Next Page >>
protocols
2.Vulnerablity description
3.Vulnerable systems
4.Vendor Information, solutions and workarounds
5.Credits
6.Technical description
6.1.NTLMv1 authentication protocol
6.2.The Flaws
6.3.Detecting if the SMB service generates duplicate 8-byte challenges
6.4.Exploiting duplicate challenges
6.4.1.Proof-of-Concept Exploit
6.5.Predicting challenges
following vulnerabilities:
* Cisco ASA UDP Inspection Engine Denial of Service Vulnerability
* Cisco ASA Threat Detection Denial of Service Vulnerability
* Cisco ASA Syslog Message 305006 Denial of Service Vulnerability
* Protocol-Independent Multicast Denial of Service Vulnerability
These vulnerabilities are independent of each other; a release that is
affected by one of the vulnerabilities may not be affected by the
others.
Summary
=======
Cisco IOS contains multiple vulnerabilities in the Data-link
Switching (DLSw) feature that may result in a reload or memory leaks
when processing specially crafted UDP or IP Protocol 91 packets.
Cisco has released free software updates that address these
vulnerabilities. Workarounds are available to mitigate the effects of
these vulnerabilities.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Cisco IOS User Datagram Protocol Delivery
Issue For IPv4/IPv6 Dual-stack Routers
Advisory ID: cisco-sa-20080326-IPv4IPv6
http://www.cisco.com/warp/public/707/cisco-sa-20080326-IPv4IPv6.shtml
Hello, folks,
The United Kingdom's Centre for the Protection of National
Infrastructure has just released the document "Security Assessment of
the Transmission Control Protocol (TCP)", on which I have had the
pleasure to work during the last few years.
The motivation to produce this document is explained in the Preface of
the document as follows:
Hello, folks,
The United Kingdom's Centre for the Protection of National Infrastructure
has just released the document "Security Assessment of the Internet
Protocol", on which I have had the pleasure to work during the last year or
so.
The motivation to produce this document is explained in the Preface of the
document as follows:
Multipoint Switch. This security advisory outlines details of the
following vulnerabilities:
* Unauthenticated Java Servlet Access
* Unauthenticated Arbitrary File Upload
* Cisco Discovery Protocol Remote Code Execution
* Unauthorized Servlet Access
* Java RMI Denial of Service
* Real-Time Transport Control Protocol Denial of Service
* XML-Remote Procedure Call (RPC) Denial of Service
002 __1st_addr = (ntohl(address)&netmask)+1;
003 hostid = (1 << (32 - bits)) - 2;
[...]
3. ELEVEN NEW Protocols: ELEVEN (11) more protocols supported by T50:
1. IGMPv3: Internet Group Message Protocol v3
2. EGP: Exterior Gateway Protocol
3. RIPv1: Routing Information Protocol v1
4. RIPv2: Routing Information Protocol v2
5. DCCP: Datagram Congestion Control Protocol
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Firewall Services Module Crafted Protocol Independent Multicast
Message Denial of Service Vulnerability
Advisory ID: cisco-sa-20120314-fwsm
Revision 1.0
Folks,
Our document "Recommendations for Transport-Protocol Port
Randomization" has finally been published as RFC 6056.
Its abstract is:
---- cut here ----
During the last few years, awareness has been raised about a number
of "blind" attacks that can be performed against the Transmission
Control Protocol (TCP) and similar protocols. The consequences of
This is a writeup about a flaw that I found recently, and that
existed in multiple implementations of SMTP (Simple Mail Transfer
Protocol) over TLS (Transport Layer Security) including my Postfix
open source mailserver. I give an overview of the problem and its
impact, how to find out if a server is affected, fixes, and draw
lessons about where we can expect similar problems. A time line
is at the end.
