Next Page >>
provides
Note: The following products contain the Broadcom Integrated NIC firmware
HP Small Form Factor or Microtower PC with Broadcom Integrated NIC
Broadcom Integrated NIC Management Firmware versions impacted
Broadcom Integrated NIC Management Firmware version provided in sp47557.
Apply this version or a subsequent version to resolve the vulnerability
HP Compaq 6005 Pro Microtower PC
Versions impacted - v1.24.0.9 and earlier
Version provided in sp47557 - v1.40.0.0
Mode (not default setting for Outlook 2003 and 2007).
======================================================================
5) Solution
Apply patches provided by MS10-064.
======================================================================
6) Time Table
24/02/2009 - Vendor notified.
Credit: Zack Fasel and Matthew Jakubowski of Trustwave's SpiderLabs
Finding 1: Static Credentials
CVE: CVE-2011-0885
All SMCD3G-CCR gateways provided by Comcast have an administrative
login of "mso" with the password of "D0nt4g3tme". These passwords
are not provided as a part of the installation of the device and are
not recommended to be changed, thus the majority of users are unaware
of the default configuration.
A crafted stream of TCP traffic to the control cards on a node will
result in a reset of the corresponding control cards on this node. A
complete 3-way handshake is required on any open TCP port to be able
to exploit this vulnerability.
The timing for the data channels traversing the switch is provided by
the control cards.
When an active and a standby Cisco ONS 15310-MA, ONS 15310-CL, ONS
15327, ONS 15454 or ONS 15454 SDH control card reloads at the same
time, the synchronous data channels traversing the switch drop
the advisory has already passed without any communication from IBM
regarding the issue, let alone any concrete plans to fix the bug. The
publication date for Core's security advisory has been re-scheduled for
October 30th, 2007. The date remains flexible on the basis of receiving
concrete and specific details about availability of fixes by Wednesday,
October 24th. An up to date copy of the security advisory provided for
comments and suggested workarounds.
2007-10-23: Email from Lotus Notes Security indicating that a ticket had
been opened with Autonomy and that since this is a client-side issue the
fix would be provided in one of the future maintenance releases of the
Lotus Notes client. Ongoing work with Autonomy needs to continue before
The system banner confirms that the device is running Cisco IOS
Software by displaying text similar to "Cisco Internetwork Operating
System Software" or "Cisco IOS Software." The image name displays in
parentheses, followed by "Version" and the Cisco IOS Software Release
name. Other Cisco devices do not have the "show version" command or may
provide different output.
The following example identifies a Cisco product that is running
Cisco IOS Software Release 15.1(2)T with an installed image name of
C2800NM-ENTSERVICES-M:
======================================================================
5) Time Table
28/08/2007 - Vendor notified.
28/08/2007 - Vendor response.
26/09/2007 - Additional information provided and status update
requested.
26/09/2007 - Vendor informs that status update will be provided soon.
10/10/2007 - Vendor provides status update.
23/11/2007 - Status update requested.
24/11/2007 - Vendor provides status update.
Thanks to the Samba developers, TippingPoint, and iDefense for
identifying and reporting these issues.
Note: These issues only affect the service console network, and are
not remote vulnerabilities for ESX Server hosts that have been set
up with the security best practices provided by VMware.
http://www.vmware.com/resources/techresources/726
ESX
---
VMware ESX 3.0.1 Download Patch Bundle ESX-1001213
confirms that the device is running Cisco IOS Software by displaying
text similar to "Cisco Internetwork Operating System Software" or
"Cisco IOS Software." The image name displays in parentheses,
followed by "Version" and the Cisco IOS Software release name. Other
Cisco devices do not have the show version command or may provide
different output.
The following example identifies a Cisco product that is running
Cisco IOS Software Release 12.4(20)T with an installed image name of
C2800NM-ADVSECURITYK9-M:
Successful exploitation allows execution of arbitrary code.
======================================================================
5) Solution
Apply patches provided by MS10-105.
======================================================================
6) Time Table
27/07/2009 - Vendor notified.
arbitrary code.
======================================================================
5) Solution
Apply patches provided by MS10-105.
======================================================================
6) Time Table
27/07/2009 - Vendor notified.
it to persist after the installation. An attacker who is aware of
this vulnerability could authenticate with administrative privileges
and arbitrarily change the configuration of Cisco Network Registrar.
The upgrade to Software Release 7.2 is not free; however, a
workaround is provided in this document that will prevent
exploitation of the vulnerability.
When performing an upgrade to Software Release 7.2, you must use the
workaround to change the password of the administrative account. You
will be prompted to enter a new administrator's password only if you
+------------------
Cisco IOS devices running vulnerable versions of Cisco IOS Software
are affected by two vulnerabilities in Cisco IOS IPS and Cisco IOS
Zone-Based Firewall. The two vulnerabilities are independent of each
other. Details to confirm affected configurations are provided below.
* Memory leak in Cisco IOS Software
A device that is configured for either Cisco IOS IPS or Cisco IOS
Zone-Based Firewall (or both), may experience a memory leak under
loaded and the appropriate way to render it. The algorithm followed for
this purpose is described in Microsoft's Knowledgebase article titled
MIME Type Detection in Internet Explorer [4] and implemented in the
function 'FindMimeFromData' in 'URLMON.DLL'[5].
