Next Page >>
running
inadvertently increasing their risk due to a bug that makes standard
Windows anti-exploitation mechanisms ineffective.
A vulnerability found in the memory management of the Virtual Machine
Monitor makes memory pages mapped above the 2GB available with read or
read/write access to user-space programs running in a Guest operating
system. By leveraging this vulnerability it is possible to bypass
security mechanisms of the operating system such as Data Execution
Prevention (DEP) [1], Safe Structured Error Handling (SafeSEH) [2] and
Address Space Layout Randomization (ASLR) [3] designed to prevent
exploitation of security bugs in applications running on Windows
Cisco ASA and Cisco PIX devices are affected by a crafted TCP
acknowledgment (ACK) packet vulnerability. Software versions prior to
7.1(2)70 on the 7.1.x release, 7.2(4) on the 7.2.x release, and 8.0
(3)10 on the 8.0.x release are affected. Cisco ASA or Cisco PIX
security appliances running software version 7.0.x, or 8.1.x are not
vulnerable.
Cisco ASA and Cisco PIX devices running versions 7.1.x and 7.2.x with
WebVPN, SSL VPN, or ASDM enabled are affected by this vulnerability.
Devices running software versions on the 8.0 release that are
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01506861
Version: 3
HPSBUX02351 SSRT080058 rev.3 - HP-UX Running BIND, Remote DNS Cache Poisoning
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2008-07-16
Last Updated: 2008-08-06
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01506861
Version: 4
HPSBUX02351 SSRT080058 rev.4 - HP-UX Running BIND, Remote DNS Cache Poisoning
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2008-07-16
Last Updated: 2008-08-08
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01506861
Version: 5
HPSBUX02351 SSRT080058 rev.5 - HP-UX Running BIND, Remote DNS Cache Poisoning
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2008-07-16
Last Updated: 2010-10-12
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01506861
Version: 6
HPSBUX02351 SSRT080058 rev.6 - HP-UX Running BIND, Remote DNS Cache Poisoning
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2008-07-16
Last Updated: 2010-12-15
+---------------------------------------------------------------------
Summary
=======
Cisco 9000 Series Aggregation Services Routers (ASR) running Cisco
IOS XR Software version 4.1.0 contain a vulnerability that may cause
a network processor in a line card to lock up while processing an IP
version 4 (IPv4) packet. As a consequence of the network processor
lockup, the line card that is processing the offending packet will
automatically reload.
Title: HTC / Windows Mobile OBEX FTP Service Directory Traversal
Author: Alberto Moreno Tablado
Vendor: HTC
Vulnerable Products:
- HTC devices running Windows Mobile 6
- HTC devices running Windows Mobile 6.1
Non vulnerable products:
- HTC devices running Windows Mobile 5.0
- Other vendors’ Windows Mobile devices
References: http://www.seguridadmobile.com/windows-mobile/windows-mobile-security/HTC-Windows-Mobile-OBEX-FTP-Service-Directory-Traversal.html
CVE-2009-2721, CVE-2009-2722, CVE-2009-2723, CVE-2009-2724.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter 4.0 Windows Update 1
VirtualCenter 2.5 Windows affected, patch pending
VirtualCenter 2.0.2 Windows affected, patch pending
A heap-based buffer overflow flaw was found in the way newt
processes content that is to be displayed in a text dialog box.
A local attacker could issue a specially-crafted text dialog box
display request (direct or via a custom application), leading to a
denial of service (application crash) or, potentially, arbitrary
code execution with the privileges of the user running the
application using the newt library.
The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the name CVE-2009-2905 to this issue.
The following sections provide details on the versions of Cisco ASA
that are affected by each vulnerability.
The show version command-line interface (CLI) command can be used to
determine if a vulnerable version of the Cisco PIX or Cisco ASA
software is running. The following example shows a Cisco ASA device
that runs software release 8.0(2):
ASA# show version
Cisco Adaptive Security Appliance Software Version 8.0(2)
* http://www.cisco.com/warp/public/707/cisco-sa-20080924-iosfw.shtml
Affected Products
=================
All devices running affected versions of 12.2 or 12.4 Cisco IOS
system software and that have a vulnerable configuration are affected
by this vulnerability.
Vulnerable Products
+------------------
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01506861
Version: 2
HPSBUX02351 SSRT080058 rev.2 - HP-UX Running BIND, Remote DNS Cache Poisoning
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2008-07-16
Last Updated: 2008-07-19
An input validation error is present in the Windows-based VMware
HGFS.sys driver. Exploitation of this flaw might result in
arbitrary code execution on the guest system by an unprivileged
guest user. It doesn't matter on what host the Windows guest OS
is running, as this is a guest driver vulnerability and not a
vulnerability on the host.