For further reading:
http://www.kb.cert.org/vuls/id/555316
Cisco ASA 5500 Series Adaptive Security Appliances are affected by the
following vulnerabilities:
* TCP Connection Exhaustion Denial of Service Vulnerability
* Session Initiation Protocol (SIP) Inspection Denial of Service
Vulnerabilities
* Skinny Client Control Protocol (SCCP) Inspection Denial of
Service Vulnerability
* WebVPN Datagram Transport Layer Security (DTLS) Denial of Service
Vulnerability
Hey just wanted to say that my default installation of Windows 7 doesnt seem vulnerable~no hcp protocol handler. Just thought some people would like to take note :)
----- Original Message ----
From: Tavis Ormandy <taviso@cmpxchg8b.com>
To: full-disclosure@lists.grok.org.uk
Cc: bugtraq@securityfocus.com
Sent: Wed, June 9, 2010 4:46:21 PM
Subject: Microsoft Windows Help Centre Handles Malformed Escape Sequences Incorrectly
CVE Name: CVE-2007-0063
*Vulnerability Description*
OpenBSD’s DHCP server, dhcpd, implements the Dynamic Host Configuration
Protocol (DHCP) [1] and the Internet Bootstrap Protocol (BOOTP) [2]. DHCP
allows hosts on a TCP/IP network to request and be assigned IP addresses,
and also to discover information about the network to which they are
attached. BOOTP provides similar functionality, with certain restrictions.
The DHCP protocol allows a host which is unknown to the network
Two crafted packet vulnerabilities exist in the Cisco PIX 500 Series
Security Appliance (PIX) and the Cisco 5500 Series Adaptive Security
Appliance (ASA) that may result in a reload of the device. These
vulnerabilities are triggered during processing of Media Gateway
Control Protocol (MGCP) packets, or during processing of Transport
Layer Security (TLS) traffic that terminates on the PIX or ASA security
appliance.
Note: These vulnerabilities are independent of each other; a device may
be affected by one and not by the other.
T50 Sukhoi PAK FA Mixed Packet Injector (f.k.a. F22 Raptor) is a tool
designed to perform "Stress Testing". It is a powerful and an unique packet
injection tool, that is capable of:
1. Send sequentially (i.e., ALMOST on the same time) the following
protocols:
- ICMP: Internet Control Message Protocol
- IGMP: Internet Group Management Protocol
- TCP: Transmission Control Protocol
- UDP: User Datagram Protocol
Microsoft Windows Help Centre Handles Malformed Escape Sequences Incorrectly
----------------------------------------------------------------------------
Help and Support Centre is the default application provided to access online
documentation for Microsoft Windows. Microsoft supports accessing help documents
directly via URLs by installing a protocol handler for the scheme "hcp",
a typical example is provided in the Windows XP Command Line Reference,
available at http://technet.microsoft.com/en-us/library/bb490918.aspx.
Using hcp:// URLs is intended to be safe, as when invoked via the registered
protocol handler the command line parameter /fromhcp is passed to the help
> Microsoft Windows Help Centre Handles Malformed Escape Sequences Incorrectly
> ----------------------------------------------------------------------------
>
> Help and Support Centre is the default application provided to access online
> documentation for Microsoft Windows. Microsoft supports accessing help documents
> directly via URLs by installing a protocol handler for the scheme "hcp",
> a typical example is provided in the Windows XP Command Line Reference,
> available at http://technet.microsoft.com/en-us/library/bb490918.aspx.
>
> Using hcp:// URLs is intended to be safe, as when invoked via the registered
> protocol handler the command line parameter /fromhcp is passed to the help
systems with a rose device, local users can cause a denial of service
(kernel memory corruption).
CVE-2010-3432
Thomas Dreibholz discovered an issue in the SCTP protocol that permits a
remote user to cause a denial of service (kernel panic).
CVE-2010-3437
Dan Rosenberg discovered an issue in the pktcdvd driver. Local users with
Summary
=======
The Cisco IOS Software network address translation (NAT) feature
contains multiple denial of service (DoS) vulnerabilities in the
translation of the following protocols:
* NetMeeting Directory (Lightweight Directory Access Protocol,
LDAP)
* Session Initiation Protocol (Multiple vulnerabilities)
* H.323 protocol
Certain Cisco Catalyst 6500 Series and Cisco 7600 Router devices that
run branches of Cisco IOS based on 12.2 can be vulnerable to a denial
of service vulnerability that can prevent any traffic from entering
an affected interface. For a device to be vulnerable, it must be
configured for Open Shortest Path First (OSPF) Sham-Link and Multi
Protocol Label Switching (MPLS) Virtual Private Networking (VPN).