In the following section, proof of concept code is provided to
demonstrate the problem using the local storage used by Internet
Explorer to store the user's browsing history to deliver HTML with
scripting code and force IE to render it. This analysis is valid for any
Windows NT based operating system but should be slightly modified to run
under Windows Vista. It takes advantage of the following features:
Details
=======
ANM is a network management application that manages Cisco ACE modules
or appliances. ANM is installed on customer provided servers with a Red
Hat Enterprise Linux operating system. The ACE Device Manager provides
a browser-based interface for configuring and managing a single ACE
appliance. The ACE Device Manager resides in flash memory on the ACE
appliance. Multiple vulnerabilities exist in ANM and one in the ACE
Device Manager products. The following details are provided for each
=======
An ActiveX control (atucfobj.dll) that is used by the Cisco WebEx
Meeting Manager contains a buffer overflow vulnerability that may
result in a denial of service or remote code execution. The WebEx
Meeting Manager is a client-side program that is provided by the
Cisco WebEx meeting service. The Cisco WebEx meeting service
automatically downloads, installs, and configures Meeting Manager the
first time a user begins or joins a meeting.
When users connect to the WebEx meeting service, the WebEx Meeting
systems.
Besides the recommendation of a secure network architecture with strict
network access control measures, OS hardening and other sound system
administration practices a specific workaround for the vulnerability
reported in this advisory is provided below.
The vulnerability is located in the ODBC server service, vulnerable
organizations that do not require ODBC connectivity may disable the
service with no adverse effects to the CitectSCADA software.
Installations that require ODBC connectivity to SQL databases,
Vulnerability Scoring Details
=============================
Cisco has provided scores for the vulnerabilities in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
Version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
might be exploited via a web browser. The attacker should entice
the unaware victim to open a specially crafted link.
More verbose information has been provided directly to Gadu-Gadu.
5. Gadu-Gadu Remote Unspecified User Addition Vulnerability
========================================================
Vendor estimated date for a code fix is Q3 2010.
Remediation Steps:
The following recommendations were provided by the vendor.
1. Hide NFS exports and show it only based on the configured access. Setting
forceFullShowmount param to 0 (default is 1) will hide the "/" from the list
since only Control Station have access to it for administration purpose:
been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2010-2817.
Vulnerability Scoring Details
=============================
Cisco has provided scores for the vulnerabilities in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
an Office document).
======================================================================
5) Solution
Apply patches provided by MS10-105.
======================================================================
6) Time Table
09/07/2009 - Vendor notified.
Successful exploitation may allow execution of arbitrary code.
======================================================================
5) Solution
Apply patches provided by MS10-105.
======================================================================
6) Time Table
14/07/2009 - Vendor notified.
been assigned CVE identifier CVE-2011-2585.
Vulnerability Scoring Details
=============================
Cisco has provided scores for the vulnerabilities in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
Users can manually verify the installed version of the WRF player
to determine whether it is affected by these vulnerabilities. To
do so, an administrator must examine the version numbers of the
installed files and determine whether the version of the file
contains the fixed code. Detailed instructions on how to verify
the version numbers are provided in the following sections.
The following tables provide the first nonvulnerable version of
each object.
Microsoft Windows
confirms that the device is running Cisco IOS Software by displaying
text similar to "Cisco Internetwork Operating System Software" or
"Cisco IOS Software." The image name displays in parentheses,
followed by "Version" and the Cisco IOS Software release name. Other
Cisco devices do not have the "show version" command or may provide
different output.
The following example identifies a Cisco product that is running
Cisco IOS Software Release 12.3(26) with an installed image name of
C2500-IS-L:
assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2010-0568.
Vulnerability Scoring Details
=============================
Cisco has provided scores for the vulnerabilities in this advisory based
on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in
this Security Advisory is done in accordance with CVSS version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
arbitary file extension at. E.g .tx, .tm]
3. Chrome:
http://securethoughts.com/security/rssatomxss/googlechromexss.atom.tx [Any
arbitary file extension at. E.g .tx, .tm]
3. Exploit Scenario 3 –
1. Details and PoC will be released after patch is provided by
Opera Security Team in next minor release.
For research purposes, you can try out the PoCs on these virtualized (and
vulnerable) versions of various browsers, without installing any bits on
your computer [5].
6) Time Table
15/08/2008 - Vendor notified.
15/08/2008 - Vendor response.
21/08/2008 - Vendor provides status update.
04/09/2008 - Additional information provided to the vendor.
04/09/2008 - Vendor response.
17/09/2008 - Additional information provided to the vendor.
26/09/2008 - Additional information provided to the vendor.
26/09/2008 - Vendor response.
16/01/2009 - Vendor provides status update.
confirms that the device is running Cisco IOS Software by displaying
text similar to "Cisco Internetwork Operating System Software" or
"Cisco IOS Software." The image name displays in parentheses,
followed by "Version" and the Cisco IOS Software release name. Other
Cisco devices do not have the show version command or may provide
different output.
The following example identifies a Cisco product that is running
Cisco IOS Software Release 12.3(26) with an installed image name of
C2500-IS-L:
Next Page>>
|