The HGFS.sys driver is present in the guest operating system if the
VMware Tools package is loaded. Even if the host has HGFS disabled
and has no shared folders, Windows-based guests may be affected. This
transitive attribute. On receipt of this prefix, the Cisco IOS XR
device will corrupt the attribute before sending it to the
neighboring devices. Neighboring devices that receive this corrupted
update may reset the BGP peering session.
Affected devices running Cisco IOS XR Software corrupt the
unrecognized attribute before sending to neighboring devices, but
neighboring devices may be running operating systems other than Cisco
IOS XR Software and may still reset the BGP peering session after
receiving the corrupted update. This is per standards defining the
operation of BGP.
specific information on vulnerable versions.
Syslog Message Memory Corruption Denial of Service Vulnerability
+---------------------------------------------------------------
Devices running vulnerable versions of Cisco FWSM Software are
affected by this vulnerability if the following conditions are
satisfied:
* The device has interfaces with IPv6 addresses
* System logging is enabled (command logging enable)
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep09.html
Affected Products
=================
This vulnerability only affects devices running Cisco IOS Software
with SIP voice services enabled.
Vulnerable Products
+------------------
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar10.html
Affected Products
=================
These vulnerabilities only affect devices running Cisco IOS Software
with SIP voice services enabled.
Vulnerable Products
+------------------
Summary
=======
The H.323 implementation in Cisco IOS® Software contains a
vulnerability that can be exploited remotely to cause a device that
is running Cisco IOS Software to reload.
Cisco has released free software updates that address this
vulnerability. There are no workarounds to mitigate the vulnerability
apart from disabling H.323 if the device that is running Cisco IOS
Software does not need to run H.323 for VoIP services.
- ---------------------------------------------------------------------
Summary
=======
Devices that are running Cisco IOS Software and configured for Mobile
IP Network Address Translation (NAT) Traversal feature or Mobile IPv6
are vulnerable to a denial of service (DoS) attack that may result in
a blocked interface.
Cisco has released free software updates that address these
topic.
Security vulnerabilities have been reported for ActiveX controls
provided by VMware when run in IE. Under specific circumstances,
exploitation of these ActiveX controls might result in denial-of-
service or can allow running of arbitrary code when the user
browses a malicious Web site or opens a malicious file in IE
browser. An attempt to run unsafe ActiveX controls in IE might
result in pop-up windows warning the user.
Note: IE can be configured to run unsafe ActiveX controls without
Affected Products
=================
Devices that are running certain Cisco IOS versions prior to 12.3
with VPDN enabled may be affected by these vulnerabilities.
Vulnerable Products
+------------------
=================
Vulnerable Products
+------------------
The following Cisco Unified IP Phone devices running Skinny Client
Control Protocol (SCCP) firmware:
* 7906G
* 7911G
* 7935
http://www.cisco.com/warp/public/707/cisco-sa-20100922-cucm.shtml
Affected Products
=================
These vulnerabilities only affect devices running Cisco IOS Software
with SIP voice services enabled.
Vulnerable Products
+------------------
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter 4.1 Windows Update 1
vCenter 4.0 Windows affected, patch pending
VirtualCenter 2.5 Windows affected, no patch planned
Details:
It was discovered that there was a vulnerability in the memory handling of
certain types of content. An attacker could exploit this to possibly run
arbitrary code as the user running Firefox. (CVE-2011-0081)
It was discovered that Firefox incorrectly handled certain JavaScript
requests. An attacker could exploit this to possibly run arbitrary code as
the user running Firefox. (CVE-2011-0069)
Details:
It was discovered that there was a vulnerability in the memory handling of
certain types of content. An attacker could exploit this to possibly run
arbitrary code as the user running Thunderbird. (CVE-2011-0081)
It was discovered that Thunderbird incorrectly handled certain JavaScript
requests. If JavaScript were enabled, an attacker could exploit this to
possibly run arbitrary code as the user running Thunderbird.
(CVE-2011-0069)
Original advisory details:
It was discovered that there was a vulnerability in the memory handling of
certain types of content. An attacker could exploit this to possibly run
arbitrary code as the user running Thunderbird. (CVE-2011-0081)
It was discovered that Thunderbird incorrectly handled certain JavaScript
requests. If JavaScript were enabled, an attacker could exploit this to
possibly run arbitrary code as the user running Thunderbird.
(CVE-2011-0069)
Summary
=======
A malformed Internet Key Exchange (IKE) packet may cause a device
running Cisco IOS Software to reload. Only Cisco 7200 Series and
Cisco 7301 routers running Cisco IOS software with a VPN Acceleration
Module 2+ (VAM2+) installed are affected. Cisco has released free
software updates that address this vulnerability.
This advisory is posted at:
$ vim "`readlink exploit`"
[ Observe the file works like an ordinary tarball would ]
$ ls pwned
pwned
For your convenience, running running ``make demo'' and ``make test'' in the
tarplugin directory will do all the hard work in an interactive, and
non-interactive way, respectively, and tell you whether the exploit has worked.
3.4.2.3.3. Fix
Next Page>>
|
