Vulnerability
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product * Version on Apply Patch **
============= ======== ======= =================
vCenter any Windows not affected
Workstation 8.x any not affected
Effective May 2010, VMware's patch and update release program during
Extended Support will be continued with the condition that all
subsequent patch and update releases will be based on the latest
baseline release version as of May 2010 (i.e. ESX 3.0.3 Update 1,
ESX 3.5 Update 5, and VirtualCenter 2.5 Update 6). Refer to section
"End of Product Availability FAQs" at
http://www.vmware.com/support/policies/lifecycle/vi/faq.html for
details.
Extended support for ESX 3.0.3 ends on 2011-12-10. Users should plan
to upgrade to at least ESX 3.5 and preferably to the newest release
Effective May 2010, VMware's patch and update release program during
Extended Support will be continued with the condition that all
subsequent patch and update releases will be based on the latest
baseline release version as of May 2010 (i.e. ESX 3.0.3 Update 1,
ESX 3.5 Update 5, and VirtualCenter 2.5 Update 6). Refer to section
"End of Product Availability FAQs" at
http://www.vmware.com/support/policies/lifecycle/vi/faq.html for
details.
Extended support for ESX 3.0.3 ends on 2011-12-10. Users should plan
to upgrade to at least ESX 3.5 and preferably to the newest release
Effective May 2010, VMware's patch and update release program during
Extended Support will be continued with the condition that all
subsequent patch and update releases will be based on the latest
baseline release version as of May 2010 (i.e. ESX 3.0.3 Update 1,
ESX 3.5 Update 5, and VirtualCenter 2.5 Update 6). Refer to section
"End of Product Availability FAQs" at
http://www.vmware.com/support/policies/lifecycle/vi/faq.html for
details.
Extended support for ESX 3.0.3 ends on 2011-12-10. Users should plan
to upgrade to at least ESX 3.5 and preferably to the newest release
Next Page>>
|