This vulnerability only affects Cisco Catalyst 6500 Series or
Catalyst 7600 Series devices with the Supervisor Engine 32 (Sup32),
Supervisor Engine 720 (Sup720) or Route Switch Processor 720 (RSP720)
modules. The Supervisor 32, Supervisor 720, Supervisor 720-3B,
Supervisor 720-3BXL, Route Switch Processor 720, Route Switch
Multiple vulnerabilities exist in the Cisco TelePresence Manager.
This security advisory outlines the details of the following
vulnerabilities:
* Simple Object Access Protocol (SOAP) Authentication Bypass
* Java Remote Method Invocation (RMI) Command Injection
* Cisco Discovery Protocol Remote Code Execution
Duplicate Issue Identification in Other Cisco TelePresence Advisories
+--------------------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Cisco IOS Software Session Initiation
Protocol Denial of Service Vulnerabilities
Advisory ID: cisco-sa-20100324-sip
Revision 1.0
Hello Bugtraq!
I want to warn you about Denial of Service vulnerabilities in Firefox,
Internet Explorer, Chrome and Opera. Which belong to type of DoS via
protocol handlers. Earlier I already wrote about DoS vulnerabilities in
Firefox, Internet Explorer, Chrome and Opera and DoS attacks on email
clients via protocol handlers. This new advisory will show you the situation
of browsers behavior with other protocol handlers.
All those who doubt that these DoS vulnerabilities in browsers and email
Hello Bugtraq!
I want to warn you about security vulnerabilities in email clients,
particularly in Outlook Express and Outlook. This advisory is concerned with
my series of advisories about vulnerabilities in browsers, which belong to
group of DoS via protocol handlers.
All those who doubt that these DoS vulnerabilities in browsers and email
clients are security vulnerabilities, must read my first advisory on this
topic (http://www.securityfocus.com/archive/1/511327/30/0/threaded). Where I
mentioned about Mozilla's MFSA 2010-23
The Cisco Network Building Mediator is a platform that transforms the
way buildings are designed, operated, and experienced.
Cisco Network Building Mediator collects data from sources that
include the building, IT, energy supply, and energy demand systems,
which use different protocols that are otherwise unable to
communicate with one another. The Cisco Network Building Mediator
normalizes the data into a common data representation. This ability
enables the Cisco Network Building Mediator to perform any-to-any
protocol translation and to provide information to the end user in a
uniform presentation.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Cisco IOS Software Layer 2 Tunneling
Protocol (L2TP) Denial of Service Vulnerability
Advisory ID: cisco-sa-20080924-l2tp
http://www.cisco.com/warp/public/707/cisco-sa-20080924-l2tp.shtml
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Cisco IOS Software Internet Group Management
Protocol Denial of Service Vulnerability
Advisory ID: cisco-sa-20100922-igmp
http://www.cisco.com/warp/public/707/cisco-sa-20100922-igmp.shtml
multiple vulnerabilities as follows:
* Three SunRPC Inspection Denial of Service Vulnerabilities
* Three Transport Layer Security (TLS) Denial of Service
Vulnerabilities
* Session Initiation Protocol (SIP) Inspection Denial of Service
Vulnerability
* Crafted Internet Key Exchange (IKE) Message Denial of Service
Vulnerability
These vulnerabilities are not interdependent; a release that is
* Unauthenticated Common Gateway Interface (CGI) Access
* CGI Command Injection
* TFTP Information Disclosure
* Malicious IP Address Injection
* XML-Remote Procedure Call (RPC) Command Injection
* Cisco Discovery Protocol Remote Code Execution
Duplicate Issue Identification in Other Cisco TelePresence Advisories
+--------------------------------------------------------------------
The Cisco Discovery Protocol Remote Code Execution vulnerability
Next Page>>
|
